SATA: Legal notice - Privacy policy
SATA: Legal notice - Privacy policy
Legal Notice
Provider Identification as per § 5 TMG
The provider and entity responsible for this Internet domain, within the meaning of § 5 of the German Telemedia Act (TDG)and the German Law regulating the framework conditions for information and communication services (IuKDG), is
SATA GmbH & Co. KG
Domertalstr. 20
70806 Kornwestheim
Telefon: +49 (7154) 811 - 0
Telefax: +49 (7154) 811 - 196
info@sata.com
www.sata.com
Limited Partnership located in Kornwestheim, Germany
Responsible Court Stuttgart HRA 202151
Personally Liable Partner:
SATA Verwaltungs-GmbH, Kornwestheim HRB 202857
President: Florian Kaiser, Stuttgart und Mike Wolf, Osnabrück
VAT ID no.: DE 146132518
1. Contents of the Online Service
SATA GmbH & Co. KG, hereafter referred to as SATA, shall not accept any liability for the topicality, correctness, completeness or quality of the information provided. Liability claims against SATA concerning material or non-material damages caused by the usage or failure to make use of the information provided or by the usage of incorrect and incomplete information are generally excluded, as long as there is no demonstrable intentional or grossly negligent act on the part of SATA. All offers are subject to change and non-binding. SATA expressly reserves the right to modify, add to or erase parts of the pages or the entire service without separate notice, or to cease publication temporarily or permanently.
2. References and Links
In the case of direct or indirect references to external Internet pages ("links") located outside the sphere of responsibility of SATA, legal liability would apply exclusively if SATA has knowledge of the content of these and it is technically feasible and reasonable for SATA to prevent their usage in the event of their being illegal. SATA therefore explicitly states that at the time of creation of the links, the correspondingly linked pages were free from illegal content. SATA has no influence over the current and future structure and content of the linked/associated pages. SATA therefore explicitly dissociates itself from all content of all linked/associated pages that were modified after the link was created. This declaration applies to all links and references included in SATA's Internet presence, as well as any external entries in guest books, discussion forums and mailing lists may have been provided by SATA. The provider of the page to which the link leads shall be exclusively responsible for illegal, faulty or incomplete contents and in particular for damage caused by the usage of failure to make use of information is provided, not the party who simply refers to the publication in question by means of the link.
3. Copyright and Trademark Law
In all publications, SATA makes every effort to respect the copyrights of the graphic images, sound documents, video sequences and texts used, to make use of graphic images, sound documents, video sequences and texts produced by SATA itself, or to make use of licence-free graphic images, sound documents, video sequences and texts. All brands and trademarks mentioned within the Internet presentation and any that are protected by third parties, are subject without restriction to the stipulations of the respective trademark and ownership rights of their registered owners. It must not be assumed, based on the mere mention of trademarks, that these are not protected by third-party rights. The copyright for objects published and produced by SATA remains the property of SATA. The reproduction or use of these graphic images, sound documents, video sequences and texts in other electronic or printed publications is not permissible without the explicit consent of SATA.
4. Data Protection
If the Internet presence offers the possibility to enter personal or business data (email addresses, names, postal addresses), the user enters these data on an explicitly voluntary basis. As far as this is technically feasible and reasonable, all services offered may be used and paid for without entering such data, or by entering pseudonyms or anonymised data.
5. Legal Validity of this Liability Exclusion
This liability exclusion should be considered part of the Internet presence from which the user was referred to this site. If parts or individual formulations of this text do not, no longer or only partly correspond to the currently valid legal situation, the other elements of the document shall remain unaffected as to their contents and validity.
6. Trademark
SATA, SATAjet, the SATA Logo and/or other SATA products referred to herein are registered trademarks or trademarks of SATA GmbH & Co. KG in the U.S. and/or other countries. The names of companies and products referred to herein may be the trademarks of their respective owners.
7. Objection against sending advertising mails
The use of contact data published within the framework of the imprint obligation for the transmission of advertising and information material not expressly requested is hereby objected to. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.
8. Online dispute resolution platform
In accordance with EU Regulation No. 524/2013, the European Commission provides an interactive platform for out-of-court online dispute resolution (ODR platform) for the settlement of out-of-court disputes arising from online legal transactions, which can be accessed at http://ec.europa.eu/consumers/odr/. You can find our e-mail address in our imprint. We are neither obliged nor willing to participate in the dispute resolution procedure.
This legal notice is also valid for the Facebook page www.facebook.com/satagmbh/.
-----------------------------------------
Privacy policy of SATA GmbH & Co. KG
1. General
We appreciate your interest in our company and our products and services. We take the protection of your personal data extremely seriously. We process your data in accordance with applicable legal regulations relating to the protection of personal data, in particular the EU General Data Protection Regulation (GDPR) and any country-specific implementation laws that apply to us. In this privacy policy we provide you with comprehensive information concerning the processing of your personal data by SATA GmbH & Co. KG and the rights you have in this regard.
Personal data is information that can be used to identify a natural person. In particular, this includes name, date of birth, address, telephone number, email address and also the IP address.
Anonymous data are data that do not allow for any tracking of the user.
The following privacy policy details what type of data is collected for what purpose, the extent to which this data are made accessible to third parties and which security measures we take. In addition, you will be informed of your legal rights in connection with the processing of these data.
It is our objective to protect all data entrusted to us as well as possible and to fully comply with all legal requirements. Should you wish to make suggestions how we can further improve the security of the data provided to us, we would kindly ask you to send a message to datenschutz(at)sata.com.
2. Controller and data protection officer
Controller in accordance with Article 4(7) GDPR:
SATA GmbH & Co. KG
Domertalstr. 20
70806 Kornwestheim
Telefon: +49 (7154) 811 – 0
Telefax: +49 (7154) 811 – 196
E-Mail: datenschutz(at)sata.com
Web: www.sata.com
Contact details data protection officer: E-Mail: DSB(at)sata.com
3. Your rights as the data subject
Firstly, we would like to inform you of your rights as a data subject. These rights are set out in Articles 15 -22 GDPR. These include the rights of...
- Information (Article 15 GDPR),
- Erasure (Article 17 GDPR),
- Rectification (Article 16 GDPR),
- Data portability (Article 20 GDPR),
- Restriction of data processing (Article 18 GDPR),
- Objection against data processing (Article 21 GDPR).
In order to assert these rights or if you have any queries concerning data protection at our company, please contact our data protection officer using the contact details above. You also have the right to lodge a complaint with a data protection supervisory authority.
4. Rights of objection
Please bear the following in mind in connection with rights of objection:
Where we process your personal data for the purpose of direct advertising, you have the right to object to this data processing at any time without giving reasons. This also applies to product and service improvement measures as well as to measures designed to improve the shopping experience, should these be connected to direct advertising.
Should you object to a processing for purposes of direct advertising or for purposes connected to the improvement of our services, we will no longer process your personal data for these purposes. The objection can be informal and should be sent to the above address.
Where we process your data to safeguard legitimate interests, you can object to such processing at any time for reasons connected to your specific situation; this also applies to any profiling based on these provisions.
We will then no longer process your personal data, unless we can prove overriding good reasons for the processing that outweigh your interests, rights and freedoms or unless the purpose of processing is the assertion, exercising or defence of legal claims.
5. Purpose and legal basis of data processing
When processing your personal data, the provisions of the GDPR and all other applicable provisions under data protection laws are complied with. The legal basis for data processing is set out by Article 6 GDPR in particular.
We use your data to negotiate business transactions, to fulfil contractual and legal obligations, to execute the contract, to offer products and services, to process queries and to process/fulfil any orders and contracts, to carry out administrative work and to strengthen customer relationships, to carry out employee and customer satisfaction surveys (which also include analysis for marketing purposes and direct advertising with product and price information) and for our applicant portal. Where necessary, you will be asked for your consent. In addition, the data are also used for other purposes subject to your consent, for example for information on our products and services sent by newsletter.
Your consent to data processing can also represent a permission in terms of data protection laws. Before you grant your consent, we will provide you with details concerning the purpose of data processing and your right of revocation.
Certain categories of personal data in accordance with Article 9(1) GDPR will only be processed if this is necessary under legal regulations and if there is no reason to assume that your protectable interests outweigh the need for processing.
6. Disclosure to third parties / occasion and scope
We will only disclose your data subject to statutory provisions, to fulfil our contractual obligations or if you have agreed to such use. In this case, we only disclose the data (for example name and address) that are necessary for us to fulfil our statutory, legal or contractual obligations or that third parties require to ensure a smooth process, in particular to fulfil a contract that was concluded.
Apart from the above, no data are disclosed to third parties unless we are obliged to do so under mandatory legal acts or regulations (disclosure to external bodies such as supervisory or criminal prosecution authorities).
Personal data may be disclosed to the respective country-specific sales partners of SATA to improve the quality of service. All legal regulations and requirements relating to order data processing are complied with during this process.
7. Recipients of the data / categories of recipients
In our company, we ensure that only those persons who require your data in order to fulfil their duties or the contractual and legal obligations receive the data. This also applies to any data exchanged with our associated companies, for example in the UK or Canada, as well as to the disclosure of address data of customers who have agreed to initiate contact or to receive our newsletter; such data will then be disclosed to our international contact partners. Data are also disclosed to fulfil contracts.
In many cases, service providers support our technical department in meeting its responsibilities. The necessary data protection contracts were concluded with all service providers, e.g. contract data processing agreements. Service providers with whom we collaborate include, for example, shipping providers, payment service providers, agencies, credit rating agencies and IT service providers.
8. Transfer to third countries / intended transfer to third countries
Data is only transferred to third countries (outside of the European Union and European Economic Area) if this is necessary to fulfil the contractual relationship, if required by law or if you have agreed to such transfer of data. The scope of the information that is disclosed is set out in Section 6.
In these cases, we take reasonable and necessary measures subject to Art. 44 et seq. GDPR to ensure an equivalent protection of personal data in the third country, for example through utilising the EU standard contractual clauses.
9. Data storage period
We store your data for as long as they are needed for the purpose for which they are processed. Please bear in mind that many retention period regulations require a continued storing of data. In particular, this is the case regarding retention obligations under commercial law or tax laws (for example the German Commercial Code - Handelsgesetzbuch - and the German Tax Code - Abgabenordnung). If further retention of data is not required, the data will be routinely deleted once the purpose was achieved.
This means that we may retain data when you agreed to us doing so or if legal disputes arise where we use data as evidence and proof subject to statutory limitation periods.
10. Secure transfer of your data
We employ appropriate technical and organisational security measures to best protect the data we save against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The security level is constantly monitored in co-operation with security experts and updated to meet new security standards.
The transmission of data to and from our website (SATA.com and the website of the SATA Loyalty Program coins & more) is encrypted. We use the transfer protocol HTTPS for our website, subject to the current encryption protocols. Applications submitted via our applicants’ portal are protected through content encryption. Only we can decrypt these data. It is also possible to use alternative communication channels (for example post).
Obligation to provide the data
Various personal data are necessary to enter into, perform and terminate the contractual relationship and to fulfil the associated contractual and legal obligations. The same applies when using our website and the various functions it offers.
We have summarised the details for you in Paragraph 11. In certain cases, data must also be collected or provided based on statutory provisions. Please bear in mind that it is not possible to process your query or to fulfil the underlying contractual relationship if these data are not provided. This means that, if you do not agree to the processing of all or part of your data because you are looking to be extra cautious, it is possible that you will not be able to use all or some of our products and/or services. You agree to any resulting disadvantages if you continue to use our products or services or parts of these.
Categories, sources and origin of the data
The respective context determines which data we process. The content and scope depend on whether you submit an online order, a query via our contact form, an application or a complaint.
Please bear in mind that we sometimes also disclose data protection information to suitable bodies if special circumstances so require, for example when you upload application documents or when getting in touch with us.
11. Services provided and retrieval of data:
General information concerning the retrieval and use of data / principle of data economy
We record the data listed in detail below when you use the various services, for example visiting the website, provision of SAL information, premium warranty registrations, when you contact us, user self-service registration, registration for the newsletter, dealer search, importer search, registration for the Virtual Painter, registration for Photobox, registration for the SATA Loyalty Program coins & more, visiting our online shop, when placing an order, registration for raffles and surveys within the SATA Loyalty Program coins & more, registration for meetings, seminars and training courses, ordering from the catalogue and using the Nozzle Finder. These data are used for getting in touch, for responding to your queries and requests, to make your visit to our website (SATA.com and the website of the SATA Loyalty Program coins & more) easier, to align your data, to participate in SATA events, to process your order, to participate in the customer loyalty programme and to support the sales activities of our customers and partners. We do not disclose these data without your consent except in the situations described in detail above.
When doing so, we comply with the principle of data economy and data reduction as you only need to enter the data which we require to process your request and perform the service in question. Usually, we also process your IP address for technical reasons and for legal protection. All fields not marked with an asterisk (*) denote voluntary data that can but does not have to be provided (for example for a more personalised response to your queries). For some services, additional consent is required for further processing of your personal data. We will indicate the respective purpose when asking you for such consent. Without this consent, your personal data will not be processed further.
Should you contact us by email, we will only process the personal data provided in the e-mail to handle your query. If you do not use the forms provided to get in touch with us, no other data will be collected.
It goes without saying that you can de-register from all services you have signed up to at any time via the relevant functions of the service or by e-mail to unsubscribe(at)sata.com (must include a detailed description of the service you no longer wish to subscribe to) and that you can revoke your consent in a valid manner.
Should you agree to advertising by clicking the respective checkbox (for example for receiving the SATA Newsletter or SATA Loyalty News), we will process your data to provide you with information and send offers regarding our products / services / new products / technology news / special promotions / special offers / price information / gatherings such as trade fairs, events, training courses and seminars by e-mail or post. You can revoke your consent at any time and without giving reasons by calling +49 (0) 7154/811-0, by sending an e-mail to unsubscribe(at)sata.com or by letter to SATA GmbH & Co. KG, Domertalstraße 20 ∙ 70806 Kornwestheim, Postfach 1828 ∙ 70799 Kornwestheim , Germany.
a) When you visit our website, we collect and process the following data:
- Name of the Internet service provider
- Information concerning the website from which you are redirected to us
- Web browser and operating system usedThe IP address assigned to you by your Internet service provider
- Accessed files, transferred data volume, downloads / file export
- Information concerning the parts of our website that you access, including date and time of your visit
b) We collect and process the following data in connection with an SAL information request:
- Title
- First name*
- Surname*
- Phone number
- E-mail address*
- Request for permission to send you our newsletter
- IP address
- Dealer name
- Dealer e-mail address
- SAL number*
- Comments
- Captcha
The information provided will only be used to process your enquiry and is deleted once it is no longer required, provided that no mandatory retention period precludes erasure of this information. The legal basis for processing these data is Article 6(1) b) GDPR.
c) We collect and process the following data when you register for our premium guarantee:
User data
- Title
- First name*
- Surname*
- Country*
- E-mail address*
- Phone number
- Request for permission to send you our newsletter
- IP address
- Comments
- Captcha
Product data
- SAL and/or serial number*
The information provided will only be used to process your registration for our premium guarantee and is deleted once it is no longer required, provided that no mandatory retention period precludes erasure of this information. The legal basis for processing these data is Article 6(1) b) GDPR.
d) We collect and process the following data when you contact us (contact form):
- Title
- First name*
- Surname*
- Issue*
- Country*
- Telephone*
- E-mail address*
- Your message*
- Captcha
If you use our contact form to contact us, we will process any details you enter into the contact form to contact you and to reply to your questions and queries. The legal basis for processing these data is Article 6(1) b) GDPR.
e) We collect and process the following data as part of our user self-services:
- Language of the form
- Title
- First name*
- Surname*
- E-mail address*
- Country
- Language*
- Sector (vehicle repairs, airbrush, paint manufacturer, vocational school, retail, private persons, other, industry, carpenter / painter)
- Company name
- Street / house number
- Postcode
- Town
- Your reply when asked if you would like to receive information by e-mail or our newsletter
- Your reply when asked if you would like to receive information by post
- Your reply when asked if you prefer not to receive any information
The legal basis for processing these data is Article 6(1) b) GDPR.
f) We collect and process the following data when you register for our newsletter and/or the SATA Loyalty News:
- E-mail address*
- Title
- First name*
- Surname*
- Consent to advertising by email or newsletter*
- Captcha
You can subscribe to our free SATA Newsletter on our website. You can only register for our SATA Loyalty News using the SATA Loyalty App coins & more or via the SATA Loyalty Website. The e-mail address provided when signing up for the newsletter and your name are used to send the personalised newsletter. We also use anonymised link tracking for statistical purposes. When you state which country you are in, we will send you information customised for your sector and country. We will need you address of you would like to receive the newsletter by post.
The principles of data economy and data reduction area is observed as only the e-mail address (and, if applicable, the name in case of personalised newsletters) is highlighted as a mandatory field. For technical reasons and legal protection, we also process your IP address when you sign up to the newsletter.
We use the so-called double opt-in procedure for sending newsletters by e-mail. This means that you will only receive advertising by e-mail if you have expressly confirmed in advance that we can activate the newsletter service. This includes us sending you a notification e-mail and requesting that you confirm that you want to have our newsletter sent to this email address by clicking on a link in said e-mail.
It goes without saying that you can unsubscribe at any time using the cancellation options listed in the newsletter to revoke your consent. You also have the option to unsubscribe from the SATA Newsletter at any time directly via our website.
The legal basis for processing these data is Article 6(1) a) GDPR.
g) Webshop
We will process certain personal data when you visit our webshop. Please note the following in connection with the collection of this data:
Registration / customer account (Art. 6(1) f) GDPR)
We offer our users the option to register by providing certain personal data. Advantages of such registration include the ability to access your order history and to save the data for your order form, meaning that you will not have to enter all your details again and again.
In other words, you need to register so the contract we conclude with you can be fulfilled (via our webshop) or so that we can complete pre-contractual steps (for example when placing an order as a guest).
We comply with the principle of data reduction and data economy by marking any mandatory fields that are required for the registration with an asterisk (*). This means that you will only have to enter your first and surnames, your e-mail address and a password (including a repetition of the password) when creating a user account.
To place an order in our webshop, we also need the billing address (street, house number, post code, town, country and, for some countries, a phone number) as well as information about any specialist dealers near you that is used for statistical purposes. If the delivery address is not identical to the billing address, we will also require the above information for the delivery address.
When registering your details on our website, the IP address of the user and the date and time of registration will also be saved (technical background data). By clicking on the button “Create Account”, you agree to the processing of your data for these purposes.
Please note: The password you enter is saved by us in encrypted form. Employees of our company cannot read this password. This means that they will not be able to assist you if you forget your password.
In this case, please use the “I have forgotten my password” function that will reset your current password and will send you an automatically generated link by e-mail to create a new password. None of our employees are permitted to ask you for your password via phone or in writing. Please never disclose your password should you receive such requests.
Once the registration process is complete, we will save your data in the protected customer area for further use. When you register on our website with your e-mail address as a username and password, the data you have provided will be made available on our website and may be accessed!
Registered individuals can make changes to deliveries / correct the billing or delivery address. You can also add further information such as company name, phone number or VAT ID number to the user account. Changes / corrections can also be made with the help of our customer service team. Needless to say you can also reverse your registration or delete your user account. In this case, your user account will be deleted within three months. Such deletion does not affect any further retention of your personal data if these are subject to legal retention periods.
Ordering from our webshop (Art. 6(1) b) GDPR)
Our webshop offers you a wide selection of products that can be ordered online.
We collect and process the following data when you place an order:
Mandatory information
- E-mail address
- First name and surname
- Street and house number
- Post code and town
- Country
- State (if the selected country is the USA/Canada)
- Phone number (if the selected country is the USA/Canada)
Optional information
- Company
- Phone number (mandatory if the selected country is the USA/Canada)
- VAT ID number (not available for all countries)
We will also collect information about your preferred specialist dealer when you place your order, for statistical purposes.
Information for customers selecting the USA or Canada as their home country:
When selecting the USA/Canada, we will also collect the following information about your local dealer:
- Dealer / company name
- Contact partner or technical agent
- Street, ZIP code, town
- State and country
We will only process the information you provide in your order form to complete your order and fulfil the contract, unless you have agreed to any other use of your information.
For technical reasons and legal protection, we will also process your IP address. Without the information marked as mandatory, we will, unfortunately, have to decline conclusion of the contract, as we cannot fulfil the contract in such case.
Payment systems (Art. 6(1) a), b) GDPR), creditworthiness check (Art. 6(1) f GDPR)
In our webshop, you can pay by credit card or by PayPal. The relevant payment data will be collected to carry out your order and process the payment. For technical reasons and legal protection, we will also process your IP address. The principles of data economy and data reduction are complied with as you only need to provide us with the data we required to process the payment and to fulfil the contract as well as the data we are obliged to collect by law.
Without this data, we will unfortunately have to decline conclusion of the contract, as we would not be able to fulfil the contract.
Our payment system uses SSL-encryption to protect your data during transmission.
Note concerning credit card payments: As is usual with credit card payments, we will check the information associated with the credit card.
Note concerning PayPal: PayPal is a company of PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal , L-2449 Luxembourg. If the data subject selects the PayPal payment option in our online shop when ordering, data of the data subject is automatically passed on to PayPal.
By selecting this payment option, the data subject agrees to a transfer of the personal data required to process the payment. The personal data transferred to PayPal generally include first name, surname, address, e-mail address, IP address, phone number, mobile number or other data that are necessary to process the payment.
Personal data associated with the respective order is also needed to fulfil the sales agreement. Details regarding the privacy policy of PayPal can be accessed via the following link: https://www.paypal.com/de/webapps/mpp/ua/privacy-prev (for the legal position from 25/05/2018).
Configurator Custom Design Gun
Our webshop offers the option to customise your spray gun using our configurator.
You can choose the colour of your spray gun and either download the result as a template or place it directly into your basket.
In general, the configurator can be used without entering personal data, but we will process your IP address for technical reasons and legal protection.
Repair service (Art. 6(1) b) GDPR)
Some country-specific versions of our webshop offer a repair service. This allows you to request a quote for the repair of defective goods via our online form. We collect the following information as part of such repair requests:
Mandatory information
- The information in your user profile
- Product category
- Model
- Description of the issue
- Cancellation policy and waiver of cancellation
Optional information
- SAL number
- Invoice date
- Screenshot of the error message
- Warranty case
- Any uploaded files (e.g. warranty ticket)
The data collected for the repair service will only be processed to fulfil the contract (sending the quote).
h) We collect and process the following data when you order from the marketing catalogue:
- Surname*
- First name*
- Street*
- Postcode*
- Town*
- Country*
- E-mail address*
- SATA Sales Representative
- Item ordered*
- Comments
You can e-mail the completed form to us to place an order from the SATA Marketing Catalogue. In this case, we will process the information provided by you to process and complete your order as per order form. The legal basis for processing these data is Article 6(1) b) GDPR.
i) We collect and process the following data in connection with raffles / consent to advertising:
You can participate in raffles on various channels. If you complete the raffle mask, we will only process the data entered here to carry out the raffle.
The principles of data economy and data reduction are observed as you only need to enter the data we require to carry out the raffle and to notify the winners. Usually, the following data are collected:
- Surname*
- First name*
- Address
- E-mail address* (depending on the means of communication)
- Age*
- If applicable, consent to receiving the newsletter
The mandatory fields are marked with a (*). For technical reasons and legal protection, we will also process your IP address. The other fields are optional and you can complete these if you wish. If you do not complete the mandatory fields, we will not be able to enter you into the raffle. You will then not be able to participate.
The raffle mask also offers you the option to consent to advertising. You can also participate in the raffle without agreeing to advertising.
If you agree to advertising by clicking the respective check box, we also process your data to send you information and offers relating to our products and services by e-mail.
You can revoke your consent at any time without giving reasons by sending an e-mail to info@sata.com, with the self-service form, by clicking on the de-registration link in the newsletter or by post to SATA GmbH & Co. KG, Domertalstraße 20, 70806 Kornwestheim, Germany.
The legal basis for the processing of this data for advertising purposes is Article 6 Paragraph 1 Letter a) GDPR and the legal basis for the competition is Article 6(1) f) GDPR.
j) We collect and process the following data when you create and use an account in the SATA Loyalty App coins & more:
- Title
- First name, surname*
- Date of birth*
- Branch
- Company name*
- FAO
- Delivery address*
- Additional information
- Country
- Region (State / Province / County)
- E-mail address*
- Phone number
- Language (of app content)
Additional data:
- User data (log-in time, time stamps of transactions such as granting permission, IP address, end device manufacturer and model)
- Additional information (optional, such as occupation, usage data of the SATA products)
- Scan / purchase data
- Scan / purchase frequency
- Scope of scan
The SATA Loyalty Program coins & more (“programme”) is a loyalty-based customer retention programme. The operator of the programme, the SATA Loyalty App coins & more (“app”) and the SATA Loyalty Website is SATA GmbH & Co KG (“SATA”).
First and foremost, the programme is subject to the general terms and conditions as amended. The privacy policy below apply additionally for natural persons who take part in the programme (“participants”) and regulate the handling of personal and other data of participants (“participant data”) in connection with the programme. In particular, it specifies which participant data are collected, used and processed in each case, which purposes the data are used for and the rights of the participants in connection with data processing.
Collecting and processing of participant data by SATA
Registration and usage data
When creating a user account in the app, SATA collects the name, date of birth, phone number, e-mail address, industrial sector, app language and address of the participant as well as the name and address of the company for whom the participant works and in connection with which the premium coins are collected and redeemed (“registration data”). SATA uses the registration data for implementing and managing the programme, in particular for SATA coin registration and the sending of rewards. The legal basis for data processing is Article 6(1) f) GDPR. Once your registration is complete, you will also be assigned a unique user ID.
Alongside the registration data, SATA also automatically collects additional participant data via the SATA Loyalty App coins & more in connection with its use, without separate notification of the participant who does not need to actively participate in this process. The data collected include the date and time of the most recent login, changes to the app user account and the IP address used for the most recent login, and the model and manufacturer name of the end device used (“usage data”). SATA uses the usage data to ensure the app works and to improve the app as well as to ensure the security and stability of its IT systems. The IP address of the end device accessing the app is used in case of an attack on the IT systems of SATA or unauthorised use thereof as well as for statistical purposes. The legal basis for data processing in this case is the legitimate interest of SATA to ensure security and functionality of the app in terms of Art.6(1) f) GDPR.
Your user data will be erased or anonymised in the following cases:
If you do not confirm your registration by complying with the instructions in the verification e-mail within 72 hours after receiving it, the user data entered during registration will be anonymised so that you can no longer be identified. Anonymised user accounts will continue to include the following information for statistical purposes: User ID, title, industry sector, country, town (State/Province/Region/County/Bundesland), any permissions granted, transactions including time stamps and SATA-coins as well as any (expired) coin portfolio. It will no longer be possible to retrospectively connect this information to one particular user account.
If you request deletion of your user account or delete the account yourself, any personal data connected to your account will be anonymised within 24 hours, meaning that the data can no longer be used to identify you. Please note that it will no longer be possible to log into your account once the information was anonymised.
The information is also anonymised automatically if no account activity is recorded for a period of 5 years.
If you have sent an enquiry using the contact form in the SATA Loyalty App coins & more, any data included in the enquiry will be erased two months after successful closure of the ticket. User ID, issue and time stamp of the initial customer message will remain on file for statistical purposes. We will no longer be able to trace an enquiry to a specific individual.
User accounts are also deleted if the company for which the user account was created was added to the blocked user list for companies by an authorised individual. In this case, any existing user accounts connected to the company in question will be deleted. If an authorised person submits a request to block an account, the name, e-mail address and company name of this person will be stored for as long as they participate in the SATA Loyalty Program coins & more.
Should the participant have issued his or her prior consent, their registration and usage data will also be processed and used to determine so-called “booster periods”, to draw prizes and to make contact in connection with raffles. “SATA coin-Boosters” are used during events defined by SATA, where several points can be accumulated when scanning a coin or immediate prizes can be awarded during a raffle.
We collect and process the following data in connection with customer enquiries (service e-mails):
When participating in the SATA Loyalty Program coins & more, customers will receive regular service e-mails containing information about transactions affecting the SATA coin balance as well as about the current balance and maintenance cycles. The service e-mails do not contain advertisements.
Data used:
Registration details (see above)
Day the message was sent
The legal basis for sending these service e-mails is the existing relationship with the customer under the SATA Loyalty Program coins & more, Art. 6(1) b) GDPR.
We collect and process the following information in connection with surveys
As a user of the SATA Loyalty Program coins & more, you can participate in surveys. If you do participate, we will only process the data you submit to carry out the survey.
We will use the registration details you have entered when signing up to the SATA Loyalty Program coins & more to carry out the survey.
We will also collect:
The date of participation
Replies to each question (multiple choice)
Number of SATA coins paid as incentive
The legal basis for participation in surveys is your consent in terms of Art. 6(1) a) GDPR. You can revoke your consent at any time by sending an e-mail to INFO(AT)SATA.COM.
If you do withdraw consent, the results of the survey are anonymised so that we can no longer link the results of the survey to your user account. This is also the case if you decide to close your user account or if any of the circumstances causing closure of your account as outlined above materialise.
In some cases, participating in a survey will also enter you into a raffle. Should that be the case, your registration details are also used for the raffle, see Art. 6(1) b) GDPR.
k) Applicant portal
We appreciate your interest in a career with SATA GmbH & Co. KG. We recognise the importance of keeping your data confidential and only process the personal data you provide in the application form to complete the application process effectively and correctly and to get in touch with you during the application process. The data will not be disclosed to third parties without your consent.
Our data protection practices are compliant with the provisions of the GDPR and the German Telemedia Act (TMG). We will only collect, process and save your personal data to process applications. Your data will also and only be used for additional purposes as detailed in your declaration of consent if you agree to such processing of your data, for example to provide you with information concerning offers via newsletter etc. We collect, process and use the following data when you access this website or individual files on the website: IP address, website from which the file was accessed, name of the file, date and time of access, name of your Internet service provider, operating system used, browser type and version, transferred data quantity and report concerning the success of the access (so-called web log). These data are processed to make it possible to use the website (establishment of a connection) and for purposes associated with system security, technical administration of the network infrastructure and to optimise the online content. The data collected as part of this process cannot be traced to a specific person. This means that you as a user remain anonymous. This data is not combined with other data sources.
SATA only uses the personal data you provide when registering with our jobs portal and completing the online form for processing the application and for the hiring process. This also includes the documents that are uploaded to our server, such as school leaving certificates, university certificates, work references and photos. These documents are saved together with your personal data and only used for the application process.
We will only collect, process and use all personal data we receive from you when you use the website for the above purpose. We ensure that this process complies with the respectively applicable legal regulations and only takes place with your consent.
When completing the application form, you will be asked to provide personal data. We comply with the principles of data economy and data reduction as you only have to provide the information we require to fully assess your application documents. These mandatory fields are marked with a star (*). Unfortunately, we cannot assess your application documents without this data. If you do not provide complete data, our application system will not allow you to upload the application documents. It goes without saying that you can also provide voluntary information in the application form.
In detail, the following data will be saved if provided by you - mandatory fields are marked with a star (*). The remaining data are optional:
Personal data
- Title*
- Title
- Surname*
- First name*
- Date of birth*
- Nationality
- Civil status
- Road, house number*
- Postcode*
- Town*
- Telephone number to contact you
- E-mail*
- Current salary
- Salary expectations*
- Reason for changing jobs
Vocational training / university education
- School-leaving qualification
- Final grade*
- Training
- Grade obtained during training
- University education
- Final grade university education
- Notice period*
- Unit notice period*
- Notice effective from*
- Languages spoken
- Fluency
- Abilities
- Attached files
- File (e.g. CV, certificates, …) *
- Description of the file*
To ensure security and confidentiality of your data as best as we can, we implement appropriate security measures. These ensure that your application documents are transferred to us in encrypted form.
We save your data until the application process has been completed for the purposes set out above. The legal basis is Art. 6(1) b) GDPR
You can opt for having your application documents saved for a longer period, allowing them to be considered for other vacant positions that suit your profile.
For this purpose, we require your express consent prior to uploading your application documents. You agree by clicking on the checkbox. In this case, we will save your data for six months. It goes without saying that you can revoke your consent at any time with effect for the future without giving reasons by phone at +49 (7154)-811-0, by sending an e-mail to personal(at)sata.com or by post to SATA GmbH & Co. KG, Domertalstraße 20, 70806 Kornwestheim, Germany.
The legal basis for storing your application data for an extended period of time is Art. 6(1) a) GDPR.
Should we (the data controller) conclude an employment contract with you (the applicant), the data that has been transferred will be saved for the purpose of fulfilling the employment relationship in compliance with statutory regulations (see Article 88(1) GDPR and § 26 of the German Federal Data Protection Act - BDSG, new version). Should no employment contract be concluded with you (the applicant) and should you have revoked any consent which you have given, your application documents will be deleted automatically three months after notification of the rejection, provided that no other legitimate interests on our part prevent a deletion or unless there is a legal basis for saving the files for a longer period. Such an additional legitimate interest is, for example, burden of proof in legal proceedings in accordance with the General German Law relating to Equal Treatment (AGG).
l) Nozzle Finder app
When using the Düsenfinder (Nozzle Finder) app, we collect and process the following information:
- Language used
- Selected nozzle
- Selected system (metric/imperial)
- The user behaviour regarding Firebase features (section 14.)
The Nozzle Finder ("Düsenfinder") is the app for a fast, simple and in-depth selection of the nozzle matching your SATAjet X 5500.
If you have given your consent, the data is recorded and processed for the optimisation of the app and for an improved user experience. The legal basis for processing these data is Article 6(1) a) GDPR. You can revoke consent at any time in the app settings.
m) Dealer and Importer Search
When using the Dealer and Importer Search, we record and process the following information:
- Once you have entered your town or post code into the search bar, we will use this information to list suitable contacts near you.
- You can also choose to have your location determined automatically by clicking on “determine exact location”; this feature can only be used if your device is allowed to access your location.
In this case, your geographical coordinates will be processed to determine your location as accurately as possible and to list suitable contacts near you.
We offer you this service through Google Maps (section 14.)
The legal basis for the processing of these data is your consent in terms of Art. 6(1) a) GDPR.
n) Customer database
We use leading and state-of-the-art software tools to manage our customer relations, for example in regard to consent or our customer loyalty programme. As set out in the contract, all data is stored on servers in the European Union.
The systems store the following information:
- Title
- First name, surname*
- Date of birth*
- Industry
- Company name*
- FAO
- Delivery address*
- Additional information
- Country
- Region
- E-mail address*
- Phone number
- Language (of the app)
Additional data:
- Usage data (log in time, time stamps of transactions such as granting permission)
- Additional information (optional, such as occupation, usage data of the SATA products)
- Scan / purchase data
- Scan / purchase frequency
- Scope of scan
12. Automated decision making in individual cases
We do not currently use purely automated processing to make decisions.
13. Cookies (Article 6(1) f) GDPR / Article 6(1) a) GDPR for consent)
Our website uses so-called cookies at various points. Their purpose is making our service more user friendly, more effective and more secure. Cookies are small text files that are placed and saved on your end device.
With these cookies, we are able to analyse how users use our website. The cookies enable us to tailor the website content to the needs of our users. By using cookies, we are also able to measure the effectiveness of a specific advert and, for example, can place these depending on the thematic interests of our users. The legal basis for this is Article 6(1) f) GDPR and, if consent was granted, Article 6(1) a) GDPR.
We also use the following third party cookies:
Third party cookies:
These types of cookies are managed by third party providers. Third party providers are those who integrate advertising banners into other websites, especially publishers. For example, they use cookies to communicate that one of their advertisement banners led to a purchase (such as conversion tracking).
So-called temporary / permanent cookies are used for this purpose that are automatically deleted after a specified time (usually 6 months). These temporary or permanent cookies are saved on your end device and delete themselves after the specified time. The cookies of our partner companies also only contain pseudonymised and usually anonymised data. These enable our partner companies to trace which products you have viewed, whether a purchase was made, which products were searched for etc. In this case, our advertising partners also record information beyond the websites e.g. which sites you have previously visited or which products were of interest to you. This enables the placement of customised advertising. These pseudonymised data are never combined with your personal data.
Most web browsers accept cookies automatically. It goes without saying that you can also deactivate, restrict or delete cookies on your end device manually via your browser settings or with a software.
Please note: Should you deactivate the placing of cookies, you may not be able to use all functions of our website.
Cookies which are necessary to carry out the electronic communication process or to provide certain functions requested by you are saved in accordance with Article 6(1) f) GDPR. We have a legitimate interest in saving cookies to provide technically correct and optimised operation of our services.
Otherwise, the legal basis is Article 6(1) a) GDPR if consent was granted.
14. User profiles / webtracking procedures
a) Matomo
Subject to your consent (Art. 6(1) a) GDPR), our website uses the service “Matomo” (formerly “Piwik”), an OpenSource web analysis service of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo stores cookies on your end device that allow an analysis of how you use our website. By using Matomo, we can analyse how our website and its individual features and offers are used so that the user experience can be improved continuously. For data protection reasons, all data we collect will be stored locally only. You may withdraw your consent to the use of Matomo at any time:
- two bytes of the IP address of the user accessing the system
- the accessed website
- the website referring the user to the accessed website (referrer)
- the subpages accessed from the accessed website
- time spent on the website
- number of times the website is accessed
We use Matomo with the setting “Anonymize Visitors’ IP addresses”. This means that IP addresses will be processed in a shortened form, making it impossible to link them to a particular individual. The software is configured to only save partial IP addresses by masking 2 bytes of the IP address. This makes it impossible to trace the shortened IP address to the accessing computer. The IP address transferred by your browser via Matomo will not be combined with other data we collect.
b) Friendly Captcha
We use the service Friendly Captcha to protect our website against SPAM. Friendly Captcha is a Proof-of-Work-based anti-bot solution with the device of the user doing all the work. We generate a unique crypto puzzle for each visitor. Solving the puzzle only takes a few seconds and is done while the user enters their data into their online form. Using Friendly Captcha does not place cookies on the end device of the user. The legal basis for the use of this service is our legitimate interest to protect our website against SPAM, Art. 6(1) f) GDPR. You can find more information about the privacy policy of Friendly Captcha under https://friendlycaptcha.com/privacy/.
c) Matomo Tag Manager
This website uses the Matomo Tag Manager. This service allows management of website tags via an interface. The Matomo Tag Manager only implements tags but does not place cookies and does not collect personal data. The Matomo Tag Manager triggers other tags that will potentially collect data but it does not access such data. For data protection reasons, we also only host the Matomo Tag Manager locally. Being a technologically necessary service, our legitimate interest (Art. 6(1) f) GDPR) in using the Matomo Tag Managers is the availability and operation of our website within legal frameworks.
d) Facebook Custom Audiences (“visitor action pixel”)
This website uses the so-called “Facebook pixel” of the social network Facebook which is operated by Facebook Inc, 1 Hacker Way, Menlo Park, CA 94025, USA or should you be resident in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
The legal basis for data processing is your consent in terms of Art. 6(1) a) GDPR. You can withdraw consent at any time.
Using the pixels enables us to track the behaviour of website visitors whenever they have been forwarded to the provider’s website by clicking on a Facebook ad.
This allows for the effectiveness of Facebook ads to be analysed for statistical and market-research purposes and to be optimised for future marketing measures. The data is, however, stored and processed by Facebook, so that a connection to the appropriate user profile is possible and Facebook can use the data for its own advertising purposes in accordance with Facebook’s data policy.
You can allow Facebook and its partners to display adverts on and outside Facebook. A cookie can be saved on your computer for these purposes. We use the Facebook pixel only to display our adverts for those users who have visited our website or who show certain characteristics that we disclose to Facebook. With the assistance of the Facebook pixel, Facebook can identify our website visitors as a target group for adverts.
Personal data may be transferred to the USA by Facebook Inc., meaning that your data are at risk of being processed by US authorities for control and monitoring purposes without you being entitled to any legal remedies. But we will take all feasible measures and measures required under data protection law pursuant to Art. 44 et seq. GDPR to achieve adequate data protection in the third country.
With the assistance of the Facebook pixel, your behaviour on multiple sites can be traced, once you have viewed or clicked on a Facebook advert. The purpose of this process is to evaluate the effectiveness of the Facebook adverts for statistical and market research purposes to help optimise future advertising measures.
Facebook processes data in accordance with the Facebook data usage policy:https://www.facebook.com/policy. Detailed information concerning the Facebook pixel and its functionality can be found here: https://www.facebook.com/business/help/651294705016616.
e) Firebase
When using the SATA-Loyalty app coins & more or the Nozzle Finder app, we will use the service Firebase to analyse user behaviour if you have granted permission in your app settings. The legal basis for the collection of data is Art. 6(1) f) GDPR.
You can prevent placement of cookies at any time by selecting the relevant settings in your app; however please note that you may not be able to use all of the functions of this app in this case.
You can find further information under http://www.google.com/intl/de/analytics/privacyoverview.html (general information concerning Firebase and data protection).
Please note that in the app, Firebase has been extended by the gat._anonymizeIp(); code to guarantee an anonymised collection of IP addresses (so-called IP masking). This means that Google will only collect your IP address in shortened form as per our instructions, which guarantees anonymisation and means that your identity cannot be traced. When activating IP anonymisation in our app, your IP address will first by shortened by Google within Member States of the European Union or other Member States of the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. This includes a transfer of personal data to a third country, meaning that your data are at risk of being processed by US authorities for control and monitoring purposes without you being entitled to any legal remedies. But we will take all feasible measures and measures required under data protection law pursuant to Art. 44 et seq. GDPR to achieve adequate data protection in the third country.
f) Double Click
This website uses Doubleclick of Google. Doubleclick is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Doubleclick uses cookies to show you customised adverts. To do so, your browser is assigned a pseudonymised identification number that is used to check which ads are shown and/or clicked. Doubleclick cookies allow Google and its partners to show ads based on previously visited websites. Any information collected as part of this process is transferred to Google servers in the USA and stored for analysis purposes. If IP anonymisation is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the European Economic Area. Data will only be transmitted to third parties where legal regulations so require or if we have concluded a contract for data processing. The data will not be combined with any other data collected by Google.
The legal basis for data processing is your consent in terms of Art. 6(1) a) GDPR. You can withdraw consent at any time.
We will delete or anonymise the data collected through Google Analytics once we no longer require them for our purposes. This will be the case after 14 months.
g) Google Maps
Our website uses Google Maps (API) of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). To ensure data protection, Google Maps is deactivated when you visit our website for the first time. A direct connection to the Google servers is only established if you activate Google Maps (consent in terms of Art. 6(1) a) GDPR). You can withdraw consent at any time.
This is to prevent any transmission of your data to Google when you visit our website for the first time. Once activated, Google Maps will save your IP address. It is usually transmitted to a Google server in the USA and stored there. This includes a transfer of personal data to a third country, meaning that your data are at risk of being processed by US authorities for control and monitoring purposes without you being entitled to any legal remedies. But we will take all feasible measures and measures required under data protection law pursuant to Art. 44 et seq. GDPR to achieve adequate data protection in the third country. You can find more information about how Google processes user data in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.
h) YouTube Embeds
We have embedded videos hosted on the platform YouTube on this website (embeds). This always includes a transfer of data to the server hosting that platform. Such processing is based on your consent that you may withdraw at any time.
Embedding YouTube videos is done using a technological process called Framing. Framing means that by simply embedding a HTML link provided by YouTube into the coding of a website a frame is generated on the third party website, allowing for playing videos stored on the YouTube servers.
We use the framing codes generated by YouTube in their so-called “advanced data protection mode”. According to information provided by YouTube, this mode ensures that cookie activities and any data collection initiated as a result will only start once the video is actually played. The collection of data when simply accessing a website with framed content is not possible in this mode.
To be able to play YouTube content, we require your consent (Art. 6(1) a) GDPR) that you can grant by using the button embedded into the videos itself, if you haven’t already done so when selecting your cookies. Please note that your IP address will be transmitted to YouTube (YouTube, LLC 901 Cherry Ave. San Bruno, CA 94066 USA) and that the provider will place cookies in your browser. This includes a transfer of personal data to an insecure third country, meaning that your data are at risk of being processed by US authorities for control and monitoring purposes without you being entitled to any legal remedies. But we will take all feasible measures and measures required under data protection law pursuant to Art. 44 et seq. GDPR to achieve adequate data protection in the third country.
For your convenience, we will store your consent for 132 days using a so-called Local Storage Object that we save in your browser.
i) Vimeo Embeds
In addition to YouTube embeds, some parts of our website also include videos of the platform Vimeo. Again, data will be transferred to the Vimeo server. Such processing is based on your consent that you may withdraw at any time.
To be able to play Vimeo content, we require your consent (Art. 6(1) a) GDPR) that you can grant by using the button embedded into the videos itself, if you haven’t already done so when selecting your cookies. Please note that your IP address will be transmitted to Vimeo (Vimeo, LLC555 West 18th Street New York, NY 10011, United States) and that the provider will place cookies in your browser. This includes a transfer of personal data to an insecure third country, meaning that your data are at risk of being processed by US authorities for control and monitoring purposes without you being entitled to any legal remedies. But we will take all feasible measures and measures required under data protection law pursuant to Art. 44 et seq. GDPR to achieve adequate data protection in the third country.
For your convenience, we will store your consent for 132 days using a so-called Local Storage Object that we save in your browser.
j) Embedded fonts
This website uses external fonts of Google Fonts and Font Awesome. Google Fonts is a service of Google Inc. ("Google"), Font Awesome is a service of Fonticons, Inc. These web fonts are only embedded locally for data protection reasons. No data is transmitted to third parties.
Our use of Google Fonts and Font Awesome is based on our interest to present our online services in a uniform and appealing form. This constitutes a legitimate interest within the meaning of Art. 6(1) first sentence, f) GDPR.
k) New Relic
Our website uses the “New Relic” service of New Relic, Inc., 188 Spear Street, Suite 1200, San Francisco, CA 94105.
This service enables us to analyse and assess user behaviour and the activities of visitors to our website. The analysis of the data that is collected helps us to optimise our content and to improve user friendliness.
The legal basis for processing your personal data is your consent in terms of Art. 6(1) a) GDPR. You can withdraw consent at any time.
We will delete or anonymise the data collected through New Relic once we no longer require them for our purposes. This will be the case after 4 months.
Please note that this includes a transfer of personal data to a third country, meaning that your data are at risk of being processed by US authorities for control and monitoring purposes without you being entitled to any legal remedies. But we will take all feasible measures and measures required under data protection law pursuant to Art. 44 et seq. GDPR to achieve adequate data protection in the third country.
l) Google Ads Remarketing / Google Ads Conversion Tracking
Our website uses the Remarketing feature of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). The Remarketing function allows us to show those who have visited our website interest-based adverts on other websites within the Google advertisement network (during a Google search or on YouTube, so-called “Google Ads” or on other websites). The interaction of the users on our website is analysed for this purpose, e.g. in which offers the user was interested in, so that customised advertisements can be shown to users on other pages after they have used our website.
To do this, Google stores a number in the browsers of users who visit certain Google services or websites in the Google display network. This number, known as a “cookie”, is used to record the visits of these users. This number is used to identify a web browser on a particular device and not to identify a person. We collect and process the following data as part of Google Ads Remarketing: Websites visited, IP address, duration of visit, other information about the use of websites, content on interests of the user.
We also use the advertisement service Google Ads Conversion Tracking of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). The types Display Network, Shopping and Search that we activated measure the interactions between you and adverts placed by Google.
This works by placing a cookie every time you click on an advert placed by Google. This cookie then traces your further activity regarding the advertised product (Conversion Tracking). This information helps us to measure how effective our advertisement campaigns are. We collect the following data: Adverts you clicked, IP address, web request, usage data, cookie ID, date and time of your visit, cookie information, error URL, browser language, browser type.
These Google services are used based on your consent in terms of Art. 6(1), first sentence a) GDPR. You can withdraw consent at any time.
Any withdrawal of consent only applies to the end device and the web browser on which the cookie is placed; if necessary, please repeat this step on all your devices. If you delete the opt-out cookie, you will be asked for consent to data transfer again.
You can also change your browser setting to eliminate third-party adverts. Another option is a plug in for most conventional web browsers, which you can find here: Https://support.google.com/ads/answer/7395996.. Once installed, you can use this plug in to prevent Google tracking permanently.
Your data is sent to Google for analysis. If you have a Google account, Google may also combine the data it collected as part of its tracking. This includes a transfer of personal data to a third country, meaning that your data are at risk of being processed by US authorities for control and monitoring purposes without you being entitled to any legal remedies. But we will take all feasible measures and measures required under data protection law pursuant to Art. 44 et seq. GDPR to achieve adequate data protection in the third country.
The data collected through this feature will be deleted once they are no longer required for our purposes. Usually, this is the case after 183 days.
Please find more information about Google and Google’s privacy policy under: www.google.com/privacy/ads
15. Links to social networks
Social networks with links to the SATA Website
On our websites, you can find links to the social media services of Facebook, Instagram and YouTube. You can recognise links to social media websites by the respective company logo. If you follow these links, you will be redirected to our company page with the social media service in question. When clicking a social media link, a connection to the servers of that service will be established. This alerts the servers of the social media provider that you have visited our website. Other data are transmitted to the service provider as well. This includes, for example:
- Address of the website on which the activated link can be found
- Date and time the website was accessed and the link activated
- Information about the browser and operating system used
- IP address
Should you already be logged into the social media service at the time of activating the link, the social media service provider can use the transferred data to find your user name and possibly your real name and can combine this information with your personal user account with the social media service. You can prevent such connection to your personal user account by logging out of your user account first.
The servers of the social media service are located in the USA and other countries outside of the European Union. This means that the social media service provider can also process data in countries outside of the European Union. Please bear in mind that companies in these countries are subject to data protection legislation that does not guarantee the same level of data protection as the laws in the Member States of the European Union.
Please be aware that we have no influence over the scope, type and purpose of the data processed by the social media service providers. More detailed information concerning the use of your data by social media services integrated into our website can be found in the privacy policy of the respective social media service provider.
Social networks not integrated into the SATA website
We also have company accounts with the social networks LinkedIn and Xing. There are no direct links to these platforms on our website but you can find our page when searching on the platforms directly.
When visiting our company profile on one of these social networks, a connection is established to the servers of that service. This alerts the servers of the social media provider that you have visited our company profile on those services. Other data are transmitted to the service provider as well. This includes, for example:
- Date and time the website was accessed
- Information about the browser and operating system used
- IP address
The servers of the social media service are located in the USA and other countries outside of the European Union. This means that the social media service provider can also process data in countries outside of the European Union. Please bear in mind that companies in these countries are subject to data protection legislation that does not guarantee the same level of data protection as the laws in the Member States of the European Union.
Please be aware that we have no influence over the scope, type and purpose of the data processed by the social media service providers. More detailed information concerning the use of your data by social media services integrated into our website can be found in the privacy policy of the respective social media service provider.
16. Data protection policy / data protection information relating to social media
SATA GmbH & Co. KG maintains a social media presence. Where we control the processing of your data, we ensure that the applicable data protection provisions are complied with.
Below, you can find the most important information relating to data protection laws in connection with our Internet presence.
Name and address of the controller responsible for operation
In addition to SATA GmbH & Co. KG, the following are responsible for the corporate presence in terms of the GDPR and other provisions under data protection laws:
- Facebook
(Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) - Instagram
(Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) - YouTube
(Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland) - LinkedIn
(LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) - Xing
(XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)
However, you use these platforms and functions under your own responsibility. This applies in particular to any use of interactive functions (for example submitting comments, sharing, rating).
Please also note that in such a case, your data may be processed outside of the European Union.
Purpose and legal basis
We maintain fan sites to communicate with the visitors to these sites and to provide you with information about our products and services via these channels.
We also collect data for statistical purposes to further develop and optimise the content and to make our service more attractive. The data required for this purpose (for example total number of site accesses, site activities and data provided by the visitors, interactions) is processed by the social networks and then made available. We have no control over generation and display thereof.
In addition, the social media sites and SATA GmbH & Co. KG process your personal data for market research and advertising purposes. This allows, for example, for the creation of user profiles based on your user behaviour and the interest you have shown. This makes it possible to display adverts that we believe to meet your interests on the platforms and elsewhere. Usually, cookies are saved on your computer for this purpose. Regardless of the above, data which is not directly collected from your end devices can also be saved in your use profiles. Saving and analysis also take place across devices. This is especially but not only the case if you are registered as a member and logged into the respective platforms.
SATA GmbH & Co. KG processes your personal data in accordance with our legitimate interest concerning effective information and communication under Article 6(1) f) GDPR.
Should you be asked if you agree to data processing, i.e. if you agree by clicking a button or similar (opt-in), the legal basis for processing is Article 6(1) a) and Article 7 GDPR.
Your rights / option to objecting
If you are a member of a social network and do not wish the network to collect data relating to you via our online presence and to connect this information to your data saved in the respective network, you must
- log out of the respective network before visiting our fan site,
- delete the cookies on the device and
- close and re-launch your browser.
After a new login, the network can once again recognise you as a specific user.
Please see the information linked below for detailed information about processing and options to object (opt-out):
- Facebook
Privacy policy: https://www.facebook.com/about/privacy/
Opt out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com - Instagram
Privacy policy: https://help.instagram.com/519522125107875
Opt out:http://www.networkadvertising.org/managing/opt_out.asp and http://www.youronlinechoices.com - YouTube
Privacy policy: https://policies.google.com/privacy
Opt out: https://tools.google.com/dlpage/gaoptout?hl=de and http://www.youronlinechoices.com - LinkedIn
Privacy policy: https://policies.google.com/privacy
Opt out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out - XING
Privacy policy / opt out: https://privacy.xing.com/de/datenschutzerklaerung
You have the following rights in regard to the processing of your personal data: Right of information; right of rectification; right of erasure; right to have processing restricted; right of objection; right of data portability; right to complain to the responsible data protection authority about any unlawful processing of your personal data.
However, as SATA GmbH & Co. KG does not have full access to your personal data, you should also contact the social media providers directly if you want to exercise your rights as these have access to the personal data of their users and can take the necessary measures and provide information.
However, should you require assistance, we will of course attempt to provide support. Please contact datenschutz@sata.com
Additional information
Information about copyright and art copyright
If you would like to publish pictures, texts, plans, videos, music and similar on our website, please be aware that you may be assigning all rights of use to the network, which may ultimately lead to legal consequences for you if you are not the author or owner of the rights.
17. Data security and data protection, communication by email
All technical and organisational measures are taken to ensure that your personal data is saved in such a way that they cannot be accessed by third parties. We cannot guarantee that any data communicated by e-mail is fully protected. We would therefore recommend using the postal services when sending information that requires a high degree of confidentiality.
18. Mobile apps of SATA (for example Loyalty-App, SATA-App)
We also offer part of our services for mobile end devices via the SATA apps. All integrated data processing procedures, i.e. collecting, storing and processing of data, are in line with the procedures and systems set out in the privacy policy.
Our apps also require permissions to make certain features available. These are the following in particular:
Camera: Our apps require access to the camera for the user to be able to use the barcode scanner function. The camera is only used to scan barcodes.
Internal device memory: Our apps require access to the internal device memory to be able to store app content temporarily or to change and delete it. We do not collect any data from the internal memory of your device.
Network and WLan: Our apps require access to your telecommunications connection, your WiFi / WLan and your network for you to be able to receive data from our apps and our website and to regularly update your content.
19. Links to other providers
Our website also contains links to the online presences of other companies. These are clearly labelled. Where we provide links to websites of other providers, we have no influence on their content. We can therefore not assume any guarantee or liability for such content. It is always the respective provider or operator of the website who is responsible for their content.
The linked websites were checked for potential and obvious violations of the law at the time we included the link. At the time we included the link, there was no unlawful content. However, without concrete evidence of legal violations, we cannot be reasonably expected to check content on a permanent basis. Should we become aware of legal violations, such links will be removed immediately.
20. Scope, validity and updates of the privacy policy
By using our services, you agree to your data being used as described above. The currently valid privacy policy was updated on 10 June 2021.
It may be necessary to amend this privacy policy so that it reflects the further development of our website or the implementation of new technologies. SATA GmbH & Co. KG reserves the right to amend the privacy policy at any time with effect for the future. The privacy policy as amended can be accessed on our website at any time under data protection policy. Please familiarise yourself with the current privacy policy.
***************
Version: 10.06.2021