Privacy Statement for the www.sthamer.com website.
Thank you for your interest in our website at www.sthamer.com (“website”). This website is operated by Fabrik chemischer Präparate von Dr. Richard Sthamer Gmbh & Co. KG (hereinafter referred to as “Sthamer” or “we”/ “us”), and provides you, the user (hereinafter referred to as “user” or “you”) the opportunity to find out more about us and our products or our services and training.
In the following, we provide you with information regarding the personal data we collect, and its use, when you visit our website or order a product or service. This privacy statement explains the legal basis and the purpose for this data collection. We also provide you with information on your rights with regard to the use of your personal data. Should you have any questions regarding our use of your personal data, please contact us as the Controller under data protection law (for contact details see Clause 1).
1. Controller for Data Privacy
The operator of this website, and therefore the Controller for data protection is:
Fabrik chemischer Präparate von Dr. Richard Sthamer GmbH & Co. KG Liebigstraße 5 D-22113 HamburgTel.: +49 (0)40-73 61 68-0 Fax: +49 (0)40-73 61 68-60 E-Mail: info@sthamer.com
2. Revocation of your consent to data processing
Some data processing may only be conducted with your express consent. You may revoke your consent at any time with future effect. For this, it is sufficient to send an informal message to us, via email (see contact details under Clause 1). Revocation does not affect the lawfulness of data processing carried out up to the date of revocation.
3. Data Protection Officer
We have appointed a data protection officer, who can be reached at
E-mail: datenschutzbeauftragter@sthamer.de
4. General information on data processing on our website
When you use this website, a range of personal data is collected.
“Personal data” is any information that can be used to identify you, directly or indirectly (such as your name, address, email, address, telephone number, IP address).
In principle, the collection and processing of this personal data is only carried out so far as permitted by law, or to which you have granted your consent. Once the purpose for which the data was collected has been fulfilled or ceased to exist, the data will be deleted, unless you have granted your consent for another use, or statutory retention provisions preclude deletion. The following list details the data processing operations:
5. Data collection on our website and the creation of logfiles
5.1 Description of the data processing
The user can visit our website without registering. However, access data is collected in a logfile by our IT system when you visit the website and for every file accessed. Sthamer or the webspace provider collects this information in server log files, which is automatically provided to us by your browser. This information lists:
· browser type and version
· operating system
· referrer URL
· anonymised host name of the device accessing the website
· time of server request
· IP address (may be anonymised)
· amount of data transferred, access status (file sent, file not found)
This data is collected automatically, as soon as you access our website. It is not merged with any other data sources.
5.2 Legal basis and purpose
The legal basis for data is Art. 6 (1) (f) General Data Protection Regulation (“GDPR”), which permits processing of data in the case of a legitimate interest, unless overriding interests, fundamental rights or freedoms of the user require otherwise. Temporary storage of this data is necessary to display website information to the user. The collection of this data is therefore required for the representation of our website. For this purpose, the user's IP address must also be stored for the duration of the session. This data is stored as logfiles, to preserve the functionality and to optimise our website, as well as ensuring the security of our IT systems. We therefore reserve the right to subsequently check the logfiles if there are concrete indications of illegal use. These purposes constitute a legitimate interest for Sthamer in its data processing pursuant to Art. 6 (1) (f) GDPR.
5.3 Retention period
This data will be deleted when it is no longer required for the purpose for which it was stored. In terms of displaying the website, this occurs with the end of the individual session. For data stored as log files, this will occur seven days. Data may be stored beyond this point if the user IP address has been deleted or anonymised to the extent that it can no longer be assigned to any individual user.
5.4 Opportunity to object
We are unable to identify you as a data subject based on the information stored. Articles 15 to 22 GDPR are therefore not applicable under Article 11 (2) GDPR, unless you provide additional information to enable you to exercise your rights under these articles.
6. Inquiries via mail, email, and telephone
6.1 Description of the data processing
When you send us an inquiry by mail, email or telephone, we will store the data provided by you, including your contact information, for the purposes of processing your inquiry and in case of further questions.
The following data will be sent to and stored by us: email address, name, address, telephone number where provided, and any other personal information you have included in the inquiry text.
6.2 Purpose and legal basis for data processing
If you, as a customer or prospective customer, contact our company by post, e-mail or telephone, we will process your contact details in order to establish or execute the contractual relationship in the required framework. The legal basis for this processing is Article 6 (1) (b) GDPR
6.3 Purpose of processing
Processing of the data provided is required to process the inquiry and to deal with follow-up questions, to justify or carry out the contractual relationship.
6.4 Retention period
We will only retain the data provided by you per email or by telephone until such time as it has fulfilled its purpose. For data collected when making contact by mail, email or telephone, this will occur when the specific inquiry has been processed and resolved. We will also delete this data prior to resolution should you so request. Mandatory statutory provisions - particularly retention periods - remain unaffected.
7. Use of Cookies
7.1 Description of the data processing
Our website uses cookies. Cookies are small text files that are saved by your browser on your end-device. When a user accesses a website, a cookie will be saved on the user's operating system, which allows for the individual browser to be identified when the website is accessed again.
We use cookies to make our website more user friendly, effective and secure. Some elements of our website require that the browser can be identified even after another webpage has been accessed.
We also use cookies to analyse user behaviour on our website. For more details of this analysis see Clause 8.2 and Clause 9, 10 and 11.
The user data collected in this way is pseudonymised. The data is not assigned to the user or other personal data of the user.
At the beginning of the use of the website, users are informed about the use of cookies for analysis purposes with reference to this Privacy Statement. The user will also be informed about the possibility of preventing the storage of cookies.
7.2 Third party cookies
On visiting our website, cookies from our partner companies will also be saved on your end device (third party cookies), to make our internet presence more interesting for you. The use and scope of these cookies and the data they collect is explained in more detail in Clause 9, 10 and 11.
The cookies we use from third party providers partly lead to data processing in the USA.
For data transmission to the USA as a third country, i.e. a country in which the GDPR is not applicable law, the European Commission has acc. Article 45 DSGVO stipulates that an adequate level of data protection is required for companies that are certified under the EU-US Privacy Shield. The transmission to the USA then takes place in a permissible manner.
7.3 Purpose and legal basis for data processing
The purpose for using technical cookies is to make our website easier to use. Some website functions cannot be utilised without the use of cookies. These functions require that your browser can be identified even after you have accessed another webpage. Some cookies are used to make the use of the website easier (for example, by storing language settings, remember search terms etc.). The user data collected through technical cookies is not used to create user profiles.
The processing of personal data using cookies is based on Art. 6 (1) (f) GDPR. Sthamer has a legitimate interest in storing these cookies to ensure error-free and optimal presentation of its services.
Analysis cookies are used to improve the quality of our website, and to optimise the services we offer. The data collected in this process will only be used in pseudonymised user profiles. In particular, we use the offers of the following third-party providers. In doing so, we pursue the legitimate interest of finding out which offers are of interest to you within the framework of market research. This enables us to adapt our online offer to suit your needs. In addition, we use the statistical data provided to us to identify faults and to calculate advertising costs.
These purposes also include the legitimate interest in the processing of personal data pursuant to Art. 6 (1) (f) GDPR.
7.4 Retention period; Potential to object
Cookies are stored on your end device. “Session cookies” will be automatically deleted at the end of your session. Other cookies, “permanent cookies” remain stored on the device you used to view the website until you delete them. These cookies enable us or our partners (third party cookies) to recognise your browser the next time it accesses our website. Permanent cookies are automatically deleted after a specified period of time, which can vary from cookie to cookie.
You can configure your browser to inform you when a cookie is being set, so that you can decide to accept or reject each cookie. Alternatively, you can set your browser to automatically accept specific types of cookies or always reject them. You can also set your browser to automatically delete cookies at the end of each session. If cookies are deactivated, the functionality of this website may be restricted.
If a user does not want to allow cookies to be stored on the device displaying the website, would like to delete a stored cookie or would like to be informed before a cookie is stored, the browser settings can be adjusted accordingly. The Help section of the individual browser provides information on how to do this. We would like to expressly state that should this option be taken, not all functions of this website can be used to their full capacity.
8. Matomo (formerly Piwik) web analysis
8.1 Description of the data processing
We use the open-source web analysis tool Matomo (formerly Piwik, see also www.matomo.org). This provides us with anonymised reports about the use of our website, particularly the search engines, key search terms and languages used, the pages accessed, and the data downloaded.
Matomo uses “cookies” which are stored on the device displaying the website, enable the analysis of website use and online offers for marketing and optimisation purposes. Information generated by Matomo about the use of our online services is stored on our server in Germany, and only evaluated internally.
IP addresses are only recorded in abbreviated form and stored in anonymised form, so that they cannot be attributed to any individual user of our online presence. The data collected by Matomo can only be used for the statistical evaluation of user access, intended to improve our online services, and will not be merged with personal data at a later stage. This data is not disclosed to third parties.
8.2 Purpose and legal basis for data processing
The web analysis tool Matomo evaluates the use of our website, to compile reports about website activity for marketing and optimisation purposes. The storage of Matomo cookies is lawful pursuant to Art. 6 (1) (f) GDPR. We have a legitimate interest in the analysis of user activity for the optimisation our services pursuant to Art. 6 (1) (f) GDPR.
8.3 Retention period; Potential to object
You have the right to object to the Matomo analysis. There are various options for this purpose:
Browser settings:
You can prevent the installation of Matomo cookies by using the appropriate settings in your browser. If you would like to prevent the analysis of your web activity in general, you can activate the “Do Not Track” option of your current web browser.
Objecting to the collection of data:
You can prevent web analysis cookies from being stored in your browser. Choosing this option means that no statistical data is collected or analysed. If you would like to choose this option, click on the following link to store the Matomo deactivation cookie in your browser: Matomo Deactivation Link
Your accessing this website is currently being captured by Matomo web analysis. Click here to cease detection.
Should you delete stored cookies from your browser, please be aware that the Matomo deactivation cookie on this website will be deleted. The Matomo deactivation cookie only works for the specific end device on which it is stores. If you use another device, you will need to follow the same procedure to prevent Matomo analysis.
9. YouTube videos
9.1 Description of the data processing
This website contains embedded YouTube videos that can be played directly from YouTube on our website. This uses the “expanded privacy mode” which only allows YouTube access to your data when you play the video. Sthamer has no influence over this data collection. Sthamer itself does not collect any personal data in connection with the use of the embedded YouTube videos.
YouTube is a service provided by Google LLC.,1600 Amphitehatre Parkway, Mountain View, CA 94043, USA, (hereinafter referred to as “Google”). By accessing a video in our YouTube channel, your data may be transferred to a Google server in the USA and stored. Google uses this data to evaluate your use of our videos on YouTube, to create anonymised reports about the videos watched and to offer video-use related services to us.
Google may also transfer this information to third parties, insofar as permitted by law, or where those third parties process the data for Google. For more information on this Google service, go to https://www.youtube.com/?hl=de&glDE or https://ssl.gstatic.com/policies/privacy/pdf/20180525/853e41a3/google_privacy_policy_en_eu.pdf."
9.2 Purpose and legal basis for data processing
YouTube videos are only embedded for the purposes of making our website more user friendly, and to present our products. This constitutes a legitimate interest in the optimised presentation of our services pursuant to Art. 6 (1) (f) GDPR.
You can prevent YouTube from collecting and processing your data by not using Google services via our website or playing the videos.
10. Google Maps
10.1 Description of the data processing
Google Maps is embedded in this website to show you our location and how to get here. Google Maps is provided by Google LLC, 1600 Amphitehatre Parkway, Mountain View, CA 94043, USA (“Google”).
Accessing Google Maps via our website may result in your data being sent and stored to a Google server in the USA.In this processing, our cooperation with Google is based on a joint liability agreement under Art. 26 DSGVO, which can be found here (https://privacy.google.com/intl/en/businesses/mapscontrollerterms/).
For more information about Google's data processing, see the Google Privacy Policy at https://www.google.com/intl/en/policies/privacy/.
10.2 Purpose and legal basis of data processing
Google Maps is only embedded for the purposes of making our website more user friendly, and to facilitate travelling to our location pursuant to Art. 6 (1) (f) GDPR.
11. Links to other websites
The website may contain links (interactive reference points) to third-party websites, for which we are not responsible. Sthamer has no influence whatsoever on the content and presentation of external links or the internet presence to which the user accesses via these links. The relevant provider is responsible for the content and presentation of these internet presences, as well as ensuring it meets data protection regulations.
12. Protection of your data: SSL or TLS encryption
For security reasons, and to protect confidential content such as orders or inquiries you may send us, this website uses SSL or TLS encryption. An encrypted connection is recognisable in that the address line in the browser changes from “http://” to “https://”, and a lock symbol is also displayed in the browser address line.
The information you send to us when SSL or TLS encryption is activated cannot be read by third-parties.
However, we would like to point out that data transmission via the Internet (e.g. communication by e-mail) can be subject to security gaps. A complete protection of the data against access by third parties is not possible.
13. Data protection and rights of the data subject
As the data subject, you have the right to receive information about the origin, recipient of and purpose for your stored personal data at any time, free of charge. You also have the right to have this data corrected, blocked or deleted at any time. If you have any questions regarding data protection, you can contact us at any time using the contact information provided in Clause 1. In addition, you have a right of appeal to the competent supervisory authority. A list of the rights available to you as a data subject against us as the Controller are as follows:
13.1 Right of access
You may request a confirmation of whether we are processing your personal data. Should this be the case, you have the right to the following information:
- processing purposes;
- the recipients or categories of recipients to whom your personal data has been or will be disclosed;
- where available, the planned retention period of the personal data, or where not available, the criteria for determining that retention period;
- your additional rights (see below);
- all available information regarding the origin of the data, if the personal data has not been collected from you;
- the existence of automated decision-making, including profiling, and where existent, further relevant information.
You have the right to be informed of the appropriate safeguards available pursuant to Art. 46 GDPR against the transfer of your data to a third country or international organisation.
13.2 Right to rectification
You have the right to have incorrect or incomplete personal data concerning you to be corrected without delay.
13.3 Right to restriction of processing
You have the right to request a restriction of data processing activities when one of the following conditions is met:
- you dispute the accuracy of the personal data;
- the data processing is unlawful, but you do not agree to the deletion of that data, requesting instead a restriction of its use;
- we no longer need the personal data for the purpose for which it was collected, but it is required by you to establish, exercise or defend legal claims; or
- you have lodged an objection to the processing (see below) but it is not yet clear whether our legitimate grounds will prevail.
13.4 Right to erasure (right to be forgotten)
You have the right to have your personal data immediately erased, and we are obliged to delete said data without delay where one of the following grounds applies:
- Your personal data are no longer required for the purpose for which they were collected or otherwise processed.
- You withdraw your consent and there is no other legal grounds for processing that data.
- You have lodged an objection (see below) against the data processing.
- Your personal data was unlawfully processed.
- The deletion of your personal data is necessary to fulfil an obligation under EU law of the law of the Member States.
- The personal data was collected based on consent granted by a child.
13.5 Right to notification
If you have exercised your right to rectification, erasure or restriction of processing, we are required to notify all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction of processing unless less this proves impossible or requires a disproportionate effort. You have the right to be informed by us of those recipients.
13.6 Right to data portability
You have the right to receive personal data that you have provided to use in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another Controller without interference on our part provided:
- the processing is based on consent granted in accordance with Art. 6 (1) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR, and
- the processing is carried out using automated methods.
In the exercise of this right, you may request that your personal data is transferred directly from one Controller to another Controller, in so far as this is technically feasible and does not infringe on the rights and freedoms of any other person. The right to data portability does not apply to the processing of personal data that is required for the fulfilment of a task in the public interest or in the exercise of an official authority conferred on the Controller.
13.7 Right to object
You have the right, for reasons arising from your own personal situation to object at any time to the processing of your personal data based on one of the following grounds:
- our processing of your personal data is required for the performance of a task in the public interest or in the exercise of a public authority conferred onto us; or
- the processing is necessary to safeguard our legitimate interests or those of a third-party, unless your interests or basic rights require that the protection of your personal data prevail.
You also have the right to object to profiling based on this processing.
If the personal data being processed is used for direct marketing purposes, you have the right to object to that processing for such marketing purposes. This also applies to profiling, insofar as it is associated with such direct marketing.
You also have the right to object on reasons arising from your own personal situation against the processing of your personal data by us for purposes of scientific or historical research or statistics, unless that processing is required for performing a task in the public interest.
13.8 Right to appeal to a supervisory authority
If there has been a breach of data protection legislation, the affected person may lodge an appeal with the supervisory authority. A list of Data Protection Commissioners and their contact details can be found under the following link:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
The responsible supervisory authority for data protection issues is the Hamburg Commissioner for Data Protection and Freedom of Information for Sthamer (Klosterwall 6 (Block C), 20095 Hamburg, Tel.: 040/42854-4040, E-Fax: 040/4279-11811, E-Mail: mailbox@datenschutz.hamburg.de).
14. Changes
To ensure that this Privacy Statement meets statutory requirements, Sthamer retains the right to make changes at any time. This also applies should the Privacy Statement need to be adapted to reflect changes in our website and services. The new Privacy Statement applies from the next time the user accesses our website.
Release July 2018
Copyright Fabrik chemischer Präparate von Dr. Richard Sthamer GmbH & Co. KG© 2018. All rights reserved.
Fabrik chemischer Präparate von Dr. Richard Sthamer GmbH & Co. KGLiebigstraße 5 D-22113 HamburgTel.: +49 (0)40-73 61 68-0 Fax: +49 (0)40-73 61 68-60 E-mail: info@sthamer.com Website: www.sthamer.comValue added ID-Number: DE 118872866Registered office in Hamburg/Germany District Court of Hamburg, commercial register: HRA 10945Managing partner: Oswald Sthamer, Ingeborg Grabow
General partner:Sthamer Verwaltungsgesellschaft mbHDistrict Court of Hamburg, commercial register: Hamburg, HRB 69047
Note on liability: Although the content has been checked carefully, we accept no liability for the information given in external links. Responsibility for the content of linked pages lies solely with their operators. Picture credits: H. Brunswig, Hamburg, Bundesverband Feuerlöschgeräte und-anlagen e.V. (BVFA), Holger Chobotsky, Robert Ratzer, Fotolia, iStockphoto.
Headquarter Hamburg Tel.: +49 (0)40 73 61 68 - 0 info@sthamer.com