This site uses cookies. By accepting cookies you can optimize your browsing experience. Please read our Cookie Policy for more information.

Sto data protection notice

Privacy statement

A. Data controller

The data controller responsible for the personal data processed on this website in accordance with the provisions of the General Data Protection Regulation (GDPR) is:

Sto SE & Co. KGaA

Ehrenbachstr. 1

79780 Stühlingen, Germany

Tel.: +49 77 44 57-0

Web: https://www.sto.de

E-mail: infoservice@sto.com

Our data protection officer:

datenschutzbeauftragter@sto.com

This privacy statement explains how we process your personal data (hereinafter referred to as “data”).

B. Data processing

We process personal data as part of the operation of our website. Data processing also includes disclosure by transmission.

The EU-US Privacy Shield framework agreed by the EU Commission makes provision for the protection of data transferred to the USA. In the framework agreement, the Commission certifies that the guarantees for data transfer to the USA based on the EU-US Privacy Shield meet the same data protection standards as in the EU. Insofar as we transfer data to the USA, we have identified that our service providers participate in the EU-US Privacy Shield.

The specific items of data affected, purposes of processing, legal bases, recipients, and transfers to non-member countries are listed below:

a) Log file

We log your visits to our website. In so doing we process the following data: the name of the web page you visited, the date and time you visited the page, the amount of data transferred, the browser type and version, the operating system you used, the referrer URL (the previous website you visited), your IP address, and the requesting provider. This is necessary in order to keep our website secure. We process the aforementioned data on the basis of our legitimate interests in accordance with Article 6, Paragraph 1 (f) of the GDPR. The log file is deleted after a period of seven days unless it is required to verify actual legal infringements that become known during this period.

b) Hosting

In the context of hosing, all data processed in association with the operation of this website is saved. This is necessary in order for our website to operate. We process the aforementioned data on the basis of our legitimate interests in accordance with Article 6, Paragraph 1 (f) of the GDPR. To maintain our online presence, we use the services of web hosting providers, to whom we transfer the aforementioned data.

c) Establishing contact

If you establish contact with us, your data (name, contact details, if you provide them) and your message will be processed exclusively for the purposes of dealing with your request. We process this data on the basis of Article 6, Paragraph 1 (b) of the GDPR or Article 6, Paragraph 1 (f) of the GDPR, in order to deal with your request.

d) Newsletter

We offer you the option of receiving a newsletter so that we can share with you regular information about our organisation and our offers. If you subscribe to our newsletter, we will process the data you provide when doing so (e-mail address and other information shared voluntarily).

The sending of the newsletter via subscription is based on your consent in accordance with Article 6, Paragraph 1 (a) of the GDPR.

Subscription to the newsletter is based on what is known as the double opt-in method. To prevent abuse, once you have subscribed, we will send you an e-mail asking you to confirm your subscription. Your subscription is logged so that we can verify that the subscription process complies with legal requirements. The log entry records the time and date you initially subscribed and the time and date you confirmed your subscription, along with your IP address.

e) Website analysis and marketing

We use cookies in order to enable the use of certain functions. Cookies are small data packages stored on your device which are exchanged with other providers. Some of the cookies we use are deleted immediately after you close your browser (these are known as session cookies). Other cookies remain on your device, enabling your browser to be recognised the next time you visit our website (persistent cookies).

You can delete all cookies stored on your device and configure commonly used browsers to prevent cookies from being saved.

If you choose to do this, you might have to make some settings again every time you visit this website; this may impair the operation of some of its functions.

We use cookies in conjunction with the following functionalities:

AT Internet

This website uses a web analysis service provided by AT Internet. Cookies placed on your web browser by AT Internet allow us to process the following data: the date and time at which the page was accessed, the website address of the referring website, the file retrieved, the HTTP response code, browser type and version, width and height of the browser window, colour depth, operating system as well as your IP address. We collect and use the data for the purposes of statistical analysis to help us improve our service, for example. The data we obtain in this way is processed on the basis of our overriding interest in optimising the marketing of our online content in accordance with Article 6, Paragraph 1 (f) of the GDPR.

We would like to point out that the IP address is immediately anonymised after collection by the data collection server of the tool provider and before it is processed further. Data from the data collection server is deleted within 24 hours. Therefore, your complete IP address is neither stored permanently nor used in conjunction with other usage data. This data is stored separately from other data that you enter whilst using our service. We cannot attribute this data to a specific person. For further information, please see the data protection regulations set out by the service provider AT Internet: https://www.atinternet.com/de/unternehmen/datenschutz/

If you do not wish to consent to your website visit being tracked and want to prevent AT Internet from collecting your data, you can opt out here: http://www.xiti.com/de/optout.aspx

f) Integration of external content

We use external dynamic content to optimise the appearance and content of our website. When you visit our website, a request is sent automatically to the corresponding content provider's website via API. Certain log data (e.g. the user's IP addresses) is transferred in this request. The dynamic content is then transferred to our website, where it is displayed.

We use external content in conjunction with the following functionalities:

aa) Integration of YouTube videos

We have integrated videos from the YouTube portal operated by YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA (“YouTube”) into our website. When videos are played back, log data is transferred to YouTube's servers in the USA. This data is processed on the basis of our overriding legitimate interests in optimising the marketing of our offer in accordance with Article 6, Paragraph 1 (f) of the GDPR.

YouTube is certified under: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

More information is available at: https://policies.google.com/privacy?hl=de&gl=de

bb) Google Maps

We use Google's “Google Maps” to provide you with an interactive map. When the map is displayed, data including your IP address and location is transferred to Google's servers in the USA and stored there. This data is processed on the basis of our overriding legitimate interests in optimising the marketing of our offer in accordance with Article 6, Paragraph 1 (f) of the GDPR.

Google is certified under:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

More information about data protection is available at: https://policies.google.com/privacy?hl=de&gl=de

g) Social plug-ins

We use third-party providers' plug-ins on our websites. They enable you to let your contacts know if you like our online content, as well as to post links to it or share content. The plug-ins are identified by the logo of the corresponding third-party provider.

When you visit our site, your data is transferred to that third-party provider.

If you are also a user registered with a third-party provider, this data can be assigned to the user account you hold with the provider.

This data may also be transferred to the third-party provider even if you are not registered as a user with that third-party provider and do not click the plug-in on our web pages.

However, if data is transferred and you do not register as a user with the third-party provider at the same time, it is not instantly possible to make a direct personal link to you on the basis of the IP address, for example; this would require the provision of information from your provider.

The purpose and scope of data processing by the third-party provider will be outlined in the provider's privacy policy.

This data is processed on the basis of our overriding legitimate interests in optimising the marketing of our online content in accordance with Article 6, Paragraph 1 (f) of the GDPR.

Plug-ins from the following providers are used on our website:

• Facebook plug-in, Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Certified under: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

More information is available at: https://www.facebook.com/privacy/explanation

• Twitter plug-in, Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland.

Certified under: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

More information is available at: https://twitter.com/de/privacy

• Google+ plug-in, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA

Certified under: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

More information is available at: https://policies.google.com/privacy?hl=de&gl=de

• YouTube plug-in, Google Inc., headquartered in San Bruno, California, USA

Certified under: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

More information is available at: https://policies.google.com/privacy?hl=de&gl=de

• Xing plug-in, XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

More information is available at: https://www.xing.com/privacy

• LinkedIN plug-in, LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale CA 94085 USA

More information is available at: https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy

Certified under:

https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

• AddThis plug-in, Oracle America Inc., 500 Oracle Parkway, Redwood Shores, CA 94065, USA.

More information is available at: http://www.addthis.com/privacy/privacy-policy

Certified under:

https://www.privacyshield.gov/participant?id=a2zt00000000181AAA&status=Active

C. Data storage duration

We save personal data only for as long as is necessary for the purposes for which it is being processed or until you withdraw your consent. Insofar as statutory retention requirements need to be complied with, the retention period for certain data can be up to 10 years, regardless of the purposes for which the data is being processed.

D. Your rights as a data subject

a) Information and access

You can request information free of charge at any time about all personal data we are holding for you.

b) Rectification, erasure, restriction of processing (blocking), objection

If you no longer agree to your personal data being stored or if your personal data is no longer correct, on receipt of a corresponding instruction from you, we will have your data deleted or blocked or make the necessary corrections (insofar as this is possible under applicable law). The same applies if we are to restrict the processing of your data in the future.

c) Data portability

On request we will provide your data to you in a commonly-used, structured, and machine-readable format so that you can transfer this data to another controller should you wish to do so.

d) Right to lodge a complaint

Users have the right to lodge a complaint with a supervisory authority:

(https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html).

e) Right to withdraw consent with effect for the future

You can withdraw consent with effect for the future at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

f) Restrictions

The above rights do not apply to data where we are not able to identify the data subject (if the data has been anonymised for analysis purposes, for example). It may be possible for you to exercise your right to access/be informed, right to erasure, right to block, right to rectification, or transfer to another organisation in relation to this data if you provide us with additional information that will enable us to identify you.

g) Exercising your rights as a data subject

If you have any questions about the processing of your personal data or if you wish to exercise your right to access/be informed, right to rectification, right to block, right to object, or right to erasure, or should you wish to submit a request for your data to be transferred to another organisation, please contact infoservice@sto.com.

LEFT OFFCANVAS AREA - 2000px height
RIGHT OFFCANVAS AREA