Privacy Statement for the www.sthamer.com website
Thank you for your interest in our website at www.sthamer.com (“website”). This website is operated by Fabrik chemischer Präparate von Dr. Richard Sthamer Gmbh & Co. KG (hereinafter referred to as “Sthamer” or “we”/ “us”), and provides you, the user (hereinafter referred to as “user” or “you”) the opportunity to find out more about us and our products or our services and training.
In the following, we provide you with information regarding the personal data we collect, and its use, when you visit our website or order a product or service. This privacy statement explains the legal basis and the purpose for this data collection. We also provide you with information on your rights with regard to the use of your personal data. Should you have any questions regarding our use of your personal data, please contact us as the Controller under data protection law (for contact details see Clause 1).
1 Controller for Data Privacy
The operator of this website, and therefore the Controller for data protection is:
Fabrik chemischer Präparate von Dr. Richard Sthamer GmbH & Co. KG Liebigstraße 5 D-22113 HamburgTel.: +49 (0)40-73 61 68-0 Fax: +49 (0)40-73 61 68-60 E-Mail: email@example.com
2 Revocation of your consent to data processing
Some data processing may only be conducted with your express consent. You may revoke your consent at any time with future effect. For this, it is sufficient to send an informal message to us, via email (see contact details under Clause 1). Revocation does not affect the lawfulness of data processing carried out up to the date of revocation.
3 Data Protection Officer
We have appointed a data protection officer, who can be reached at
4 General information on data processing on our website
When you use this website, a range of personal data is collected.
“Personal data” is any information that can be used to identify you, directly or indirectly (such as your name, address, email, address, telephone number, IP address).
In principle, the collection and processing of this personal data is only carried out so far as permitted by law, or to which you have granted your consent. Once the purpose for which the data was collected has been fulfilled or ceased to exist, the data will be deleted, unless you have granted your consent for another use, or statutory retention provisions preclude deletion. The following list details the data processing operations:
5 Data collection on our website and the creation of logfiles
5.1 Description of the data processing
The user can visit our website without registering. However, access data is collected in a logfile by our IT system when you visit the website and for every file accessed. Sthamer or the webspace provider collects this information in server log files, which is automatically provided to us by your browser. This information lists:
· browser type and version
· operating system
· referrer URL
· anonymised host name of the device accessing the website
· time of server request
· IP address (may be anonymised)
· amount of data transferred, access status (file sent, file not found)
This data is collected automatically, as soon as you access our website. It is not merged with any other data sources.
5.2 Legal basis and purpose
The legal basis for data is Art. 6 (1) (f) General Data Protection Regulation (“GDPR”), which permits processing of data in the case of a legitimate interest, unless overriding interests, fundamental rights or freedoms of the user require otherwise. Temporary storage of this data is necessary to display website information to the user. The collection of this data is therefore required for the representation of our website. For this purpose, the user's IP address must also be stored for the duration of the session. This data is stored as logfiles, to preserve the functionality and to optimise our website, as well as ensuring the security of our IT systems. We therefore reserve the right to subsequently check the logfiles if there are concrete indications of illegal use. These purposes constitute a legitimate interest for Sthamer in its data processing pursuant to Art. 6 (1) (f) GDPR.
5.3 Retention period
This data will be deleted when it is no longer required for the purpose for which it was stored. In terms of displaying the website, this occurs with the end of the individual session. For data stored as log files, this will occur seven days. Data may be stored beyond this point if the user IP address has been deleted or anonymised to the extent that it can no longer be assigned to any individual user.
5.4 Opportunity to object
We are unable to identify you as a data subject based on the information stored. Articles 15 to 22 GDPR are therefore not applicable under Article 11 (2) GDPR, unless you provide additional information to enable you to exercise your rights under these articles.
6 Inquiries via mail, email, and telephone
6.1 Description of the data processing
When you send us an inquiry by mail, email or telephone, we will store the data provided by you, including your contact information, for the purposes of processing your inquiry and in case of further questions.
The following data will be sent to and stored by us: email address, name, address, telephone number where provided, and any other personal information you have included in the inquiry text.
6.2 Purpose and legal basis for data processing
If you, as a customer or prospective customer, contact our company by post, e-mail or telephone, we will process your contact details in order to establish or execute the contractual relationship in the required framework. The legal basis for this processing is Article 6 (1) (b) GDPR
6.3 Purpose of processing
Processing of the data provided is required to process the inquiry and to deal with follow-up questions, to justify or carry out the contractual relationship.
6.4 Retention period
We will only retain the data provided by you per email or by telephone until such time as it has fulfilled its purpose. For data collected when making contact by mail, email or telephone, this will occur when the specific inquiry has been processed and resolved. We will also delete this data prior to resolution should you so request. Mandatory statutory provisions - particularly retention periods - remain unaffected.
7.1 Description of the data processing
7.2 Third party cookies
On visiting our website, we do not save any third party cookies.
7.3 Purpose and legal basis for data processing
7.4 Retention period; Potential to object
Cookies are stored on your end device. “Session cookies” will be automatically deleted at the end of your session. You can configure your browser to inform you when a cookie is being set, so that you can decide to accept or reject each cookie. Alternatively, you can set your browser to automatically accept specific types of cookies or always reject them. You can also set your browser to automatically delete cookies at the end of each session. If cookies are deactivated, the functionality of this website may be restricted. If a user does not want to allow cookies to be stored on the device displaying the website, would like to delete a stored cookie or would like to be informed before a cookie is stored, the browser settings can be adjusted accordingly. The Help section of the individual browser provides information on how to do this. We would like to expressly state that should this option be taken, not all functions of this website can be used to their full capacity.
8 YouTube videos
8.1 Description of the data processing
This website contains embedded YouTube videos that can be played directly from YouTube on our website. This uses the “expanded privacy mode” which only allows YouTube access to your data when you play the video. Sthamer has no influence over this data collection. Sthamer itself does not collect any personal data in connection with the use of the embedded YouTube videos.
YouTube is a service provided by Google LLC.,1600 Amphitehatre Parkway, Mountain View, CA 94043, USA, (hereinafter referred to as “Google”). By accessing a video in our YouTube channel, your data may be transferred to a Google server in the USA and stored. Google uses this data to evaluate your use of our videos on YouTube, to create anonymised reports about the videos watched and to offer video-use related services to us.
Google may also transfer this information to third parties, insofar as permitted by law, or where those third parties process the data for Google. For more information on this Google service, go to https://www.youtube.com/?hl=de&glDE or https://ssl.gstatic.com/policies/privacy/pdf/20180525/853e41a3/google_privacy_policy_en_eu.pdf."
8.2 Purpose and legal basis for data processing
YouTube videos are only embedded for the purposes of making our website more user friendly, and to present our products. This constitutes a legitimate interest in the optimised presentation of our services pursuant to Art. 6 (1) (f) GDPR.
You can prevent YouTube from collecting and processing your data by not using Google services via our website or playing the videos.
9 Links to other websites
The website may contain links (interactive reference points) to third-party websites, for which we are not responsible. Sthamer has no influence whatsoever on the content and presentation of external links or the internet presence to which the user accesses via these links. The relevant provider is responsible for the content and presentation of these internet presences, as well as ensuring it meets data protection regulations.
10 Protection of your data: SSL or TLS encryption
For security reasons, and to protect confidential content such as orders or inquiries you may send us, this website uses SSL or TLS encryption. An encrypted connection is recognisable in that the address line in the browser changes from “http://” to “https://”, and a lock symbol is also displayed in the browser address line.
The information you send to us when SSL or TLS encryption is activated cannot be read by third-parties.
However, we would like to point out that data transmission via the Internet (e.g. communication by e-mail) can be subject to security gaps. A complete protection of the data against access by third parties is not possible.
11 Data protection and rights of the data subject
As the data subject, you have the right to receive information about the origin, recipient of and purpose for your stored personal data at any time, free of charge. You also have the right to have this data corrected, blocked or deleted at any time. If you have any questions regarding data protection, you can contact us at any time using the contact information provided in Clause 1. In addition, you have a right of appeal to the competent supervisory authority. A list of the rights available to you as a data subject against us as the Controller are as follows:
11.1 Right of access
You may request a confirmation of whether we are processing your personal data. Should this be the case, you have the right to the following information:
- processing purposes;
- the recipients or categories of recipients to whom your personal data has been or will be disclosed;
- where available, the planned retention period of the personal data, or where not available, the criteria for determining that retention period;
- your additional rights (see below);
- all available information regarding the origin of the data, if the personal data has not been collected from you;
- the existence of automated decision-making, including profiling, and where existent, further relevant information.
You have the right to be informed of the appropriate safeguards available pursuant to Art. 46 GDPR against the transfer of your data to a third country or international organisation.
11.2 Right to rectification
You have the right to have incorrect or incomplete personal data concerning you to be corrected without delay.
11.3 Right to restriction of processing
You have the right to request a restriction of data processing activities when one of the following conditions is met:
- you dispute the accuracy of the personal data;
- the data processing is unlawful, but you do not agree to the deletion of that data, requesting instead a restriction of its use;
- we no longer need the personal data for the purpose for which it was collected, but it is required by you to establish, exercise or defend legal claims; or
- you have lodged an objection to the processing (see below) but it is not yet clear whether our legitimate grounds will prevail.
11.4 Right to erasure (right to be forgotten)
You have the right to have your personal data immediately erased, and we are obliged to delete said data without delay where one of the following grounds applies:
- Your personal data are no longer required for the purpose for which they were collected or otherwise processed.
- You withdraw your consent and there is no other legal grounds for processing that data.
- You have lodged an objection (see below) against the data processing.
- Your personal data was unlawfully processed.
- The deletion of your personal data is necessary to fulfil an obligation under EU law of the law of the Member States.
- The personal data was collected based on consent granted by a child.
11.5 Right to notification
If you have exercised your right to rectification, erasure or restriction of processing, we are required to notify all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction of processing unless less this proves impossible or requires a disproportionate effort. You have the right to be informed by us of those recipients.
11.6 Right to data portability
You have the right to receive personal data that you have provided to use in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another Controller without interference on our part provided:
- the processing is based on consent granted in accordance with Art. 6 (1) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR, and
- the processing is carried out using automated methods.
In the exercise of this right, you may request that your personal data is transferred directly from one Controller to another Controller, in so far as this is technically feasible and does not infringe on the rights and freedoms of any other person. The right to data portability does not apply to the processing of personal data that is required for the fulfilment of a task in the public interest or in the exercise of an official authority conferred on the Controller.
11.7 Right to object
You have the right, for reasons arising from your own personal situation to object at any time to the processing of your personal data based on one of the following grounds:
- our processing of your personal data is required for the performance of a task in the public interest or in the exercise of a public authority conferred onto us; or
- the processing is necessary to safeguard our legitimate interests or those of a third-party, unless your interests or basic rights require that the protection of your personal data prevail.
You also have the right to object to profiling based on this processing.
If the personal data being processed is used for direct marketing purposes, you have the right to object to that processing for such marketing purposes. This also applies to profiling, insofar as it is associated with such direct marketing.
You also have the right to object on reasons arising from your own personal situation against the processing of your personal data by us for purposes of scientific or historical research or statistics, unless that processing is required for performing a task in the public interest.
11.8 Right to appeal to a supervisory authority
If there has been a breach of data protection legislation, the affected person may lodge an appeal with the supervisory authority. A list of Data Protection Commissioners and their contact details can be found under the following link:
The responsible supervisory authority for data protection issues is the Hamburg Commissioner for Data Protection and Freedom of Information for Sthamer (Klosterwall 6 (Block C), 20095 Hamburg, Tel.: 040/42854-4040, E-Fax: 040/4279-11811, E-Mail: firstname.lastname@example.org).
To ensure that this Privacy Statement meets statutory requirements, Sthamer retains the right to make changes at any time. This also applies should the Privacy Statement need to be adapted to reflect changes in our website and services. The new Privacy Statement applies from the next time the user accesses our website.
Release January 2019
Copyright Fabrik chemischer Präparate von Dr. Richard Sthamer GmbH & Co. KG© 2018. All rights reserved.
Tel.: +49 (0)40 73 61 68 - 0