en
User profile iconSign In
Career
DE
PT
Stenon menu
Back

Privacy Policy Stenon GmbH

1. Introduction and general information

The protection of your personal data is important to us. Below you will find information about how we handle your data that is collected through your use of our website. Your data will be processed in accordance with the legal data protection regulations.

1.1 Controller within the meaning of the GDPR

Stenon GmbH
Hegelallee 53
14467 Potsdam
Deutschland

1.2 Contact data of the data protection officer

Proliance GmbH / www.datenschutzexperte.de
Datenschutzbeauftragter
Leopoldstr. 21
80802 München
datenschutzbeauftragter@datenschutzexperte.de

1.3 Definitions

Our privacy policy should be simple and understandable for everyone. For this reason, our privacy policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.

2. Processing of your data on our website

Thank you for your interest in our website. In the following, we would like to inform you about the processing of personal data when visiting and using our website.

More information concerning data protection, especially concerning your rights according to the GDPR, can be found under point 7 of this privacy policy.

Access to and storage of information in terminal equipment

By using our website, access to information (e.g. IP address) or storage of information (e.g. cookies) in your terminal equipment may occur. This access or storage may involve further processing of personal data pursuant to the GDPR.
In cases where such access to information or such storage of information is strictly necessary for the technically error-free delivery of our services, this is done on the basis of § 25 para. 1 s. 1, para. 2 no. 2 TTDSG.
In cases where such a process serves other purposes (e.g. the needs-based design of our website), this will only be carried out on the basis of § 25 para. 1 TTDSG with your consent pursuant to Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future.
For more information on the processing of your personal data and the relevant legal basis in this context, please refer to the following sections on the specific processing activities on our website.

2.1 Server-logfiles

Once you visit our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during an active connection for communication between your internet browser and our web server

  • Web browser and browser version
  • operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Date and time of the request

We collect the listed data in order to guarantee a frictionless connection establishment and to enable a comfortable use of our website by the users. The log file also serves for evaluating system security and stability as well as administrative purposes. The legal basis for the temporary storage of data or log files is Art. 6 para. 1 lit. f GDPR.

For reasons of technical security, in particular to prevent attempts to attack our web server, we may temporarily store this data. It is not possible for us to draw conclusions about individual persons on the basis of this data. After 30 days at the latest, the data is made anonymous by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user. This data is not evaluated in anonymous form except for statistical purposes. This data is not combined with data from other data sources.

2.2 Hosting

Our website is hosted by an external service provider, Amazon Web Services (“AWS”), Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg. This website is hosted in Frankfurt am Main, Germany. Personal data collected via the website is stored on the servers of the host. This may include IP addresses, contact requests, meta and communication data, website accesses and other data.

We have concluded a data processing agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we oblige the provider to protect our customers’ data and not to pass it on to third parties.

You can find more information about AWS data protection here.

2.3 Cookies

Our website uses so-called “cookies”. Cookies are small text files that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behavior or display advertising.

Technically necessary cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the storage of cookies for the technically error-free and optimised presentation of our services. Other cookies are only stored with your consent on the basis of Art. 6 para. 1 lit. a GDPR. This consent can be withdrawn at any time for the future. The legal basis may also result from Art. 6 para. 1 lit. b GDPR if the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject.

Insofar as cookies are used for analysis purposes, we will inform you of this separately within the framework of this privacy policy and obtain your consent.

You can set your browser to

  • be informed about the setting of cookies,
  • only allow cookies in individual cases,
  • exclude the acceptance of cookies for certain cases or generally,
  • activate the automatic deletion of cookies when the browser is closed.

The cookie settings can be managed under the following links for each browser:

You can also manage cookies of many companies and functions used for advertising individually. To do this, use the appropriate user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.

Most browsers also offer a so-called “do-not-track function”. When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be “tracked” for behavioral advertising and the like.

For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:

Additionally, you can prevent the loading of so-called scripts by default. “NoScript” allows the execution of JavaScripts, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/de/firefox/addon/noscript/).

Please note that if you disable cookies, the functionality of our website may be limited.

Change cookie preferences / revoke cookie consent

You can change your cookie preferences or revoke consent from the button below:

 
Cookie Preferences
 

2.3.1 Google Tag Manager

This website uses the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). This service allows website tags to be managed through an interface. The Google Tag Manager only implements tags. This means that no cookies are used and only the user’s IP address is transmitted to Google to establish a connection. The Google Tag Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made on domain or cookie level, it will remain for all tracking tags as long as they are implemented with the Google Tag Manager.

We use the Google Tag Manager on the basis of our legitimate interest under Art. 6 para. 1 lit. f GDPR. Our legitimate interest here is to enable the technical integration of other website tools.

Since a transfer of personal data (IP address) to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

Further information on data privacy regarding Google can be found https://policies.google.com/privacy?hl=de&gl=de

2.3.2 Google Analytics

Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies” and web beacons.

Google will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with further services related to the use of the website and the internet. The IP address sent by your browser in the context of Google Analytics is not combined with other data from Google. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent.

We use Google Analytics only with activated IP anonymisation. This means that your IP address will only be further processed by Google in abbreviated form.

We have concluded a Data Processing Agreement with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.
The terms of use of Google Analytics and information on data protection can be accessed via the following links:

http://www.google.com/analytics/terms
https://policies.google.com/privacy

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. User and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA) will be deleted no later than 14 months after collection.

You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note, however, that if you do so you may not be able to use all the functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout

2.3.3 Google Ads

We use “Google Ads” on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”). Google Ads is used by us for marketing and optimisation purposes, in particular to display ads that are relevant and interesting to you.

If you have given us your consent to do so in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we can use Google Ads to draw attention to our attractive offers by using advertising material on external websites. This enables us to determine how successful individual advertising measures are.

These advertising media is delivered by Google via so-called “AdServers”. We use AdServer cookies for this purpose, through which certain parameters for measuring success, such as the display of the ads or clicks by users, can be measured.

If you reach our website via a Google ad, Google Ads will store a cookie on your PC. These cookies usually expire after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: Unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be contacted). These cookies enable Google to recognize your web browser. If a user visits certain pages of an ad client’s website and the cookie stored on their computer has not expired, Google and the client will be able to tell that the user clicked on the ad and was redirected to that page. A different cookie is associated with each ad client. As a result, cookies cannot be tracked through the websites of ad clients. We ourselves do not collect and process any personal data in the advertising measures mentioned above. We only receive statistical evaluations from Google. By means of these evaluations we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material, in particular we cannot identify the users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. To the best of our knowledge, Google receives the information that you have called up the relevant part of our website or clicked on an advertisement from us. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, there is a possibility that Google will find out and save your IP address.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

Further information on data use by Google, on setting and objection options as well as on data protection can be found on the following Google websites:

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. Please note that in this case you may not be able to use all functions of our website to their full extent. You can also prevent the storage of cookies by setting your web browser to block cookies from the domain “www.googleadservices.com” (https://www.google.de/settings/ads). We would like to point out that this setting will be deleted if you delete your cookies. In addition, you can deactivate interest-related advertisements by clicking on the link http://optout.aboutads.info Please note that this setting will also be deleted if you delete your cookies.

2.3.4 Facebook Pixel

We use “Facebook Pixel” on our website, a service of Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA (hereinafter referred to as: “Facebook”).

Provided you have given us your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR, we use Facebook Pixel for marketing and optimisation purposes, in particular to place relevant and interesting advertisements on Facebook and thus improve our offer, make it more interesting for you as a user and avoid annoying advertisements.

Facebook Pixel enables Facebook to display our ads on Facebook, so-called “Facebook Ads” only to those Facebook users who were visitors to our website, in particular those who showed interest in our online offer. In this case, Facebook Pixel also enables us to check whether a user was redirected to our website after clicking on our Facebook Ads. Among other things, Facebook Pixel uses cookies, i.e. small text files that are stored locally in the cache of your web browser on your end device. If you are logged into Facebook with your user account, the visit to our online offer will be noted in your user account. The data collected about you is anonymous to us, so we cannot draw any conclusions about the identity of the user. However, this data can be linked by Facebook with your user account there. If you have a user account on Facebook and are registered, Facebook can assign the visit to your user account.

As a transfer of personal data to the USA takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. In order to guarantee this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These clauses oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we will endeavour to obtain additional regulations and commitments from the recipient in the USA.

Further information on data protection from the third party provider can be found on the following Facebook website: https://www.facebook.com/about/privacy

Information on Facebook Pixel can be found on the following Facebook website: https://www.facebook.com/business/help/651294705016616

You can make the relevant settings for which types of advertisements are displayed to you within Facebook on the following Facebook website: https://www.facebook.com/settings?tab=ads.

We would like to point out that this setting is deleted when you delete your cookies. In addition, you can deactivate cookies that are used to measure reach and advertising purposes via the following websites:

Please note that this setting is also deleted when you delete your cookies.

2.3.5 Facebook Custom Audiences

We use “Facebook Custom Audiences” on our website, a remarketing tool of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Ireland (hereinafter referred to as “Facebook”).

Facebook Custom Audiences enables us to display interest-based advertisements, so-called “Facebook Ads”, to visitors to our website as part of a visit to the social network Facebook or as part of a visit to other websites that also use Facebook Custom Audiences.

By using “Facebook Custom Audiences” your web browser automatically establishes a direct connection with the Facebook server. We have no influence on the scope and further use of the data collected by Facebook through the use of Facebook Custom Audiences. To the best of our knowledge, Facebook receives the information that you have called up the relevant part of our website or clicked on an advertisement from us. If you have a user account with Facebook and are registered, Facebook can assign the visit to your user account. Even if you are not registered with Facebook or have not logged in, it is possible that Facebook will find out and store your IP address and, if necessary, other identifying features.

We use Facebook Custom Audiences for marketing and optimization purposes, in particular to display ads that are relevant and interesting for you and thus improve our offer and make it more interesting for you as a user. The legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR (consent).

We have concluded a Data Processing Agreement with our service provider Facebook in which we commit Facebook to protect our customers’ data and not to pass it on to third parties.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

For more information about Facebook’s privacy practices, please visit the following Facebook website: https://www.facebook.com/settings/?tab=ads#_

Please note that this setting is also deleted when you delete your cookies.

2.3.6 LinkedIn Ads

We use conversion tracking technology on our website as well as the retargeting feature of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

This allows us to serve personalized ads to visitors to our website on LinkedIn. For this purpose, a cookie, LinkedIn Insight tag, is set in your browser with a validity of 120 days. This cookie enables LinkedIn to recognize you if you visit this website and are simultaneously logged in to your LinkedIn account. LinkedIn uses this data to generate anonymous reports on ad performance and website interaction information. The information generated by the cookie is usually transferred to a server in the USA and stored there.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

You may opt-out of LinkedIn Insight conversion tracking and interest-based personalized advertising by following this link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. For more information about LinkedIn’s privacy policy, please visit https://www.linkedin.com/legal/privacy-policy.

2.3.7 Amazon DSP (Conversion Tracking via Pixel)

This website uses a conversion tracking technology of Amazon Media EU S.à r.l. (seller of record for digital content marked as “Verkauf durch Amazon Media EU SARL” gekennzeichneten digitalen Inhalte): Amazon Media EU S.à r.l. (Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxemburg (share capital: EUR 50.000; registered at the RCS Luxembourg; under the number: 112767; Business Licence Number: 110001; Ust-ID: LU 20944528). The company is legally represented by Eric King.

If you access our website through an ad on Amazon, we will, in the case of your consent, set a cookie on your computer, which interacts with a “tag” (Pixel) implemented in the form of a JavaScript code from Amazon.
If the user is then redirected again from an ad on Amazon to pages on this website and the cookie has not yet expired, the tag records certain user actions predefined by us and can track them (e.g. completed transactions, leads, searches on the website, calls to product pages). When such an action is performed, your browser sends an HTTP request from the cookie to Amazon’s server via the Amazon tag, with which certain information about the action (including type of action, time, browser type of the end device) is transmitted to Amazon. Through this transmission, Amazon can create statistics about user behavior on our website after forwarding from an ad in Amazon, which we use to optimize our offer.

If personal data is processed, this is based on your consent in accordance with Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time via the cookie settings in our privacy policy. In addition, you can deactivate interest-based ads via the link https://optout.aboutads.info. You can also prevent the installation of cookies by deleting existing cookies and disabling cookie storage in your web browser settings. We would like to point out that in this case you may not be able to use all functions of our website to their full extent.

The above-mentioned cookie will be automatically deleted from your terminal device no later than 180 days.

Since personal data may be transferred to third countries outside the EU (e.g. USA), further safeguards are necessary to ensure the level of data protection in accordance with the requirements of the GDPR. According to their own information, Amazon undertakes to comply with so-called EU standard contractual clauses in this case.

Further information on third country transfers and general data protection at Amazon can be found here: https://advertising.amazon.com/de-de/resources/ad-policy/eu-data-protection-and-privacy

2.4 Contact form (Typeform)

This site uses Typeform for the contact form, a service provided by TYPEFORM SL, C/Bac de Roda, 163 (Local), 08018 Barcelona, Spain.

We use Typeform to be able to answer your inquiries and to request suitable contact information via the contact form. For this purpose, the following personal data is collected and processed by Typeform:

  • E-mail address
  • First name
  • Last name
  • Telephone number

The legal basis for the processing of the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f GDPR and, if applicable, Art. 6 (1) lit. b GDPR, if your request is aimed at concluding a contract.

At the end of the contact form, you have the voluntary option to subscribe to our newsletter. If you subscribe, the processing of your e-mail address for this purpose is based on your consent in accordance with Art. 6 (1) a GDPR. For more information on the newsletter, please refer to point 2.5 in this privacy policy.

Your data will be deleted after final processing of your request, provided that there are no legal retention obligations to the contrary or the consent to process your data for the newsletter is revoked. You can object to the processing of your personal data at any time in the case of Art. 6 (1) lit. f GDPR.

We have concluded a Data Processing Agreement with Typeform, in which we oblige Typeform to protect our customers’ data and not to pass it on to third parties.

Since a transfer of personal data to the USA takes place, further appropriate safeguards are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured by this contractual extension, we will endeavor to obtain additional regulations and commitments from the recipient in the USA.

For more information, please refer to Typeform’s Terms of Use and Privacy Policy.

2.4.1 Zapier

We use the integration service Zapier to link tools together. Zapier is a service of Zapier Inc. 243 Buena Vista Ave #508, Sunnyvale, CA 94086, USA. To ensure quick processing and response to contact requests, data collected via our contact form tool Typeform is transferred to our CRM software via Zapier.

The legal basis for processing the data is our legitimate interest in integrating the tools used as effectively as possible in accordance with Art. 6 (1) lit. f GDPR.

We have concluded a Data Processing Agreement with Zapier, in which we oblige Zapier to protect our customers’ data and not to pass it on to third parties.

Since a transfer of personal data to the USA takes place, further appropriate safeguards are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured by this contractual extension, we will endeavor to obtain additional regulations and commitments from the recipient in the USA.

For more information, please refer to Zapier’s Terms of Use and Privacy Policy.

2.5 Newsletter (Sendinblue)

If you would like to receive the newsletter offered on the website with regular information about our offers and products, we require your e-mail as mandatory information.
Additional data may be required to personally address you in the newsletter and/or to identify you if you wish to exercise your rights as a data subject.

We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you our newsletter by e-mail if you have expressly confirmed that you consent to the sending of newsletters. In the first step, you will receive an e-mail with a link that you can use to confirm that you, as the owner of the corresponding e-mail address, want to receive newsletters in the future. With the confirmation, you give us your consent in accordance with Art. 6 (1) lit. a GDPR that we may use your personal data for the purpose of sending the desired newsletter.

When registering for the newsletter, we store, in addition to the e-mail address required for sending, the IP address through which you registered for the newsletter, as well as the date and time of registration and confirmation, to be able to track possible misuse later.

You can unsubscribe from the newsletter at any time via the link included in each newsletter or by sending an e-mail to the responsible person named above. After unsubscribing, your e-mail address will be deleted from our newsletter distribution list immediately, unless you have expressly consented to the continued use of the collected data or the continued processing is otherwise permitted by law.

For sending newsletters, we use Sendinblue, a service of SendinBlue SAS, 55 rue d’Amsterdam, 75008 Paris, France. Sendinblue allows us to organize and analyze the newsletter dispatch. In doing so, the following personal data is stored on Sendinblue’s servers:

  • Name
  • E-mail address

The legal basis for the processing by Sendinblue is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in optimally organizing and analyzing the newsletter dispatch. However, the processing only takes place if you have subscribed to the newsletter. For this purpose, your consent is obtained in accordance with Art. 6 (1) lit a GDPR.

We have concluded a Data Processing Agreement with Sendinblue, in which we oblige Sendinblue to protect our customers’ data and not to pass it on to third parties.

You can find more information about Sendinblue’s data protection here.

2.6 Registration and login

On our website, you have the option of registering to use our web app and thus creating a user profile. More information on the collection of data during registration can be found in our data protection information for the web app, which you can find below on this website (see point 5).

2.7 External links

Social networks (Facebook) are only integrated on our website as a link to the corresponding services. After clicking on the embedded text/image link, you will be redirected to the page of the respective provider. User information will only be transferred to the respective provider after the forwarding. For information on the handling of your personal data when using these websites, please refer to the respective data protection provisions of the providers you use.

3. Information for applicants

If you apply for a job via our careers page or by e-mail, we collect personal data. This particularly includes your contact data (such as first and last name, telephone number, and e-mail address) as well as other data you provide about your background (e.g., resume, qualifications, degrees, and work experience) and yourself (e.g., cover letter, personal interests). This may also include special categories of personal data (e.g. information about a severe disability).

As a rule, your personal data is collected directly from you as part of the application process and encrypted during electronic transmission. The primary legal basis for this is Article 6 (1) lit. b GDPR in conjunction with Section 26 (1) BDSG. In addition, consent pursuant to Art. 6 (1) lit. a GDPR in conjunction with § 26 Para. 2 BDSG can be used as a data protection permission provision. If the processing of your data is based on consent, you have the right to revoke your consent at any time with effect for the future.

We use a so-called “iFrame” of Personio GmbH (“Personio”), Rundfunkplatz 4, 80335 Munich, Germany for our career page. Here, content from Personio is displayed on our website (job ads). You can send us applications via the online application form created there. The data is then transferred to our applicant tool, which is provided to us by Personio.

Personio uses cookies to ensure functionality. For more information on cookies, please refer to the data protection information on our website (see point 2.3). We have concluded a Data Processing Agreement with Personio, in which we oblige Personio to protect our customers’ data and not to pass it on to third parties. You can find more information on Personio’s data protection here

Within our company, only those persons and departments (e.g. Human Resources) that absolutely need your personal data to carry out the application process or to fulfill our legal obligations have access to it. If necessary, your applications will be forwarded to the relevant responsible persons for examination. Under no circumstances will your personal data be passed on to third parties without authorization.

Your data relating to an application for a specific job posting will be stored and processed by us during the ongoing application process. After completion of the application process (e.g. in the form of an acceptance or rejection), the application process, including all personal data, will be deleted from the system no later than six months after completion of the application process. The data of selected applicants will be stored securely for up to 2 years, provided that the applicants have given their consent to this in accordance with Art. 6 (1) lit. a GDPR. You can revoke your consent at any time with effect for the future. An informal e-mail using the contact details of the responsible person listed above is sufficient for this purpose. If you will get accepted, your application documents will be transferred to the personnel file.

For further information on data protection, in particular your rights under the GDPR, please also refer to point 7 of this privacy policy.

4. Data privacy for customers and interested parties

The following information applies to our customers and those interested in our offers.

In accordance with the provisions of Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR), we hereby inform you about the processing of your personal data and your rights under data protection law in this regard. Which data is processed in detail and how it is used depends largely on the requested or agreed services. To ensure that you are fully informed about the processing of your personal data in the context of the performance of a contract or the implementation of pre-contractual measures, please take note of the following information.

For further information on data protection, in particular your rights under the GDPR, please also refer to point 7 of this privacy policy.

4.1 Purposes and legal basis of the processing

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR)and the Federal Data Protection Act (BDSG), insofar as these are necessary for the establishment, execution, and performance of a contract and for the implementation of pre-contractual measures. If the disclosure of personal data is necessary for the initiation or execution of a contractual relationship or in the context of the execution of pre-contractual measures, processing in accordance with Art. 6 Para. 1 lit. b GDPR is lawful.

If you give us your express consent to process personal data for specific purposes (e.g. disclosure to third parties, evaluation for marketing purposes or advertising), the lawfulness of this processing is given on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. Any consent given may be withdrawn at any time with effect for the future (see section 9 of this data protection information).

If necessary and legally permissible, we process your data beyond the actual contractual purposes to fulfil legal obligations in accordance with Art. 6 Para. 1 lit. c GDPR. In addition, processing may be carried out to safeguard legitimate interests of us or third parties in accordance with Art. 6 Para. 1 lit. f GDPR. If necessary, we will inform you separately, stating the legitimate interest, insofar as this is required by law.

4.2 Categories of personal data

We process only such data that relates to contract initiation or the pre-contractual measures. This can be general data about your person or persons of your company (name, address, contact data etc.) as well as further data, if necessary, which you transmit to us in the context of the initiation of the contract.

4.3 Sources of data

We process personal data that we receive from you in the course of contacting you, establishing a contractual relationship, pre-contractual measures or the data you provide.

4.4 Recipients of data

We share your personal data within our company exclusively with those areas and persons who need this data to fulfill contractual and legal obligations or to implement our legitimate interest.

Your personal data is processed on our behalf based on Data Processing Agreements in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the GDPR.

Data will otherwise only be transferred to recipients outside the company if this is permitted or required by law, if it is necessary for the processing of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent or if we are authorized to provide information.

4.4.1 PandaDoc

We use PandaDoc, provided by Panda Doc Inc, 3739 Balboa St. #1083, San Francisco, CA 94121, to digitally sign documents. This service enables us to digitally sign contracts and other documents. In the process, both usage data and content data of the documents are transmitted to PandaDoc and stored there.

The legal basis for the processing of personal data is the conclusion of a contract or the implementation of pre-contractual measures according to Art. 6 (1) lit. b GDPR and our legitimate interest in the associated verification and documentation purposes according to Art. 6 (1) lit. f GDPR. We have concluded a Data Processing Agreement with the service provider PandaDoc.

It is possible that PandaDoc transfers personal data to a third country outside the European Union or the EEA. For data transfers to a third country, PandaDoc has agreed to Standard Contractual Clauses (SCC). Transfers outside the PandaDoc group will only be made to organizations that agree to implement appropriate safeguards that ensure an adequate level of data protection in the third country.

The data is deleted when the contract has been fulfilled or no longer exists for other reasons and no other legal or contractual retention periods prevent this.

You can find more information about PandaDoc’s data protection here.

4.4.2 Aircall

For the efficient and simple handling of service requests via our hotline, we use Aircall, a service of Aircall Inc, 42, rue du Faubourg Poissonnière, 75010, Paris, France.

In this process, the following personal data is passed on to Aircall:

  • Name
  • Telephone number

The legal basis for the processing of personal data is our legitimate interest in the efficient handling of telephone inquiries and appointments in accordance with Art. 6 (1) lit. f GDPR.

We have concluded a Data Processing Agreement with Aircall, in which we oblige Aircall to protect our customers’ data and not to pass it on to third parties.

You can find more information about Aircall’s data protection here.

4.4.3 Salesforce

To automate sales processes and manage user accounts, we use the Salesforce Sales Cloud, a service provided by Saleforce.com Inc, the Landmark @ One Market, Suite 300, San Francisco, CA 94105 (“Salesforce”).

The legal basis for the processing of personal data is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in managing user accounts and optimizing our sales activities.

We have concluded a Data Processing Agreement with Salesforce, in which we oblige Salesforce to protect our customers’ data and not to disclose it to third parties.

Since a transfer of personal data to the USA takes place, further appropriate safeguards are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured by this contractual extension, we will endeavor to obtain additional regulations and commitments from the recipient in the USA.

You can find more information about Salesforce’s data protection here.

4.4.4 Cirrus Insight

For optimal integration of Salesforce with other services and for synchronization of customer emails to Salesforce, we use Cirrus Insight, a service of CirrusPath Inc. based in Irvine, California, USA. By using Cirrus Insight, personal data related to emails is processed and forwarded to Salesforce.

The legal basis for the processing by Cirrus Insight is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in optimally integrating customer data with existing services to be able to commence our sales activities.

We have concluded a Data Processing Agreement with Cirrus Insight, in which we oblige Cirrus Insight to protect our customers’ data and not to disclose it to third parties.

Since a transfer of personal data to the USA takes place, further appropriate safeguards are required to ensure the level of data protection of the GDPR. To ensure this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 (2) lit. c GDPR. These oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured by this contractual extension, we will endeavor to obtain additional regulations and commitments from the recipient in the USA.

You can find more information about Cirrus Insight’s data protection here.

5. Information about data protection in our web app

 

5.1 Introduction

Thank you for your interest in our web app. In the following, we would like to inform you about the processing of personal data when using our web app.

With the FarmLab web app, measurements can be analysed directly in the browser. With one click, field plots can be imported from almost all farm management systems. With the web app it is also easy to plan different fertilisations.

For further information concerning data protection, in particular on your rights under the GDPR, please also refer to point 7 of this privacy policy.

5.2 Hosting

Our web app is hosted by an external service provider, Amazon Web Services (“AWS”), Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg. This website is hosted in Frankfurt am Main, Germany. Personal data collected via the website is stored on the servers of the host. This may include IP addresses, contact requests, meta and communication data, website accesses and other data which is shared within the web app.

We have concluded a Data Processing Agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we oblige the provider to protect our customers’ data and not to pass it on to third parties.

You can find more information about AWS data protection here.

5.3 Login / Registration

On our website, you have the option of registering to use our web app and thus creating a user profile.

As part of the registration and setup process, we collect and use the following personal data:

  • E-Mail adresse
  • Name
  • Phone number

In addition, voluntary information may be provided. Mandatory information provided for the purpose of registration is marked with an asterisk (*) in the input mask as a required field. With your user account you get the possibility to use further parts of our website and to log in for the offers you have purchased. The legal basis for data processing is Art. 6 (1) lit. a GDPR in the case of consent or Art. 6 (1) lit. b GDPR if processing is necessary to provide the requested services. Your data will be deleted as soon as the user account on our website is deleted and insofar as no legal retention obligations exist. You can initiate a change and/or deletion of your user account including the data you have provided by sending a corresponding message to the responsible person mentioned at the beginning of this privacy policy.

5.4 Cookies and other tracking tools

Further general information on the use of cookies can be found under point 2.3 of this privacy policy.

Change cookie preferences / revoke cookie consent

Within the web app, you can change your cookie preferences or revoke consent by making updates to the Privacy Settings. These can be found on the Settings page which is accessible from the Account menu.

5.4.1 Google Analytics

Our web app uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies” and web beacons.

Google will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with further services related to the use of the website and the internet. The IP address sent by your browser in the context of Google Analytics is not combined with other data from Google. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent.

We use Google Analytics only with activated IP anonymisation. This means that your IP address will only be further processed by Google in abbreviated form.

We have concluded a Data Processing Agreement with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

The terms of use of Google Analytics and information on data protection can be accessed via the following links:

http://www.google.com/analytics/terms/
https://policies.google.com/privacy

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. User and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA) will be deleted no later than 14 months after collection.

You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note, however, that if you do so you may not be able to use all the functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout.

5.4.2 Google Ads

We use “Google Ads” on our website, a service provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (hereinafter referred to as “Google”). Google Ads is used by us for marketing and optimisation purposes, in particular to display ads that are relevant and interesting to you.

If you have given us your consent to do so in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, we can use Google Ads to draw attention to our attractive offers by using advertising material on external websites. This enables us to determine how successful individual advertising measures are.

These advertising media is delivered by Google via so-called “AdServers”. We use AdServer cookies for this purpose, through which certain parameters for measuring success, such as the display of the ads or clicks by users, can be measured.

If you reach our website via a Google ad, Google Ads will store a cookie on your PC. These cookies usually expire after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: Unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be contacted). These cookies enable Google to recognize your web browser. If a user visits certain pages of an ad client’s website and the cookie stored on their computer has not expired, Google and the client will be able to tell that the user clicked on the ad and was redirected to that page. A different cookie is associated with each ad client. As a result, cookies cannot be tracked through the websites of ad clients. We ourselves do not collect and process any personal data in the advertising measures mentioned above. We only receive statistical evaluations from Google. By means of these evaluations we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material, in particular we cannot identify the users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. To the best of our knowledge, Google receives the information that you have called up the relevant part of our website or clicked on an advertisement from us. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, there is a possibility that Google will find out and save your IP address.

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

Further information on data use by Google, on setting and objection options as well as on data protection can be found on the following Google websites:

You can prevent the installation of cookies by deleting existing cookies and deactivating the storage of cookies in the settings of your web browser. Please note that in this case you may not be able to use all functions of our website to their full extent. You can also prevent the storage of cookies by setting your web browser to block cookies from the domain “www.googleadservices.com” (https://www.google.de/settings/ads We would like to point out that this setting will be deleted if you delete your cookies. In addition, you can deactivate interest-related advertisements by clicking on the link http://optout.aboutads.info. Please note that this setting will also be deleted if you delete your cookies.

5.4.3 Facebook Pixel

We use “Facebook Pixel” on our website, a service of Facebook Inc, 1601 S California Ave, Palo Alto, California 94304, USA (hereinafter referred to as: “Facebook”).

Provided you have given us your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR, we use Facebook Pixel for marketing and optimisation purposes, in particular to place relevant and interesting advertisements on Facebook and thus improve our offer, make it more interesting for you as a user and avoid annoying advertisements.

Facebook Pixel enables Facebook to display our ads on Facebook, so-called “Facebook Ads” only to those Facebook users who were visitors to our website, in particular those who showed interest in our online offer. In this case, Facebook Pixel also enables us to check whether a user was redirected to our website after clicking on our Facebook Ads. Among other things, Facebook Pixel uses cookies, i.e. small text files that are stored locally in the cache of your web browser on your end device. If you are logged into Facebook with your user account, the visit to our online offer will be noted in your user account. The data collected about you is anonymous to us, so we cannot draw any conclusions about the identity of the user. However, this data can be linked by Facebook with your user account there. If you have a user account on Facebook and are registered, Facebook can assign the visit to your user account.

As a transfer of personal data to the USA takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. In order to guarantee this, we have agreed standard data protection clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These clauses oblige the recipient of the data in the USA to process the data in accordance with the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we will endeavour to obtain additional regulations and commitments from the recipient in the USA.

Further information on data protection from the third party provider can be found on the following Facebook website: https://www.facebook.com/about/privacy.

Information on Facebook Pixel can be found on the following Facebook website: https://www.facebook.com/business/help/651294705016616

You can make the relevant settings for which types of advertisements are displayed to you within Facebook on the following Facebook website: https://www.facebook.com/settings?tab=ads.

We would like to point out that this setting is deleted when you delete your cookies. In addition, you can deactivate cookies that are used to measure reach and advertising purposes via the following websites:

http://optout.networkadvertising.org/
http://www.aboutads.info/choices
http://www.youronlinechoices.com/uk/your-ad-choices/

Please note that this setting is also deleted when you delete your cookies

5.4.4 Sentry

Our web app uses “Sentry”, a service of Functional Software Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA.

The service is used to track incidents when a technical problem (e.g. crash) occurs in our web app. Sentry collects device information on our behalf (IP address, browser and operating system, which pages of our web app were requested) as well as information about the interaction with our web app that triggered the error and stores this information by associating it with the customer email address and customer username stored with us. This information enables us to document, track and correct specific errors in our web app.

The legal basis for the use of the service and the associated processing of the above-mentioned personal data is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the error evaluation for the technical optimization of our web app and the provision of an error-free product to our customers.

The data will be deleted or anonymized after 90 days

We have concluded a so-called data processing agreement with Sentry, by which Sentry is obliged to strictly process the data of our users in accordance with our instructions, protect the data the data and not to pass it on to third parties.

Since the use of Sentry may lead to a transfer of personal data to third countries outside the EU (including the US), further protection mechanisms are required to ensure the level of data protection of the GDPR. To ensure this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the third country to process the data in accordance with the level of protection in Europe. In cases where this cannot be ensured even through this contractual extension, we endeavor to obtain additional regulations and commitments from the recipient in the third country.

5.4.5 Support and contact possibilities

In the login area of our web app there is a form through which you can contact us and request support.

In this case, your information from the contact form or your email, including the personal data you provide there, will be stored in our CRM software Salesforce for the purpose of processing the request and to answer your follow-up questions. The specification of an e-mail address is required to contact you, the specification of your telephone number is voluntary. The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 (1) lit. f GDPR and Art. 6 (1) lit. b GDPR, if the processing is necessary for the performance of the contract.

You can object to the processing of your personal data at any time in the case of Art. 6 (1) lit. f GDPR.

For more information on the service provider Salesforce used, please see point 4.4.3 of this privacy policy.

6. Social Media

6.1. Introduction and general information about social media

The protection of your personal data is very important to us. In the following, you will find information on the processing of your data that is collected through your use of our social media presences on social networks and platforms. Your data will be processed in accordance with applicable laws and regulations.

6.1.1. General information about the controller

Stenon GmbH (hereinafter: “Stenon” maintains presences or “fan pages” on various social media – platforms. For the processing of your personal data in connection with your visit to our presence or our “fan page” on the platforms Facebook and LinkedIn, Stenon is jointly responsible with the operators of the respective platform mentioned here under 6., insofar as they provide us with aggregated information on visitors to our fan page or our presence (“Insights”). Detailed information on the scope of processing in joint responsibility related to the respective providers can be found in the second section of this Privacy Policy.

6.1.1.1. Joint controllership

The operators of the platforms for Facebook and Instagram are: Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour Dublin 2, a subsidiary of Meta Platforms, Inc, 1601 Willow Rd Menlo Park, CA 94025-1452, USA. The operator of the LinkedIn platform is: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W Maude Ave Sunnyvale, CA, 94085-2810 USA.

We have concluded an agreement with the operators pursuant to Art. 26 GDPR regarding joint responsibility for the processing of your personal data (Controller Addendum). This agreement specifies the data processing operations for which we or the respective operator are responsible when you visit our Fanpage or our presence on the platform of the respective operator. You can view this agreement under the following link:

Facebook: https://www.facebook.com/legal/terms/page_controller_addendum

LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum

6.1.1.2. Own responsibility of platform providers

If your personal data is processed by one of the social media platform providers listed below, this processing is carried out under the platform operator’s own responsibility within the meaning of Art. 7 No. 4 GDPR. For the assertion of your data subject rights, we point out that these can be asserted most effectively with the respective providers. Only they have access to the data collected from you. Should you still require assistance, please feel free to contact us at any time.

  • Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland
  • Instagram, Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour Dublin 2, Irland
  • YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

6.1.1.3. Own responsibility of Stenon

For the processing of your personal data in the cases mentioned under 6.1.4. to 6.1.7. which is not carried out by the operators mentioned under 6.1.1.2. solely Stenon is responsible.

6.1.2. Data transfer, recipients and data transfers to third countries

If Stenon passes on personal data to the providers of social media platforms, the latter are recipients of the data within the meaning of Art. 4 (9) GDPR. Since personal data is transferred to the USA when visiting and interacting with the social media platforms used by us, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

In cases where providers process your personal data under their own responsibility (6.1.1.2.), we have no influence on the processing thereof by the provider and its use of such data (at least after transmission of the data). For more information, please check the privacy policy of the respective provider and, if necessary, use the opt-out / personalization options regarding data processing by the provider:

6.1.3. Access to and storage of information in terminal equipment (cookies)

When you visit our Facebook fan page or other social media sites, one or more cookies are set on your terminal device by the platform provider. Cookies are small text files that are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser.

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or language settings). Other cookies are used to evaluate user behavior or display advertising.

By interacting with our Facebook fan page or our other social media appearances, information (e.g. your IP address) may be accessed or stored (e.g. cookies) in your terminal equipment. This access or storage may involve further processing of personal data according to the GDPR.

The activity or validity period of cookies can vary greatly, but you can delete them manually at any time using your web browser settings. If you have technical questions about this, please contact the manufacturer of your web browser. Further information on the use of cookies and their legal basis can be found in the respective provider’s privacy policy. Links to the respective data protection statements can be found above under “Data transfer and recipients”. If you have any further questions, please contact the provider of the respective social media platform directly.

6.1.4. Data processing for market research and advertising purposes

Generally, personal data is processed on the company website for market research and advertising purposes of the provider of the social media platform. For this purpose, a cookie is set in your browser, which enables the respective provider to recognize you when you visit a website. In addition, an extensive evaluation of your interactions on the social media platform is carried out by the provider. By means of the collected data, usage profiles can be created. These are used to place advertisements within and outside the platform that presumably correspond to your interests. Furthermore, data can also be stored in the usage profiles regardless of the devices you use. This is regularly the case if you are a member of the respective platforms and logged in to them. You can find more information on this in the data protection information of the respective provider.

When you visit our social media site or interact with it, we may receive personal data from you, which we, in addition to the provider, also process under our own responsibility, other than in the cases mentioned in section 2. of this privacy policy. This may be information that you actively provide (comments, likes, and information you provide publicly, such as your profile picture or name).

Collection of information about who has viewed our social media presence: Depending on the provider and your settings on the provider’s platform, it may also be the case that we are informed about who has viewed our appearance or page within the platform. The provider LinkedIn supplies us with information about which LinkedIn user has visited our LinkedIn presence. This information is provided to us by LinkedIn without any time limit regarding the time of storage.

Our access to the aforementioned data results from the operation of our social media presence; no further processing of this data by us takes place except in the cases mentioned in this privacy policy. We have a legitimate interest in the operation of our social media presence and the associated processing of personal data that you actively publish or make available to us in accordance with Art. 6 (1) (1) (f) GDPR. Our legitimate interest lies in the promotion as well as in making available an effective communication and interaction option with our company.

6.1.5. Data processing when you contact us

We collect personal data ourselves when you contact us, for example, via a contact form or through a messenger service of the respective platform, such as Facebook Messenger. Which data is collected depends on the information you provide and the contact data you have submitted or made available. This data is stored by us for the purpose of processing the request and to answer any follow-up questions. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 (1) lit. f GDPR and, if applicable, Art. 6 (1) lit. b GDPR if your request is aimed at concluding a contract. Your data will be deleted after your request has been processed, provided that there are no legal obligations to retain data. We assume that processing is complete if it can be inferred from the circumstances that the matter in question has been conclusively resolved.

6.1.6. Data processing for contract management

If your contact via a social network or other platform aims at the conclusion of a contract for the delivery of goods or the provision of services with us, we process your data for the performance of the contract or for the implementation of pre-contractual measures or for the performance of the requested services. The legal basis for the processing of your data in this case is Art. 6 (1) lit. b GDPR. Your data will be deleted if it is no longer required for the performance of the contract or if it is determined that the pre-contractual measures do not lead to the conclusion of a contract corresponding to the purpose of the contact. Please note, however, that it may be necessary to store personal data of our contractual partners even after the conclusion of the contract in order to comply with contractual or legal obligations.

6.1.7. Data processing on the basis of consent

If you are asked by the respective providers of the platforms to give your consent to processing for a specific purpose, the legal basis of the processing is Art. 6 (1) lit. a., Art. 7 GDPR. Given consent can be revoked at any time with effect for the future.

6.2. Processing in joint responsibility with the provider of the social media platform

6.2.1. Facebook-Fanpage (Insights feature)

6.2.1.1. Data processing regarding “page insights” when visiting our Facebook fan page

When you visit our Facebook fan page, your personal data will be processed by Facebook as the operator of the platform and by Stenon as the operator of the fan page. Insofar as this data processing takes place in connection with the Insights functionality of Facebook (Meta Platforms Ireland Ltd. or Meta Platforms Inc.), we are jointly responsible for such processing with Facebook (Art. 26 (1) GDPR).

Page Insights (https://www.facebook.com/business/a/page/page-insights) is a function provided by Facebook, which allows the operator Stenon of a Facebook fan page to obtain summarized data about the interaction of visitors.

Page Insights may be based on personal data collected in connection with a person’s visit to or interaction with our site and in connection with content provided. Please be aware of what personal data you share with us via Facebook. Your data may be processed for market research and advertising purposes even if you are not logged into Facebook or do not have a Facebook account. For example, user profiles can be created from the usage behavior and resulting interests of the users. The user profiles can in turn be used, for example, to display advertisements within and outside the platforms that presumably correspond to the interests of the users. This data collection takes place via cookies that are stored on your terminal device. Furthermore, data that is independent of the devices utilized by the users may also be stored in the user profiles; in particular, if the users are members of the respective platforms and logged in to them.

Stenon only receives summarized (aggregated) data from Facebook, which does not allow any conclusions to be drawn about individual persons.

Your personal data is processed by Stenon for advertising and marketing purposes. (E.g.: increasing the reach and awareness of our fan page through target group-specific design of posts, evaluation of the success of marketing campaigns).

The legal basis for the processing of your personal data in connection with your visit or interaction with our Facebook fan page is Art. 6 (1) lit. f GDPR. We have a legitimate interest in using aggregated information about interactions with our Facebook Fanpage for promotional purposes.

For information on the purposes Facebook pursues with the processing of your personal data and the legal basis for this data processing, please refer to Facebook’s privacy policy.

Please note that we have no influence on the data collection and further processing within the responsibility of Facebook. As a result, we can not provide information about the extent to which, where and for how long the data is stored by Facebook. Furthermore, we cannot state to what extent Facebook complies with existing deletion obligations, what evaluations and links are made with the data on the part of Facebook and to whom the data is passed on by Facebook.

Information on the processing of your personal data, which is processed by Facebook for its own purposes, can be found in Facebook’s privacy policy: https://www.facebook.com/about/privacy/

6.2.1.2. Your rights as an affected person of the data processing

If you as a visitor to the site would like to exercise your rights (information, correction, deletion, restriction, data portability, complaint to the supervisory authority, objection or revocation), you can contact both Facebook and us. You can independently adjust your advertising settings in your user account. To do so, click on the following link and log in:

https://www.facebook.com/settings?tab=ads or http://www.youronlinechoices.com

You can (also) restrict the visibility of your Facebook account towards us via the Facebook settings.

For further details, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/

6.2.1.3. Facebook’s data protection officer

To contact Facebook’s data protection officer, you can use the online contact form provided by Facebook under the following link https://www.facebook.com/help/contact/540977946302970.

6.2.2. LinkedIn

6.2.2.1. Data processing regarding “page insights” when visiting our LinkedIn page

When you visit our LinkedIn presence, your personal data will be processed by LinkedIn as operator of the platform and by Stenon as operator of our presence within the platform. Insofar as this data processing takes place in connection with the Insights functionality of LinkedIn (LinkedIn Ireland Unlimited Company. or LinkedIn Corporation.), we are jointly responsible for it with LinkedIn (Art. 26 (1) GDPR).

LinkedIn Page-Insights (https://legal.linkedin.com/pages-joint-controller-addendum) is a function provided by LinkedIn, which allows the operator Stenon of a LinkedIn page to receive summarized data about the interaction of visitors.

LinkedIn evaluates your interaction with our LinkedIn presence as part of the Page Insights function and also uses the personal information provided by you (professional activity, industry, country, etc.). The evaluated data is made available to us by LinkedIn, but only in aggregated form (i.e. LinkedIn does not provide us with specific information on individual users as part of this function, but only summarized information). We use this aggregated data for the target group-specific presentation of our LinkedIn page and generally for its optimization with regard to the above-mentioned advertising purposes.

We have a legitimate interest in these advertising purposes and the processing of your data is based on Art. 6 (1) lit. f GDPR.

For information on the purposes LinkedIn pursues with the processing of your personal data and the legal basis for this data processing, please refer to LinkedIn’s privacy policy.

Please note that we have no influence on the data collection and further processing within the responsibility of LinkedIn. As a result, we can not provide information about the extent to which, where and for how long the data is stored by LinkedIn. Furthermore, we cannot state to what extent LinkedIn complies with existing deletion obligations, what evaluations and links are made with the data on the part of LinkedIn and to whom the data is passed on by LinkedIn.

6.2.2.2. Your rights as an affected person of the data processing

If you as a visitor to the site would like to exercise your rights (information, correction, deletion, restriction, data portability, complaint to the supervisory authority, objection or revocation), you can contact both LinkedIn and us. You can independently adjust your advertising settings in your user account.

For further information on data processing by LinkedIn, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy

6.2.2.3 LinkedIn’s data protection officer

To contact the data protection officer of LinkedIn, you can use the contact form under the link https://www.linkedin.com/help/linkedin/ask/TSO-DPO.

6.3 Participation in Sweepstakes and Giveaways (Meta)

If you enter our sweepstakes via Facebook or Instagram by fulfilling the requirements stated in the social media post (this may include, but is not limited to, a “Like”, linking to another person, following an account, or commenting on the post), we will process your profile name and, if applicable, other profile data about you for the purpose of drawing the winners.

The profile name of the winners will be published on our profile on Facebook or Instagram after the draw, if applicable. Alternatively, we will contact the winners directly via email or messenger to give them the opportunity to contact us for the purpose of sending the prize.

In order to send a prize to the winners, we will also process your first name and surname as well as your address (street, house number, postal code and city), provided that you have communicated this to us after the announcement of the winners by means of a direct message via the respective platform or have sent it to us following our contact.

The legal basis for the processing of your personal data in the context of the competition is Art. 6 para. 1 p. 1 lit. b GDPR.

Participation in the sweepstakes and the provision of your name and address data in the event of a win is on a voluntary basis. Please note, however, that in the event of a prize, we can only send it to you if you provide us with the data required to send the prize. In order to send a prize, your personal data will be passed on by us to a shipping service provider.

After sending the prize, we will delete your address and name data after one month unless you agree to their further processing for marketing purposes.

Please also note our information on data protection in the context of the use of Facebook and Instagram listed further below in our privacy policy.

7. Further data protection information

 

7.1 Data security

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

7.2 Storage period

The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.

7.3 Your rights

In the following, you will find information about your data subject rights, which the current data protection law grants you against the controller concerning the processing of personal data:

The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.

The right to obtain without undue delay the rectification of inaccurate personal data concerning you. in accordance with Art. 16 GDPR.

The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right of freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is contested by you, the processing is unlawful, but you oppose the erasure and we no longer need the data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.

The right, in accordance with Art. 20 GDPR, to receive the personal data concerning you, which you have provided to us in in a commonly used and machine-readable format and the right to transmit those data to another controller.

The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR with effect in the future at any time.

The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work.

The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal

7.3.1 Right to object

If your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation.

If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail to accounting@stenon.io

7.4 Necessity of providing personal data

The provision of personal data for the decision on the conclusion of a contract, the fulfillment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.

7.5 Automated decision making

Automated decision making or profiling according to Art. 22 GDPR does not take place.

7.6 Subject to change

We reserve the right to adapt or update this privacy policy, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take account of changes to our services, e.g. the introduction of new services. The most current version applies to your visit.

Status of this privacy policy: September 27, 2022