1. Person responsible
SABO-Maschinenfabrik GmbH (“SABO” or “we”) appreciates your interest in our services and in our website www.sabo-online.de (“website”). The protection of your personal data is important to us, and we comply with the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Below we inform you in detail about the handling of your personal data in connection with our website and our SABO Online Shop.
The responsible party according to the GDPR for data processing in connection with the website is:
SABO Maschinenfabrik GmbH
Auf dem Höchsten 22
Represented by Fatmir Veselaj
Email address: [email protected]
[You can reach our data protection officer via the aforementioned contact channels.]
In compliance with data protection regulations, we only process your personal data if we are permitted to do so by law or if you have given your consent. This also applies to the processing of personal data for advertising and marketing purposes.
On this website, we may also collect information that does not in itself allow us to draw any direct conclusions about you. In certain cases – especially when combined with other data – this information can nevertheless be considered “personal data” in the sense of data protection law. We may also collect information on this website that does not directly or indirectly identify you, such as aggregate information about all users of this website.
As a matter of principle, we do not use automated decision-making (including profiling) within the meaning of Art. 22 GDPR. If we use such procedures in individual cases, we will inform you separately to the extent provided for by law.
3. Legal basis
3. LEGAL BASIS
If we require personal data for the performance of a contract concluded with you, we process it on the basis of Art. 6 (1) b) GDPR. This legal basis also includes such processing operations which serve the implementation of pre-contractual measures.
If we are obliged to process personal data in order to comply with a legal obligation, the legal basis for this data processing is Art. 6 (1) c) GDPR.
Insofar as we collect your consent for the processing of personal data, the legal basis for this data processing is Art. 6 (1) lit. (a) GDPR.
If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, this processing is carried out on the basis of Art. 6 (1) f) GDPR.
4. The purposes and details of the processing
4. PURPOSES AND DETAILS OF PROCESSING
We collect and process personal data to the following extent:
- Logfiles: You can access our website without directly providing any personally identifiable information (such as your name, postal address, or email address). In this case too, we need to process certain information to enable you to access our website. When you visit our website, our web server automatically stores data and information of the terminal device and browser you are using. We collect information about the type and version of browser you are using, your operating system, your Internet access provider, the IP address of your terminal device, the date and time of access, a previous web page from which you visited our site, and the pages you visited on our site. We process this technical information in the log files of our systems and do not combine it with other personal data about you. We process the technical information to enable you to access our Internet services, to ensure the functionality of our Internet services and the security of our IT systems and to optimise our Internet services. The legal basis for the processing is Art. 6 (1) f) GDPR.
- Contact Inquiries: You can contact us via the contact form on the website or via the contact methods indicated on the website. We process the data provided by you, as far as this is necessary for the processing of your request. The legal basis is Art. 6 (1) b) and f) GDPR.
- E-mail newsletter: If you have signed up for our e-mail newsletter, we will process your e-mail address and any other information we may have about you on the basis of your corresponding consent in order to provide you with information about our products and services tailored to your interests. To confirm your registration, we will first send you a confirmation link by e-mail after you have registered for our newsletter, before we send e-mail newsletters (so-called double opt-in procedure). For the statistical analysis of our e-mail newsletters we use the tool “MailChimp”; further explanations can be found below. Your personal data will not be passed on to third parties and we will only process your data for the selection of individualised contents and for sending the newsletter within the framework of the consent you have given. The legal basis is Art. 6 (1) a) GDPR.
- SABO Online Shop: In the SABO Online Shop we offer you the possibility to create a customer account. For this purpose, we process the personal data you provided when creating your customer account, such as name and e-mail address as well as a password you selected to access your customer account. In the case of an order, we process further personal data, in particular address, telephone number, payment information and details of the preferred SABO sales partner selected by you. Depending on the payment method you have chosen for the respective order, the information required for payment will be transmitted to the service provider used for the respective payment method; further information on this can be found below. Your order details will be passed on to your preferred SABO sales partner, from whom you can collect the ordered goods if necessary, or who will deliver them directly to you and process warranty claims. When processing warranty cases, the necessary personal data is also processed by us. The processing of personal data (including the transmission to your preferred SABO sales partner and the processing in the case of warranty claims) is carried out for the fulfilment of the contract concluded with you on the basis of your order or for the implementation of pre-contractual measures on the basis of Art. 6 Para. 1 b GDPR.
- Other legitimate interests: To the extent necessary, we also process your data beyond the aforementioned purposes to protect our legitimate interests or the interests of third parties; this is done on the basis of Art. 6 para. 1(f) GDPR. Our legitimate interests include
- the assertion of legal claims and the defence in legal disputes;
- the prevention and investigation of criminal offences;
- the management and further development of our business activities, including risk management;
- fraud prevention, and
- the ability to identify and correct technical errors in the system.
5. Cookies and similar technologies
5. COOKIES AND SIMILAR TECHNOLOGIES
Apart from the cookies and similar technologies necessary for the operation of our website, we only use these with your consent on the basis of Art. 6 Para. 1 a) GDPR, which you can grant via a “cookie banner” displayed when you first access our website.
The use of our website is also possible without cookies. You can deactivate the saving of cookies in your browser under Tools/Internet options, restrict them to certain websites or set your browser to notify you as soon as a cookie is sent. Please note, however, that in this case you will have to reckon with a restricted presentation of our website and with a restricted user guidance.
Specifically, we may use the following cookies and similar technologies:
- Website analytics with Google Analytics: We use the web analytics service “Google Analytics” on this website, which is operated and provided by Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland (“Google”). If you have given your consent, Google will process the data for website use. During your website visit, the following data is recorded, among other things: Pages viewed, orders incl. of sales and products ordered, the achievement of “website goals” (e.g. contact requests and newsletter registrations), your behaviour on the pages (e.g. clicks, scrolling behaviour and length of stay), your approximate location (country and city), your IP address (in shortened form, so that no clear assignment is possible), technical information such as browser, Internet provider, terminal device and screen resolution, origin of your visit (i.e. via which website or advertising material you came to us). This data is transferred to a Google server in the USA. Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID that can be used to recognize you on future visits to the website. The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data shall remain stored in aggregated form for an indefinite period. You can disable data collection by Google Analytics with the one-time installation of a browser add-on. Further information on data processing by Google can be found at https://policies.google.com/privacy.
- Google Ads / Google Remarketing: We use on our website “Google Ads” (formerly Google AdWords), also a service of Google. Google Ads enables us to draw attention to our attractive offers with the help of advertising media on external websites. This enables us to determine how successful individual advertising measures are. These advertising media are delivered by Google via so-called “AdServers”. We use so-called AdServer cookies for this purpose, through which certain parameters for measuring success, such as display of the ads or clicks by the users, can be measured. If you access our website via a Google ad and have given your consent, Google Ads will store a cookie on your PC. These cookies usually expire after 30 days. They are not intended to identify you personally. The following information is usually stored as analysis values for this cookie: unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions), opt-out information (marking that the user no longer wishes to be addressed). These cookies enable Google to recognise your web browser. If a user visits certain pages of the website of an Ads customer and the cookie stored on his computer has not yet expired, Google and the customer can recognize that the user has clicked on the ad and was redirected to this page. A different cookie is assigned to each Ads customer. Cookies can thus not be tracked via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. On the basis of these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising tools, in particular we cannot identify the users on the basis of this information. Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of Google Ads. According to our knowledge, Google receives the information that you have called up the corresponding part of our website or clicked on one of our advertisements. If you have a user account with Google and are registered, Google can assign the visit to your user account. Even if you are not registered with Google or have not logged in, there is a possibility that Google will obtain and store your IP address. You can set your web browser to block cookies from the domain “www.googleadservices.com” (https://www.google.de/settings/ads). We would like to point out that this setting will be deleted when you delete your cookies. In addition, you can deactivate interest-based ads via the link http://optout.aboutads.info. Please note that this setting will also be deleted when you delete your cookies.
- Bing Ads: We also use Bing Ads (bingads.microsoft.com) technology on our website, which is provided and operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). If you have given your consent, Microsoft will set a cookie on your terminal device if you have accessed our website via a Microsoft Bing ad. This allows Microsoft and us to recognize that someone has clicked on an ad, been redirected to our website, and reached a predetermined landing page (“conversion site”). We only learn the total number of users who clicked on a Bing ad and were then redirected to the conversion site. Microsoft collects, processes and uses information via the cookie, from which usage profiles are created using pseudonyms. These usage profiles serve to analyse visitor behaviour and are used to display advertising. No personal information about the identity of the user is processed. In this case, you can also prevent the collection of the data generated by the cookie and related to your use of the website, as well as the processing of this data by Microsoft, by declaring your objection under the following link https://choice.microsoft.com/de-DE/opt-out. For more information about privacy and cookies used by Microsoft and Bing Ads, visit Microsoft’s Web site at https://privacy.microsoft.com/de-de/privacystatement.
- Newsletter dispatch/analysis via MailChimp: We also use services from MailChimp for the dispatch of newsletters. Mailchimp is operated and provided by Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA. MailChimp is a service with which, among other things, the sending of newsletters can be organized and analyzed. If you enter data for the purpose of receiving our newsletter (e.g. e-mail address) and declare your consent to receive our newsletter, this data will be stored on MailChimp’s servers in the USA. With the help of MailChimp we can analyse our newsletter campaigns. When you open an email sent with MailChimp, a file contained in the email (so-called web beacon) connects to MailChimp’s servers in the USA. This makes it possible to determine whether a newsletter message has been opened and which links, if any, have been clicked on. In addition, technical information is collected (e.g. time of access, IP address, browser type and operating system). This information cannot be assigned to the respective newsletter recipient. They are used exclusively for the statistical analysis of newsletter campaigns. The results of these analyses can be used to better adapt future newsletters to the interests of the recipients. If you do not want any analysis by MailChimp, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message; alternatively, you can also contact us via the contact channels mentioned on the website. Your newsletter data will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the servers of MailChimp after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this. For more information on data processing, please see MailChimp’s privacy information at https://mailchimp.com/legal/terms/.
- Google Fonts: We integrate the fonts (“Google Fonts”) of the provider Google, whereby the user data is used solely for the purpose of displaying the fonts in the user’s browser. The integration is based on our legitimate interests in a technically safer, maintenance-free and efficient use of fonts, their uniform presentation and taking into account possible licensing restrictions for their integration.
- Google Maps: We integrate the maps of the service “Google Maps” of the provider Google in our website. In the case of your consent, the data processed by Google may include, in particular, IP addresses and location data of users.
6. Recipients of data
6. RECIPIENTS OF DATA
Your personal data will always be processed within our company. Depending on the type of personal data, only certain departments / organizational units have access to your personal data. This includes in particular the specialist departments involved in the provision of our services and our IT department. By means of a role and authorisation concept, access within our company is restricted to those functions and to that extent which is necessary for the respective purpose of the processing.
In the event of an order in the SABO Online Shop, your personal data will be transmitted to your preferred SABO sales partner and/or our logistics service provider. In addition, we use the services of specialised providers for payment processing depending on the payment method you have chosen (in particular the “PayPal” service offered by PayPal (Europe) S.à.r.l. et Cie, SCA, the services of the Stripe Group for credit card payments and the “Sofortüberweisung” service offered by Klarna Bank AB). For more information on the processing of personal data, please visit www.paypal.com, https://stripe.com/de/privacy#translation and www.klarna.com.
We may also transfer your personal data to other third parties outside our company to the extent permitted by law. These external recipients may include in particular
- affiliated companies to which we transfer personal data for internal administrative purposes;
- the service providers engaged by us (for example in the areas of IT or marketing), who provide services for us on a separate contractual basis, which may also include the processing of personal data, as well as the subcontractors of our service providers engaged with our consent;
- non-public and public bodies, insofar as we are obliged to transfer your personal data due to legal obligations.
7. Data processing in third countries
7. DATA PROCESSING IN THIRD COUNTRIES
The processing of your personal data will always take place within the EU or the European Economic Area.
In certain cases, information may be transferred to recipients in so-called “third countries”. “Third countries” are countries outside the European Union or the Agreement on the European Economic Area where it cannot be readily assumed that the level of data protection is comparable to that in the European Union.
Insofar as the information transferred also includes personal data and we are not obliged to transfer such data due to a legal obligation, we will ensure prior to such transfer that the required appropriate level of data protection is guaranteed in the respective third country or at the recipient in the third country. This can result in particular from a so-called “adequacy decision” of the European Commission, which determines an adequate level of data protection for a specific third country as a whole. Alternatively, we can also base the data transfer on one of the guarantees listed in Art. 44 et seq. GDPR, such as the so-called “EU standard contractual clauses” agreed with a recipient.
We will be happy to provide you with further information on the appropriate and adequate safeguards to maintain an adequate level of data protection upon request; you will find our contact details at the beginning of this data protection information. Information on the EU standard contractual clauses here and information on the adequacy conclusions here.
8. Data security
8. DATA SECURITY
To ensure data security and the protection of your personal data, we take technical protective measures, in particular to prevent third parties from accessing your data. We adapt the technical protective measures in accordance with the current state of the art.
9. Obligation to provide data
9. OBLIGATION TO PROVIDE DATA
Certain personal data is required for certain functionalities of our website (such as the creation of a customer account or an order in the SABO Online Shop). This information is usually marked as mandatory on the website (e.g. in an online form); without the provision of mandatory information, we cannot enable you to use the respective functionality.
If we also collect personal data from you, we will inform you at the time of collection whether the provision of this information is required by law or contract or is necessary for the conclusion of a contract. In doing so, we generally mark those information whose provision is voluntary and is not based on one of the aforementioned obligations or is not required for the conclusion of a contract.
10. Duration of storage
10. DURATION OF STORAGE
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.
Even without a legitimate interest, we may continue to store the data if we are required to do so by law (for example, to comply with retention obligations). We will also delete your personal data without your intervention as soon as knowledge of it is no longer necessary to fulfil the purpose of the processing or the storage is otherwise legally inadmissible.
As a rule, the log data is deleted within thirty days, unless further storage is required for legally stipulated purposes, such as the detection of misuse and the recognition and elimination of technical faults;
the data processed in connection with the registration of an account will be deleted when the customer account is deleted.
Those personal data that we have to store in order to fulfil retention obligations are stored until the end of the respective retention obligation. Insofar as we store personal data exclusively for the purpose of fulfilling retention obligations, this data is generally blocked so that it can only be accessed if this is necessary with regard to the purpose of the retention obligation.
11. Your rights as a data subject
11. YOUR RIGHTS AS A DATA SUBJECT
As a data subject, you have the right, in accordance with the following provisions, to
- to information on the personal data stored about you, Article 15 GDPR;
- to rectification of inaccurate or incomplete data, Article 16 GDPR;
- to erasure of personal data, Article 17 GDPR;
- to restriction of processing, Article 18 of the GDPR; and
- to data portability, Article 20 GDPR.
Right of objection in accordance with Art. 21 GDPR: You also have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (2) GDPR. 1 (e) or (f) GDPR to lodge an appeal. In the event of your objection, we will no longer process the personal data relating to you unless we can demonstrate compelling legitimate grounds for processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If we process personal data relating to you for the purposes of direct marketing, you have the right to object at any time to the processing of personal data relating to you for the purposes of such marketing. If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
Revocation of consent: If you have given us your consent (e.g. in connection with information by e-mail), you can revoke such consent at any time with effect for the future. In our e-mail information we usually provide you with a corresponding link in each of our newsletters. You can also contact us in any other way, for example by sending us a message by post, fax or e-mail, using one of the contact methods listed on the first page of this privacy information.
To exercise these rights, you can contact us at any time – e.g. via one of the contact channels indicated at the beginning of this data protection information.
You also have the right to lodge a complaint with a competent supervisory authority for data protection, Art. 77 GDPR.