Privacy policy
1. responsible person
SABO-Maschinenfabrik GmbH (“SABO” or “we”) appreciates your interest in our services and our website www.sabo-online.de (“Website”). The protection of your personal data is important to us and we comply with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Below we inform you in detail about the handling of your personal data in connection with our website and our SABO online store.
We have appointed a data protection officer for our company, who can be contacted as follows
Datenschutzberater.NRW GmbH
Dennis Manz
Hansaring 78
50670 Cologne
Phone: +49 (0) 221 29 27 29 0
E-mail: datenschutz[at]datenschutzberater.nrw
https://www.datenschutzberater.nrw/edsb-info/
2. principles
2. PRINCIPLES
In compliance with data protection regulations, we only process your personal data if we are permitted to do so by law or if you have given your consent. This also applies to the processing of personal data for advertising and marketing purposes.
We may also collect information on this website that does not in itself allow us to draw any direct conclusions about your person. In certain cases – especially when combined with other data – this information may nevertheless be considered “personal data” in the sense of data protection law. Furthermore, we may also collect information on this website that does not allow us to identify you either directly or indirectly; this is the case, for example, with summarized information about all users of this website.
We do not use automated decision-making (including profiling) within the meaning of Art. 22 GDPR. If we use such procedures in individual cases, we will inform you about this separately to the extent required by law.
3. legal bases
3. LEGAL BASIS
If we need personal data to fulfill a contract concluded with you, we process it on the basis of Art. 6 (1) b) GDPR. This legal basis also includes such processing operations that serve to carry out pre-contractual measures.
If we are obliged to process personal data to fulfill a legal obligation, the legal basis for this data processing is Art. 6 (1) c) GDPR.
Insofar as we obtain your consent for the processing of personal data, the legal basis for this data processing is Art. 6 (1) lit. a) GDPR.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, this processing is carried out on the basis of Art. 6 (1) f) GDPR.
4. purposes and details of the processing
4. PURPOSES AND DETAILS OF PROCESSING
We collect and process personal data to the following extent:
- Log files: You can access our website without directly providing personal data (such as your name, postal address or e-mail address). Even in this case, we need to process certain information to enable you to access our website. When you visit our website, our web server automatically stores data and information about the device and browser you are using. This includes information on the browser type and version used, the operating system, the internet access provider, the IP address of your device, the date and time of access, a previous website from which you visited our website and the pages you visited on our website. We process this technical information in the log files of our systems and do not combine it with other personal data about you. We process the technical information to enable you to access our website, to ensure the functionality of our website and the security of our IT systems and to optimize our website. The legal basis for processing is Art. 6 (1) f) GDPR.
- Contact requests: You can contact us via the contact form on the website or via the contact channels specified on the website. We process the data you provide to the extent necessary to process your request. The legal basis is Art. 6 (1) b) and f) GDPR.
- Email newsletter: If you have registered for our email newsletter, we will process your email address and any other information we may have on the basis of your consent in order to send you information about our products and services tailored to your interests. To confirm your registration, we will first send you a confirmation link by e-mail after you have registered for our newsletter before we send you the e-mail newsletter (so-called double opt-in procedure). We use the “MailChimp” tool to statistically analyze our e-mail newsletters; you will find further explanations below. Your personal data will not be passed on to third parties, and we process your data exclusively for the selection of individualized content and for sending the newsletter within the scope of the consent you have given. The legal basis is Art. 6 (1) a) GDPR.
- SABO online store: In the SABO online store, we offer you the option of creating a customer account. For this purpose, we process the personal data provided by you when creating the customer account (such as name and e-mail address as well as a password selected by you for access to your customer account. In the case of an order, we process further personal data, in particular address, telephone number, payment information and details of the preferred SABO sales partner selected by you. Depending on the payment method you have selected for the respective order, the information required for payment will be transmitted to the service provider used for the respective payment method; further information on this can be found below. Your order data will be transmitted to your preferred SABO sales partner, from whom you may be able to collect the ordered goods or who will deliver them directly to you and process warranty claims. When processing warranty cases, the necessary personal data will also be processed by us. The processing of personal data (including the transmission to your preferred SABO sales partner and the processing of warranty claims) is carried out to fulfill the contract concluded with you on the basis of your order or to carry out pre-contractual measures on the basis of Art. 6 para. 1 b GDPR.
- Other legitimate interests: If necessary, we also process your data beyond the aforementioned purposes to protect our legitimate interests or the interests of third parties; this is done on the basis of Art. 6 para. 1 f) GDPR. Our legitimate interests include
- the assertion of legal claims and defense in legal disputes
- the prevention and investigation of criminal offenses;
- the management and further development of our business activities, including risk management
- the prevention of fraud and
- the ability to identify and rectify technical errors in the system.
5. cookies and comparable technologies
5. COOKIES AND COMPARABLE TECHNOLOGIES
We use cookies and similar technologies on our website. As a rule, small files are stored on your device or in your browser. These enable us to store certain information relating to the respective end device while you are visiting our website. We use cookies and similar technologies in particular to determine the frequency of use and the number of users of our website, as well as to make our offers as convenient and efficient as possible for you.
In some cases, the information is stored exclusively for the duration of your use of our website. In some cases, the information is also stored beyond the usage process in order to record information about end devices that repeatedly access our website. This enables us to offer you optimal user guidance, as well as to “recognize” a device and present a website that is as varied as possible and new content in the event of repeated use. As a rule, the content of the information is limited to an identification number and the information stored about website use. Your name, IP address or other details about your real identity are not stored, and we are generally unable to identify you directly on the basis of the use of cookies and similar technologies.
Apart from the cookies and similar technologies necessary for the operation of our website, we only use them with your consent on the basis of Art. 6 para. 1 a) GDPR, which you can give via a “cookie banner” displayed when you first visit our website.
It is also possible to use our website without cookies. You can deactivate the storage of cookies in your browser under Tools/Internet options, restrict them to certain websites or set your browser to notify you as soon as a cookie is sent. Please note, however, that in this case you must expect a limited display of our website and limited user guidance.
Specifically, we may use the following cookies and similar technologies:
- Website analysis with Google Analytics: We use the web analysis service “Google Analytics” on this website, which is operated and provided by Google Ireland Li-mited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (“Google”). If you have given your consent, Google will process the data for website use. The following data is recorded during your visit to the website: Pages viewed, orders including sales and products ordered, the achievement of “website goals” (e.g. (e.g. contact requests and newsletter registrations), your behavior on the pages (e.g. clicks, scrolling behavior and dwell time), your approximate location (country and city), your IP address (in abbreviated form so that no clear assignment is possible), technical information such as browser, Internet provider, end device and screen resolution, origin of your visit (i.e. via which website or via which advertising medium you came to us). This data is transferred to a Google server in the USA. Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognized on future visits to the website. The recorded data is stored together with the randomly generated user ID, which makes it possible to analyze pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored in aggregated form indefinitely. You can deactivate data collection by Google Analytics with the one-time installation of a browser add-on. Further information on data processing by Google can be found at https://policies.google.com/privacy
- Google Ads / Google Remarketing: We use “Google Ads” (formerly Google AdWords), also a Google service, on our website. Google Ads enables us to draw attention to our attractive offers with the help of advertising material on external websites. This enables us to determine how successful individual advertising measures are. These advertising materials are delivered by Google via so-called “AdServers”. We use so-called ad server cookies for this purpose, which can be used to measure certain parameters for measuring success, such as the display of ads or clicks by users. If you reach our website via a Google ad and have given your consent, Google Ads will store a cookie on your PC. These cookies generally lose their validity after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). These cookies enable Google to recognize your web browser. If a user visits certain pages of an Ads customer’s website and the cookie stored on their computer has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. A different cookie is assigned to each Ads customer. Cookies cannot therefore be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can recognize which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising material; in particular, we cannot identify the users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. To the best of our knowledge, Google receives the information that you have accessed the relevant part of our website or clicked on one of our ads. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, there is a possibility that Google will find out your IP address and store it. You can set your web browser to block cookies from the domain “www.googleadservices.com” (https://www.google.de/settings/ads). Please note that this setting will be deleted if you delete your cookies. You can also deactivate interest-based ads via the link http://optout.aboutads.info. Please note that this setting will also be deleted if you delete your cookies.
- Bing Ads: We also use technologies from Bing Ads (bingads.microsoft.com) on our website, which are provided and operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). If you have given your consent, Microsoft will set a cookie on your device if you have reached our website via a Microsoft Bing ad. In this way, Microsoft and we can recognize that someone has clicked on an ad, has been redirected to our website and has reached a predetermined target page (“conversion site”). We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion site. Microsoft collects, processes and uses information via the cookie, from which user profiles are created using pseudonyms. These user profiles are used to analyze visitor behavior and are used to display advertisements. No personal information identifying the user is processed. In this case, you can also prevent the collection of the data generated by the cookie and related to your use of the website and the processing of this data by Microsoft by declaring your objection at the following link https://choice.microsoft.com/de-DE/opt-out. Further information on data protection and the cookies used by Microsoft and Bing Ads can be found on the Microsoft website https://privacy.microsoft.com/de-de/privacystatement.
- Facebook Custom Audiences: We use the “Website Custom Audiences” service of the social network Facebook on our website. This service is operated by Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). You can find more information about “Website Custom Audiences” at the following link: https://www.facebook.com/business/help/449542958510885/. According to Facebook, this service generates a non-reversible and non-personal checksum (hash value) from your usage data, which Facebook can use for analysis and marketing purposes. If you have given your consent, Facebook will address a cookie, web beacon, pixel or similar technology for the “Website Custom Audiences” product on the website and may store it on your end device. Since the service and the data processing that takes place via this service are the sole responsibility of Facebook, we have no influence on the possible processing of personal data. For more information on the purpose and scope of data collection and the further processing and use of data by Facebook, as well as your setting options for protecting your privacy, please refer to Facebook’s privacy policy, which can be found at https://www.facebook.com/ads/website_custom_audiences/ and https://www.facebook.com/privacy/explanation, among others. If you wish to object to the use of Facebook Website Custom Audiences in general, you can exercise this objection (opt-out) at the following link https://www.facebook.com/ads/website_custom_audiences.
- Newsletter dispatch/analysis via MailChimp: We also use MailChimp services to send newsletters. Mailchimp is operated and provided by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service with which, among other things, the sending of newsletters can be organized and analyzed. If you enter data for the purpose of receiving the newsletter (e.g. e-mail address) and give your consent to receive our newsletter, this data will be stored on MailChimp’s servers in the USA. With the help of MailChimp, we can analyze our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (known as a web beacon) connects to the MailChimp servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. Technical information is also collected (e.g. time of access, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. It is used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you do not wish to be analyzed by MailChimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message; alternatively, you can also contact us via the contact channels mentioned on the website. Your newsletter data will be stored by us until you unsubscribe from the newsletter and deleted from both our servers and the MailChimp servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this. Further information on data processing can be found in MailChimp’s data protection information at https://mailchimp.com/legal/terms/.
- Google Fonts: We integrate the fonts (“Google Fonts”) of the provider Google, whereby the user’s data is used solely for the purpose of displaying the fonts in the user’s browser. The integration is based on our legitimate interests in a technically secure, maintenance-free and efficient use of fonts, their uniform presentation and taking into account possible licensing restrictions for their integration.
- Google Maps: We integrate the maps of the “Google Maps” service of the provider Google into our website. If you have given your consent, the data processed by Google may include, in particular, IP addresses and user location data.
6. recipients of data
6. DATA RECIPIENTS
Your personal data is generally processed within our company. Depending on the type of personal data, only certain departments / organizational units have access to your personal data. These include in particular the specialist departments involved in the provision of our services and our IT department. A role and authorization concept limits access within our company to the functions and scope required for the respective purpose of processing.
In the case of an order in the SABO Online Shop, your personal data will be transmitted to the preferred SABO sales partner and/or our logistics service provider selected by you. In addition, we use the services of specialized providers for payment processing depending on the payment method you have chosen (in particular the “PayPal” service offered by PayPal (Europe) S.à.r.l. et Cie., SCA, the services of the Stripe Group for credit card payments and the “Sofortüberweisung” service offered by Klarna Bank AB). Further information on the processing of personal data can be found at www.paypal.com, https://stripe.com/de/privacy#translation and www.klarna.com.
We may also transfer your personal data to other third parties outside our company to the extent permitted by law. These external recipients may include in particular
- affiliated companies to which we transfer personal data for internal administrative purposes
- the service providers engaged by us (for example in the areas of IT or marketing) who provide services for us on a separate contractual basis, which may also include the processing of personal data, as well as the subcontractors of our service providers engaged with our consent;
- non-public and public bodies, insofar as we are obliged to transfer your personal data due to legal obligations.
7. data processing in third countries
7. DATA PROCESSING IN THIRD COUNTRIES
Your personal data is generally processed within the EU or the European Economic Area.
In certain cases, information may be transferred to recipients in so-called “third countries”. “Third countries” are countries outside the European Union or the Agreement on the European Economic Area in which a level of data protection comparable to that in the European Union cannot be readily assumed.
If the transferred information also includes personal data and we are not obliged to transfer it due to a legal obligation, we will ensure before such a transfer that the required adequate level of data protection is guaranteed in the respective third country or at the recipient in the third country. This may result in particular from a so-called “adequacy decision” of the European Commission, which determines an adequate level of data protection for a specific third country as a whole. Alternatively, we can also base the data transfer on one of the guarantees listed in Art. 44 et seq. GDPR, such as the so-called “EU standard contractual clauses” agreed with a recipient.
We will be happy to provide you with further information on the suitable and appropriate guarantees for compliance with an appropriate level of data protection on request; our contact details can be found at the beginning of this data protection information. Information on the EU standard contractual clauses here and information on the adequacy clauses here.
8. data security
8. DATA SECURITY
To ensure data security and the protection of your personal data, we take technical security measures, in particular to prevent third parties from accessing your data. We adapt the technical protective measures in accordance with the current state of the art.
9. obligation to provide data
9. OBLIGATION TO PROVIDE DATA
Certain personal data is required for certain functionalities of our website (such as creating a customer account or placing an order in the SABO online store). This information is usually marked as mandatory information on the website (e.g. in an online form); without the provision of mandatory information, we cannot enable you to use the respective functionality.
If we also collect personal data from you, we will inform you at the time of collection whether the provision of this information is required by law or contract or is necessary for the conclusion of a contract. In doing so, we generally mark the information that is provided voluntarily and is not based on one of the aforementioned obligations or is not required for the conclusion of a contract.
10. duration of storage
10. DURATION OF STORAGE
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
Even without a legitimate interest, we may continue to store the data if we are legally obliged to do so (e.g. to fulfill retention obligations). We will also delete your personal data without any action on your part as soon as knowledge of it is no longer necessary to fulfill the purpose of the processing or the storage is otherwise legally inadmissible.
As a rule, log data is deleted within thirty days, unless further storage is required for statutory purposes, such as the detection of misuse and the detection and elimination of technical faults;
the data processed in connection with the registration of an account is deleted when the customer account is deleted.
The personal data that we must store to fulfill retention obligations will be stored until the end of the respective retention obligation. Insofar as we store personal data exclusively for the fulfillment of retention obligations, this data is generally blocked so that it can only be accessed if this is necessary with regard to the purpose of the retention obligation.
11. your rights as a data subject
11. YOUR RIGHTS AS A DATA SUBJECT
As a data subject, you have the right in accordance with the following provisions
- to information about the personal data stored about you, Article 15 GDPR
- to rectification of inaccurate or incomplete data, Article 16 GDPR;
- to erasure of personal data, Article 17 GDPR;
- to restriction of processing, Article 18 GDPR; and
- to data portability, Article 20 GDPR.
Right to object under Article 21 GDPR: You also have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR. If you object, we will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
Revocation of consent: If you have given us your consent (e.g. in connection with information by e-mail), you can revoke such consent at any time with effect for the future. In our e-mail information, we generally provide you with a corresponding link in each of our newsletters. You can also contact us in any other way, e.g. by sending us a message by post, fax or e-mail, using one of the contact channels listed on the first page of this data protection information.
To exercise these rights, you can contact us at any time – e.g. via one of the contact channels listed at the beginning of this data protection information.
You are also entitled to lodge a complaint with a competent supervisory authority for data protection, Art. 77 GDPR.