1. Introduction and General Terms
The controller within the meaning of the General Data Protection Regulation is:
Sedus Stoll Aktiengesellschaft
Tel.: +49 7751 84 - 0
Fax: +49 7751 84 - 310
You will find all the information here: https://www.sedus.com/en/common/publication-details
The legislator understands personal data processing to mean activities such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
Personal data is all information relating to an identified or identifiable natural person.
3.1 Collection and processing of data during your visits to our website
When you visit our website, the web server always saves the IP address assigned to you by your internet service provider, the website from which you came, the web pages on our site that you visit, the amount of data transferred, the identification of your web browser, the time of your visit and other information about your access devices in server log files automatically sent to us by your browser. This data is stored in a server log exclusively for statistical purposes, e.g. to improve the website and its contents, including security.
3.2 Collection and processing of data during your visit to Sedus PartnerNET
When you access or log into the PartnerNET portal or set up an account using the registration system, we receive personal data and official contact details from you under certain circumstances. This may be your name, email address, postal address, country, phone number, fax number or customer number, as well as data that we have collected through your use of Sedus services. Your personal data is collected to allow you to use our PartnerNET portal. We check your data and activate your account.
Registered and logged-in users receive access to Online-Basket. Online-Basket is an interactive tool that enables our commercial customers to freely configure, offer and order items of office furniture from Sedus for their end customers. In this regard, your customers’ personal data (e.g. name, address, email address) is collected insofar as it is necessary for the ordering process. In Online-Basket, the specified customer data is only stored temporarily, i.e. only for the duration of the session, and is deleted once you log out of the portal.
3.4. “Knowledge Sharing” (Sedus online book shop)
(only available in select countries)
3.5 Sedus online shop
(Only available in selected countries)
We have installed individual online shops for specific customers.
3.6. Newsletter subscription
Sedus offers a newsletter on its various websites, which provides information about current events and offers. To subscribe to the newsletter, you will need to enter a valid email address and confirm the link sent to you. You can unsubscribe at any time via a link in the newsletter.
3.7. Online chat
On our website www.sedus-outlet.com, we offer you an online chat, through which you can get in touch with Sedus.
3.8. Augmented Reality App (Sedus AR App)
Our Augmented Reality App can be downloaded and installed from various app stores.The app enables you to visualise a reality, enhanced by computer-generated information, in which the real world and the virtual world mix.Information and graphics about the real world being viewed are displayed in real time.
4. What situations does Sedus contact you in?
Sedus may contact you:
- in connection with service and support for which you have registered in order to be sure that Sedus can provide you with the services;
- in connection with any correspondence or any comments or complaints we have received from you concerning Sedus products and services;
- in connection with personalised services you use;
- in order to invite you to participate in surveys on Sedus services (participation is always voluntary);
- for marketing purposes, i.e. newsletter and posting services, if you have already explicitly gave your consent to this effect.
5. What purposes do we process your personal data for – and what is the legal basis for this?
We process your data so that we can prepare and fulfil the contracts we conclude with you. This also applies to information you make available to us in the context of pre-contractual correspondence. The specific purposes of data processing depend on the respective product and the request made, and can also be used to analyse your needs and check what products and services are suitable for you. Your data is also disclosed within the Sedus corporate group and to external assembly service providers and forwarding agents to fulfil the contractual obligation.
Goods and service providers
We also need your personal data so that we can check whether and what products and services we are able and allowed to offer you.
Details about the respective purposes of data processing can be found in the contractual documents and in our General Terms and Conditions.
Implementation of the application process
We process your data that you have sent us in the context of your application to check whether your specialist qualifications are suitable for the job advertised. We only use your information for the application process and transfer it to your personal file when a contract is concluded. If an agreement is not reached, your information will be deleted or destroyed after six months. We will not use your applicant information for any purposes other than implementation of the application process unless you have consented to further use of your data (e.g. inclusion in the applicant pool).
If you are under the age of 13, you need to ask a parent or legal guardian for permission before using our recruitment portal. If you think that we may be in unauthorised possession of personal data from a child under the age of 13, please contact us at sedus(a)sedus.com.
Following balancing of interests:
We improve our services and offer you suitable products.
As regards online chats, we process your data due to our legitimate interest in offering you our service in the best possible way, to be able to respond directly to your questions, to schedule dates and to inform you about current events and offers. In addition, we support you in finding retailers and in selecting products. For this purpose, we process your name, contact data and the entire conversation including the data disclosed by you.
To strengthen and optimise the customer relationship
In the context of our efforts to continuously optimise our relationship with you, we occasionally request that you take part in our customer surveys. The results of the surveys are used to adapt our products and services so that they meet your needs even better. The results of these surveys are used without any references to you.
Data processing and analysis for marketing purposes
Your needs are important to us and we try to provide you with information about products and services that is specifically suitable to you. We use the results from our joint business relationship and from market research for this purpose. The main objective in this regard is to adjust our product proposals to your needs. In this respect, we guarantee that we always process data in accordance with applicable data protection law. Please note that you can object to your personal data being used for this purpose at any time.
What do we specifically analyse and process?
- Results of our marketing campaigns to measure the efficiency and relevance of our campaigns;
- Information from your visits to our website;
- The possible need for our products and services.
You have the option of subscribing to our newsletter via our website. To send it, all we need is your email address, country and language. Any other information you provide is voluntary. You will only be sent our newsletter once you have successfully completed a double opt-in procedure. You have the right at any time to view your declaration of consent or to unsubscribe from the newsletter. Each letter that accompanies our newsletter contains corresponding links. If you unsubscribe from our newsletter, we will immediately block your contact details in our newsletter distribution list.
The legislator makes specific requirements regarding the effectiveness of electronic consent, such as that used to subscribe to the newsletter. This also includes logging your declaration of consent. We therefore log the date and time of your consent, the text of the declaration of consent, whether the checkbox was checked, your email address and any other voluntary information you provide. We also log the date and time you clicked on the confirmation link and the link in the confirmation email. We only collect this information to meet the legal obligations.
Based on your consent
If you have consented to processing of your personal data for one or more substantiated purposes, we may permissibly process your data. You can revoke this consent at any time with effect for the future without incurring anything other than the transmission costs at the basic rates (the costs of your internet connection). However, revocation of consent does not affect the lawfulness of the processing activities carried out until such time that you object.
Based on legal specifications or in the public interest
As a company, we are subject to a wide range of legal requirements (resulting from tax legislation, for example). We process your personal data to meet our legal obligations.
Sedus occasionally uses third-party providers to process your personal data – for instance, to conduct certain analyses (cf. Section 7, “Technologies”) or to rent storage space or server capacities for our web hosting and/or application. Sedus undertakes to ensure that these third-party providers and all data processors engaged strictly adhere to our instructions. Sedus maintains relevant agreements on the commissioned data processing operations with all providers as per Article 28 of the GDPR. When processing personal data outside of the EU/EEA, we ensure an adequate level of data protection in the third country that is appropriate for European data protection by entering into a contractual agreement based on the EU standard contractual clauses.
Augmented Reality App
When you use our Augmented Reality App, we process your data based on your consent which you give when you install the app. This applies in particular to the access to the camera. We use the data within the app to provide you with an AR experience and ensure functionality on your device. The pictures and data remain exclusively on your device.
For processing via online payment service providers
We have integrated components of the payment service provider PayPal on our online shop web page. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal offers the possibility to process virtual payments via credit cards if a user does not have a PayPal account. If the user selects “PayPal” as payment option in our online shop during the ordering process, the user’s data is automatically transmitted to PayPal. By selecting this payment option, the person concerned consents to the transfer of personal data required for payment processing. PayPal processes the data on its own responsibility.
We have also integrated components of the payment service provider Stripe on our online shop web page. If you choose a payment method offered by the payment service provider Stripe, we will, as part of the payment process, pass on your information provided during the ordering process together with the information about your order (name, address, account number, bank code, credit card number (if applicable), invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. Your data will only be passed on for the purpose of payment and order processing.
6. Browser cookies
A "cookie" – also commonly known as a “web cookie” or “browser cookie” – is a small-volume file that contains a unique ID and is sent to and automatically stored on your computer, tablet or mobile phone if you visit a website. Each website can send its own cookie to your web browser if your settings allow this. Most modern browsers support cookies, but give the user the option of deactivating them. You can specify that your browser should reject all cookies or display a message if a cookie is sent. However, some of the functions or services on our sites will not be fully operational without cookies.
There are different kinds of cookies.
Session cookies: A user’s session cookies for a website exist only in the RAM and only while the user is on the website. If an expiry date or validity period is not specified when the cookie is created, only a session cookie is produced. Web browsers normally delete session cookies when the user closes the browser.
Persistent cookies: Persistent cookies exist beyond the duration of the session. If a maximum age of one year was specified for a persistent cookie, for example, within this year the initial value specified in this cookie is always sent to the server if the user visits this server. This enables recording of how the user originally came to visit the website. This is why persistent cookies are also known as tracking cookies.
We may use third-party cookies to determine user trends and patterns using third-party web statistics providers. Third-party cookies are cookies that belong to domains other than the one shown in the browser’s address bar. Web pages may contain contents from third-party domains (e.g. banner advertising). This enables us to track the user’s browsing history. Data collected by third-party cookies is processed by the respective providers on behalf of Sedus as the data controller. The third-party cookies on the Sedus website are exclusively used by Sedus websites and web statistics providers and are not disclosed to third parties. Most modern browsers’ data privacy settings enable blocking of third-party tracking cookies (see Section 9 regarding this matter).
The collected data is only analysed for statistical purposes and in anonymised form. Google Analytics truncates IP addresses before transmission for this purpose. We would like to inform you that the website uses the “gat._anonymizeIp();” Google extension. It guarantees that IP addresses are collected anonymously (IP anonymisation). Google does not combine your truncated IP address with other Google data.
You can object to any further tracking analysis at any time. You can also prevent the collection of the data on your use of the web-site by the cookie (including your IP address) as well as its evaluation by Google by downloading and installing the browser plug-in available from the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB. If you use more than one terminal or browser you must perform the opt-out for every terminal and every browser.
8. Social plug-ins
Our website uses what are known as social plugins (“plugins”) of social networking sites such as Facebook, LinkedIn, etc. If you access the Sedus website using a plugin such as this, your browser establishes a connection to the underlying social networking site’s server and downloads and shows you the visual representation of the plugin. During this process, the social networking site receives information relating to your visit to our website and other data such as your IP address.
All plugins are indicated with the brand of their respective operator: Facebook, Google, Twitter, Xing and LinkedIn (“operator”). To increase data protection and comply with applicable data protection legislation, Sedus has implemented the plugins using what is known as a two-click solution. This implementation guarantees that, when you visit our website, your browser does not establish a direct connection with the operators’ servers. Only if you activate the plugins by clicking on them and thereby consent to data transmission does your browser establish a direct connection to the respective operator’s server. The content of the plugin is thus transmitted directly to your browser by the operators and embedded in this website.
By embedding the plugin, the respective operator is informed that your browser has accessed our website. If you are logged into your account while visiting the website, the respective operator can link the visit directly to your account. If you interact with the plugin by clicking on the “Facebook Like button” or the “LinkedIn Share button”, for example, the corresponding information will be transmitted by your browser directly to the operator and saved by the latter. The information is also published in the relevant social network and may be displayed to your contacts. If you do not want such data to be transmitted to the operators, you must log out of your respective account before clicking on and activating the plugin.
You will find more information about the purpose and scope of the collection, processing and use of such data in the operators’ privacy policie
- Facebook: www.facebook.com/about/privacy/
- Google (analytics, maps, ...): developers.google.com/+/web/buttons-policy
- XING AG: www.xing.com/app/share
- LinkedIn: www.linkedin.com/legal/privacy-policy
- Commerce Connector: www.commerce-connector.com/web/en/privacy-policy/
- Woocommerce: docs.woocommerce.com/document/woocommerce-cookies/
- WordPress: codex.wordpress.org/WordPress_Cookies
- Intagram: https://help.instagram.com/519522125107875
- Pinterest: https://policy.pinterest.com/de/privacy-policy
- Paypal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
- Stripe: https://stripe.com/de/privacy#translation
You will find further information in the operators' data privacy policies about the purpose and extent of the collection, processing and use of this data.