Data Processing Notice for STEINEL Solutions AG direct customers

1. Name and contact details of the data processing Controller and the company’s Data Protection Officer

This Data Protection Notice applies to the processing of data by STEINEL Solutions AG; Allmeindstrasse 10, 8840 Einsiedeln, Switzerland (hereinafter: Steinel) in its role as Controller as per Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR) and Articles 19 and 20 of the Swiss Federal Act on Data Protection (FADP). 
Steinel’s Data Protection Officer can be contacted at the above address, attention Abteilung Datenschutz (Data Protection Department), or at datenschutz@steinel.de.


2. Collection and storage of personal data, type and purpose, and use thereof

We will receive and process personal data pertaining to you if you are one of our customers or suppliers, use our products or services, express interest in our products or services, are in an employment or other working relationship with one of our customers or suppliers, or work for someone who uses our products or services. If you work for someone whom we wish to enlist to showcase or market our products, we will have received your data either from you directly or via a third party.

We collect and process the following types of personal data:
Basic data (name, address).
Contact details (email, telephone numbers).
Content data (text entered, photography, videos).
Usage data (websites visited, interest in content, times of access).
Meta/communication data (device information, IP addresses).

In addition to this, we may also process other data comparable to the aforementioned categories.

We also save data in server log files that are collected and automatically saved by the provider; most of this data is transmitted to us by your browser. This includes:
Referrer URL
Host name of the device used to access our site
Date and time of the server request
Name of the requested file
Page from which the file in question was requested
Browser and operating system used
(Full) IP address of the device from which the request was sent
Volume of data transferred

In some cases, we may also collect other data comparable to the aforementioned categories.
The legal basis for the temporary storage of this data/the log files is provided by Art. 6, Para. 1(f) of the GDPR and Art. 31 of the FDPA. We collect the data listed above for the purpose of ensuring that users can establish a connection to the Steinel Group’s website smoothly and use the website without inconvenience. The log file is used to assess system security and stability, and also for administrative purposes.

3. Legal basis for data processing

The provider and the third parties acting on the provider’s behalf are only permitted to process personal data in Switzerland, a European Union (EU) member state, or a state that is party to the European Economic Area (EEA) Agreement. 

The provider undertakes to process personal data and the results of processing exclusively within the limits set by the customer. Should the provider receive an order from the authorities to disclose the customer’s data, the provider must, if permissible, inform the customer without delay of this order and refer the authority in question to the customer.
In all cases, the provider is responsible for adherence to and implementation of the legal requirements with regard to guaranteeing an adequate level of security for all data processing and data movement.
You have the right, at any time and free of charge, to receive information regarding the origin, recipients and purpose of the stored personal data pertaining to you. Furthermore, you have the right to demand the correction or erasure of said data. If you have provided your consent to the processing of your data, you can revoke this consent at any time, effective for the future. In certain circumstances, you also have the right to demand that the processing of your personal data be restricted. Furthermore, you have the right to lodge a complaint with the responsible supervisory authority.


4. Retention period for collected data

Where no specific retention period is specified, we will retain your personal data until such time as the purpose for the data processing ceases to apply. Should you submit a justified claim for erasure or revoke your consent to the processing of your data, your data will be erased unless we have any other legally permissible grounds on which to store your personal data (e.g. retention periods under tax or trade law); in the latter case, your data will be erased once such grounds no longer apply.

5. Passing on of data to third parties

Depending on the case in question, we process and save personal data primarily in Switzerland and the European Economic Area (EEA) – via subcontracted processors working for our service partners or as part of cases being tried before foreign courts or authorities, for example; however, we may potentially process and save personal data in any country in the world. Your personal data may also end up in any country in the world in the course of our work for our clients.
Should a recipient of your personal data be based in a country with insufficient data protection laws, we will ensure that said recipient is contractually obliged (using the European Commission’s revised standard contractual clauses, including the necessary amendments for Switzerland) to maintain a sufficient level of data protection, if and insofar as the recipient is not already subject to a legally recognised set of regulations designed to ensure data protection. We may also disclose personal data in a country without sufficient data protection regulations without first providing contractual protection, where such action is permitted under an exception provision. In particular, exceptions may apply as part of legal proceedings abroad, but also in cases of overwhelming public interest, where such disclosure is required for the processing of a contract that is in your interest (e.g. disclosing data to our legal correspondents), where you have provided consent, where it is not possible to obtain your consent within a reasonable period of time and disclosure is necessary in order to protect either you or a third party from death or bodily harm, or if the data in question is generally available data pertaining to you for which you have not objected to data processing. In certain cases, we may also utilise the exception ruling provided for data from legally required records (e.g. the commercial register) that we are entitled to view.

The transmission of personal data to a state without appropriate data protection laws is only ever permissible following consultation with and approval from the Steinel Group’s Data Protection Officer.


Revoking your consent to the processing of your data
Some data processing procedures are only permissible with your express consent. You can revoke any consent you have already provided at any time. This will not affect the legality of the data processing carried out prior to your revocation of consent.

6. Data subject rights

You have the right:

To revoke at any time any consent you have granted to us. As a result of such revocation, we will be required to cease the data processing activities covered by the consent in question, with effect for the future. You can submit your notice of revocation by email to datenschutz@steinel.de, or by mail to the address listed in Section 1.

To request information on what personal data pertaining to you we have processed. In particular, you may request information on the purposes of the processing, the category of personal data in question, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the right to correction, erasure, restriction of processing or objection, the origin of your data (where it was not collected by us), and whether we use automated decision-making, including profiling, along with clear details on this if applicable. You can submit your request for information by email to datenschutz@steinel.de, or by mail to the address listed in Section 1. However, we reserve the right to take measures to verify your identity should you contact us in this regard.

To demand the immediate correction of any personal data we have saved pertaining to you that is incorrect or incomplete.
To demand the erasure of the personal data we have saved pertaining to you, providing the processing of said data is not required in order for us to exercise our right of free expression and information, to comply with a legal obligation, for reasons of public interest, or in order to submit, exercise or defend against legal claims.
To demand the restriction of the processing of your personal data if and insofar as the correctness of the data in question is disputed, the processing in question is unlawful and we no longer require the data, but you waive the right to its erasure because you require the data yourself in order to submit, exercise or defend against legal claims, or you have submitted an objection to the processing of said data.
To receive the personal data you have provided to us in a structured, commonly used and machine-readable format, or to demand that said data be transmitted to another Controller; and
To lodge a complaint with the supervisory authority. For this purpose, you can usually use the supervisory authority responsible for your regular domicile or place of work, or our registered office.


7. Right to object

If and insofar as your personal data is processed on grounds of legitimate interests, you have the right to object to the processing of said personal data based on reasons arising from your specific circumstances.
If you wish to exercise your right to object, simply send an email to datenschutz@steinel.de.

Last updated: November 2023