1. Introduction and general conditions
The controller within the meaning of the General Data Protection Regulation is:
Sedus Stoll Aktiengesellschaft
Tel.: +49 (7751) 84 - 0
Fax: +49 (7751) 84 - 310
You will find all the information here: http://www.sedus.com/en/meta-footer/publication-details/
The legislator understands personal data processing to mean activities such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
Personal data is all information relating to an identified or identifiable natural person.
3.1 Collection and processing of data during your visits to our website
When you visit our website, the web server always saves the IP address assigned to you by your internet service provider, the website from which you came, the web pages on our site that you visit, the amount of data transferred, the identification of your web browser, the time of your visit and other information about your access devices in server log files automatically sent to us by your browser. This data is stored in a server log exclusively for statistical purposes, e.g. to improve the website and its contents, including security.
3.2 Collection and processing of data during your visit to Sedus PartnerNET
When you access or log into the PartnerNET portal or set up an account using the registration system, we receive personal data and official contact details from you under certain circumstances. This may be your name, email address, postal address, country, phone number, fax number or customer number, as well as data that we have collected through your use of Sedus services. Your personal data is collected to allow you to use our PartnerNET portal. We check your data and activate your account.
Registered and logged-in users receive access to Online-Basket. Online-Basket is an interactive tool that enables our commercial customers to freely configure, offer and order items of office furniture from Sedus for their end customers. In this regard, your customers’ personal data (e.g. name, address, email address) is collected insofar as it is necessary for the ordering process. In Online-Basket, the specified customer data is only stored temporarily, i.e. only for the duration of the session, and is deleted once you log out of the portal.
3.4. “Knowledge Sharing” (Sedus online book shop)
(only available in select countries)
3.5 Sedus online shop
(Only available in selected countries)
3.6. Newsletter subscription
Sedus offers a newsletter on its various websites, which provides information about current events and offers.To subscribe to the newsletter, you will need to enter a valid email address and confirm the link sent to you.You can unsubscribe at any time via a link in the newsletter.
3.7. Online chat
On our website www.sedus-outlet.com, we offer you an online chat, through which you can get in touch with Sedus.
3.8. Augmented Reality App (Sedus AR App)
Our Augmented Reality App can be downloaded and installed from various app stores.The app enables you to visualise a reality, enhanced by computer-generated information, in which the real world and the virtual world mix.Information and graphics about the real world being viewed are displayed in real time.
4. What situations does Sedus contact you in?
Sedus may contact you:
- in connection with service and support for which you have registered in order to be sure that Sedus can provide you with the services;
- in connection with any correspondence or any comments or complaints we have received from you concerning Sedus products and services;
- in connection with personalised services you use;
- in order to invite you to participate in surveys on Sedus services (participation is always voluntary);
- for marketing purposes, i.e. newsletter and posting services, if you have already explicitly gave your consent to this effect.
5. What purposes do we process your personal data for – and what is the legal basis for this?
We process your data so that we can prepare and fulfil the contracts we conclude with you. This also applies to information you make available to us in the context of pre-contractual correspondence. The specific purposes of data processing depend on the respective product and the request made, and can also be used to analyse your needs and check what products and services are suitable for you. Your data is also disclosed within the Sedus corporate group and to external assembly service providers and forwarding agents to fulfil the contractual obligation.
Goods and service providers
We also need your personal data so that we can check whether and what products and services we are able and allowed to offer you.
Details about the respective purposes of data processing can be found in the contractual documents and in our General Terms and Conditions.
Implementation of the application process
We process your data that you have sent us in the context of your application to check whether your specialist qualifications are suitable for the job advertised. We only use your information for the application process and transfer it to your personal file when a contract is concluded. If an agreement is not reached, your information will be deleted or destroyed after six months. We will not use your applicant information for any purposes other than implementation of the application process, unless you have consented to further use of your data (e.g. inclusion in the applicant pool).
If you are under the age of 13, you need to ask a parent or legal guardian for permission before using our recruitment portal. If you think that we may be in unauthorised possession of personal data from a child under the age of 13, please contact us at firstname.lastname@example.org.
Following balancing of interests:
We improve our services and offer you suitable products.
As regards online chats, we process your data due to our legitimate interest in offering you our service in the best possible way, to be able to respond directly to your questions, to schedule dates and to inform you about current events and offers. In addition, we support you in finding retailers and in selecting products.For this purpose, we process your name, contact data and the entire conversation including the data disclosed by you.
To strengthen and optimise the customer relationship
In the context of our efforts to continuously optimise our relationship with you, we occasionally request that you take part in our customer surveys. The results of the surveys are used to adapt our products and services so that they meet your needs even better. The results of these surveys are used without any references to you.
Data processing and analysis for marketing purposes
Your needs are important to us and we try to provide you with information about products and services that is specifically suitable to you. We use the results from our joint business relationship and from market research for this purpose. The main objective in this regard is to adjust our product proposals to your needs. In this respect, we guarantee that we always process data in accordance with applicable data protection law. Please note that you can object to your personal data being used for this purpose at any time.
What do we specifically analyse and process?
- Results of our marketing campaigns to measure the efficiency and relevance of our campaigns;
- Information from your visits to our website;
- The possible need for our products and services.
You have the option of subscribing to our newsletter via our website. To send it, all we need is your email address, country and language. Any other information you provide is voluntary. You will only be sent our newsletter once you have successfully completed a double opt-in procedure. You have the right at any time to view your declaration of consent or to unsubscribe from the newsletter. Each letter that accompanies our newsletter contains corresponding links. If you unsubscribe from our newsletter, we will immediately block your contact details in our newsletter distribution list.
The legislator makes specific requirements regarding the effectiveness of electronic consent, such as that used to subscribe to the newsletter. This also includes logging your declaration of consent. We therefore log the date and time of your consent, the text of the declaration of consent, whether the checkbox was checked, your email address and any other voluntary information you provide. We also log the date and time you clicked on the confirmation link and the link in the confirmation email. We only collect this information to meet the legal obligations.
Based on your consent
When you use our Augmented Reality App, we process your data based on your consent which you give when you install the app.This applies in particular to the access to the camera.We use the data within the app to provide you with an AR experience and ensure functionality on your device.The pictures and data remain exclusively on your device.
Based on your consent
If you have consented to processing of your personal data for one or more substantiated purposes, we may permissibly process your data. You can revoke this consent at any time with effect for the future without incurring anything other than the transmission costs at the basic rates (the costs of your internet connection). However, revocation of consent does not affect the lawfulness of the processing activities carried out until such time that you object.
Based on legal specifications or in the public interest
As a company, we are subject to a wide range of legal requirements (resulting from tax legislation, for example). We process your personal data to meet our legal obligations.
Sedus occasionally uses third-party providers to process your personal data – for instance, to conduct certain analyses (cf. Section 7, “Technologies”) or to rent storage space or server capacities for our web hosting and/or application. Sedus undertakes to ensure that these third-party providers and all data processors engaged strictly adhere to our instructions. Sedus maintains relevant agreements on the commissioned data processing operations with all providers as per Article 28 of the GDPR. When processing personal data outside of the EU/EEA, we ensure an adequate level of data protection in the third country that is appropriate for European data protection by entering into a contractual agreement based on the EU standard contractual clauses.
For processing via online payment service providers
We have integrated components of the payment service provider PayPal on our online shop web page.Payments are processed via so-called PayPal accounts, which are virtual private or business accounts.In addition, PayPal offers the possibility to process virtual payments via credit cards if a user does not have a PayPal account.If the user selects “PayPal” as payment option in our online shop during the ordering process, the user’s data is automatically transmitted to PayPal.By selecting this payment option, the person concerned consents to the transfer of personal data required for payment processing.PayPal processes the data on its own responsibility.
We have also integrated components of the payment service provider Stripe on our online shop web page.If you choose a payment method offered by the payment service provider Stripe, we will, as part of the payment process, pass on your information provided during the ordering process together with the information about your order (name, address, account number, bank code, credit card number (if applicable), invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR.Your data will only be passed on for the purpose of payment and order processing.
6. Browser cookies
A "cookie" – also commonly known as a “web cookie” or “browser cookie” – is a small-volume file that contains a unique ID and is sent to and automatically stored on your computer, tablet or mobile phone if you visit a website. Each website can send its own cookie to your web browser if your settings allow this. Most modern browsers support cookies, but give the user the option of deactivating them. You can specify that your browser should reject all cookies or display a message if a cookie is sent. However, some of the functions or services on our sites will not be fully operational without cookies.
There are different kinds of cookies.
Session cookies: A user’s session cookies for a website exist only in the RAM and only while the user is on the website. If an expiry date or validity period is not specified when the cookie is created, only a session cookie is produced. Web browsers normally delete session cookies when the user closes the browser.
Persistent cookies: Persistent cookies exist beyond the duration of the session. If a maximum age of one year was specified for a persistent cookie, for example, within this year the initial value specified in this cookie is always sent to the server if the user visits this server. This enables recording of how the user originally came to visit the website. This is why persistent cookies are also known as tracking cookies.
We may use third-party cookies to determine user trends and patterns using third-party web statistics providers. Third-party cookies are cookies that belong to domains other than the one shown in the browser’s address bar. Web pages may contain contents from third-party domains (e.g. banner advertising). This enables us to track the user’s browsing history. Data collected by third-party cookies is processed by the respective providers on behalf of Sedus as the data controller. The third-party cookies on the Sedus website are exclusively used by Sedus websites and web statistics providers and are not disclosed to third parties. Most modern browsers’ data privacy settings enable blocking of third-party tracking cookies (see Section 9 regarding this matter).
The collected data is only analysed for statistical purposes and in anonymised form. Google Analytics truncates IP addresses before transmission for this purpose. We would like to inform you that the website uses the “gat._anonymizeIp();” Google extension. It guarantees that IP addresses are collected anonymously (IP anonymisation). Google does not combine your truncated IP address with other Google data.
You can object to any further tracking analysis at any time. You can also prevent the collection of the data on your use of the web-site by the cookie (including your IP address) as well as its evaluation by Google by downloading and installing the browser plug-in available from the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB. If you use more than one terminal or browser you must perform the opt-out for every terminal and every browser.
8. Social plug-ins
Our website uses what are known as social plugins (“plugins”) of social networking sites such as Facebook, LinkedIn, etc. If you access the Sedus website using a plugin such as this, your browser establishes a connection to the underlying social networking site’s server and downloads and shows you the visual representation of the plugin. During this process, the social networking site receives information relating to your visit to our website and other data such as your IP address.
All plugins are indicated with the brand of their respective operator: Facebook, Google, Twitter, Xing and LinkedIn (“operator”). To increase data protection and comply with applicable data protection legislation, Sedus has implemented the plugins using what is known as a two-click solution. This implementation guarantees that, when you visit our website, your browser does not establish a direct connection with the operators’ servers. Only if you activate the plugins by clicking on them and thereby consent to data transmission does your browser establish a direct connection to the respective operator’s server. The content of the plugin is thus transmitted directly to your browser by the operators and embedded in this website.
By embedding the plugin, the respective operator is informed that your browser has accessed our website. If you are logged into your account while visiting the website, the respective operator can link the visit directly to your account. If you interact with the plugin by clicking on the “Facebook Like button” or the “LinkedIn Share button”, for example, the corresponding information will be transmitted by your browser directly to the operator and saved by the latter. The information is also published in the relevant social network and may be displayed to your contacts. If you do not want such data to be transmitted to the operators, you must log out of your respective account before clicking on and activating the plugin.
You will find more information about the purpose and scope of the collection, processing and use of such data in the operators’ privacy policie
- Facebook: www.facebook.com/about/privacy/
- Google (analytics, maps, ...): developers.google.com/+/web/buttons-policy
- XING AG: www.xing.com/app/share
- LinkedIn: www.linkedin.com/legal/privacy-policy
- Commerce Connector: www.commerce-connector.com/web/en/privacy-policy/
- Woocommerce: docs.woocommerce.com/document/woocommerce-cookies/
- WordPress: codex.wordpress.org/WordPress_Cookies
- Intagram: https://help.instagram.com/519522125107875
- Pinterest: https://policy.pinterest.com/de/privacy-policy
- Paypal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
- Stripe: https://stripe.com/de/privacy#translation
You will find further information in the operators' data privacy policies about the purpose and extent of the collection, processing and use of this data.
9. How is my personal data protected?
To adequately protect your personal data, we have taken technical and organisational measures that prevent unauthorised access. Our employees are also obligated to maintain secrecy and respect data protection.
10. Your rights
You are also entitled to certain rights in the context of processing your personal data. More precise details can be found in the relevant provisions set forth in the General Data Protection Regulation (specifically in Articles 15 to 21).
10.1 RIGHT OF ACCESS AND RECTIFICATION
You have the right to receive information from us about what personal data we process about you. If this information is not (or is no longer) correct, you can request that we rectify the data or amend it if it is incomplete. If we have to disclose your data to third parties, we will inform the relevant third parties in accordance with the corresponding legal situation.
10.2 RIGHT OF ERASURE
You can request that your personal data be erased under the following circumstances:
- If your personal data is no longer needed for the purposes it was collected for;
- If you have revoked your consent and there is no other legal basis for data processing;
- If you object to processing and there are no overriding legitimate grounds for data processing;
- If your data is being processed unlawfully;
- If your personal data has to be erased to meet legal obligations.
- Please note that, before erasing your data, we have to check whether there are no legitimate grounds regarding processing of your personal data.
10.3 RIGHT TO RESTRICTION OF PROCESSING (“RIGHT TO BLOCK”)
You can request that we restrict processing of your personal data for one of the following reasons:
- If you dispute the accuracy of the data, it may be restricted until we have had the opportunity to convince ourselves that it is accurate;
- If the data is being processed unlawfully, but you only request restriction of personal data use instead of erasure;
- If we no longer require the personal data for the purposes of processing, but you still need it to establish, exercise or defend legal claims;
- If you have submitted an objection to processing and it has not yet been established whether your legitimate interests take precedence over ours.
10.4 RIGHT TO OBJECT
10.4.1 INDIVIDUAL RIGHT TO OBJECT
If processing is being carried out in the public interest or based on a balancing of interests, you have the right on grounds relating to your particular situation to submit an objection to processing. If you have objected, we shall not process your personal data further unless we can demonstrate compelling legitimate grounds for processing your data that take precedence over your interests, rights and freedoms, or because your personal data is being used to establish, exercise or defend legal claims. The objection does not preclude the lawfulness of processing activities carried out until such time that you object.
10.4.2 OBJECTION TO ADVERTISING
In situations where your personal data is used for advertising measures, you can submit an objection to this form of processing at any time. We will then no longer process your personal data for these purposes.
You can object informally by contacting:
10.4.3 RIGHT TO DATA PORTABILITY
On request, you have the right to receive the personal data you provided to us for processing in a transferable and machine-readable format.
10.4.4 RIGHT TO REVOCATION OF CONSENT
If we process your personal data based on consent that you granted us, you have the right at any time to object to this without any need to state reasons. Your objection shall only be effective for the future and has no impact on the lawfulness of data processing activities carried out before you submitted your objection.
10.4.5 RIGHT TO LODGE COMPLAINTS WITH THE SUPERVISORY AUTHORITY (ART. 77 OF THE GDPR)
In order to protect your rights accordingly, we attempt to process your enquiries and claims as quickly as possible at all times. Depending on the frequency of enquiries, however, it may take up to 30 days for us to find out more information about your request. If we anticipate that we will need more time, we shall inform you promptly of the reasons for the delay and discuss what will happen next with you.
In some situations, we are not allowed to or cannot give you information. If legally permissible, we shall share the reason for refusing to provide information with you.
If you are still not satisfied with our answers and responses or believe that we are violating applicable data protection legislation, you are entitled to lodge a complaint with our data protection officer and the competent supervisory authority. The supervisory authority responsible for us is:
The Baden-Württemberg State Commissioner for Data Protection and Freedom of Information
P.O. Box 10 29 32, 70025 Stuttgart
Königstrasse 10a, 70173 Stuttgart
Tel.: +49 711 6155 41 – 0
Fax: +49 711 6155 41 – 15
12. Any more questions?
2B Advice GmbH – the privacy benchmark
Contact person: Clemens Dorner
Joseph-Schumpeter-Allee 25 | 53227 Bonn
Tel.: +49 228 926 165 121
Fax: +49 228 926 165 109