Data privacy protection
We hereby inform you about processing of your personal data by SITEMA GmbH & Co. KG and your rights connected to this.
A. The controller is
SITEMA GmbH & Co. KG
Phone: +49 721 98661-0
The data protection officer can be contacted by mail under the above address with the addition "Data protection officer" or by e-mail (firstname.lastname@example.org).
B. Categories of data, purposes and legal basis of processing
We process your personal data that we obtain from you or from third parties in the scope of our business relationships. These usually are contact details (name, address, phone number and email address) and – as far as necessary within the scope of processing of the transaction – bank and payment (transaction) details (bank, account details, payment reference, credit card information if applicable), information from publicly available sources, information databases and credit agencies (e.g. internet, commercial register, rating agency) and any other data that you provide to us freely in the scope of processing of a project or a contractual relationship, or in the scope of preparation of a contract.
We process your personal data only in the scope of the statutory provisions, in particular under observation of the rules of the general data protection regulation ("GDPR") and the EU data protection adjustment and implementation act (Datenschutzanpassungs- und Umsetzungsgesetz EU; "BDSG new").
We will process your personal data based on the legal bases described below and for the purposes
- of preparation of a contract, performance of a contract and termination of contractual relationships (point (b) of Article 6(1) GDPR), e.g. compliance with a contract (such as delivery or rendering of a service and processing of a payment), general communication with business partners, e.g. answering of queries about products and services, contract negotiations, etc.;
- based on consent given (point (a) of Article 6(1) GDPR), e.g. the submission of newsletters or information letters, participation in marketing campaigns or surveys, etc.;
- based on statutory specifications (point (c) of Article 6(1) GDPR), e.g. to meet archiving obligations under commercial or tax law, to meet reporting or information obligations towards public authorities, etc.;
- based on legitimate interest (point (f) of Article 6(1) GDPR); e.g. measures for IT safety or measures to ensure proper business operation, to protect domiciliary rights, to assert legal claims or to defend in case of legal disputes, to ensure compliance requirements are met, etc.
If you visit our website for information purposes only, i.e. if you transmit no data to us, we only collect the personal data your browser transfers to our server.
If you visit our website, we collect the following data; some of the data (marked with (M)) is processed by Matomo:
- Anonymized IP address (M)
- Country, region, and town of origin which are determined with limited accuracy from the anonymized IP address (for example to set the display language of the website and to display the contact data of the responsible SITEMA representative) (M)
- Date and time of the request (M)
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (the actual page)
- Title of the page visited (M)
- URL of the page visited (M)
- URL of the previous page (if permitted) (M)
- Access status/HTTP status code
- Amount of data transferred
- Website from which you called our website (referrer URL)
- Browser type, language, and version
- Main language of the browser (M)
- User agent of the browser (M)
- Operating system
- Screen resolution (M)
- Files which users clicked and downloaded (M)
- External links (M)
- Duration of page loading (M)
- Interactions with forms (Matomo: not the content of the forms) (M)
The legal basis for storing the data is the General Data Protection Regulation (GDPR), article 6, paragraph 1, letter f. It is our legitimate interest to improve our website, make it stable, functionable and safe.
We use so-called cookies on various pages of this web sites to improve your site experience and to enable certain features. Cookies are small text files which are placed on your access device.
The only cookie which we use directly (the so-called session cookie) is deleted when your browser session ends (i.e. when you close the browser).
We use Matomo (see section B) without placing Cookies.
Additionally, we use the two following cookies:
We use Google's reCAPTCHA feature for our inquiry forms. The main purpose of this feature is to distinguish data entered by a human visitor from misuse by a computer and automated data processing system. To execute this service, the IP address and other data which Google might need for the reCAPTCHA service, are sent to Google.
We use Google Maps on our Contact web page. Google Maps is a web service which visually displays geographic data on interactive maps. By using this service, you get information on our representations all over the world, and you can see amongst others the location of our site in Karlsruhe.
Google transfers the map content directly to your browser which displays the data on the web page. Therefore, we have no influence on the amount of data Google collects for this service. According to our knowledge, the data collected are the IP address, date and time of the visit to the web page, the internet address or URL of the accessed web page, and possibly more.
For more information about Google reCAPTCHA and Google Maps, see the following links from Google.
D. Apps by SITEMA
Apps by SITEMA collect no personal data. They need access to the following areas of your smartphone:
The device memory is used to install the app and to temporarily store (cache) displayed information and data.
The device language is used to adjust the display language of the app.
E. Recipients or categories of recipients of personal data
We will transmit your personal data to public authorities/public bodies if predominant provisions require this.
We may transmit your personal data to companies of our group of undertakings if this is necessary to meet the purposes named in section B. above.
We use external service providers as processors for various business processes within the meaning of Article 28 GDPR. We have concluded data processing agreements with these service providers in order to ensure protection of your personal data.
The recipients described above may also be located in countries outside of the European Economic Area ("Third Countries"). Third Countries may not warrant the same level of the protection of personal data as the European Economic Area does. If data transfer takes place to a Third Country, we shall ensure that this transfer will only take place according to the proviso of the statutory provisions (Chapter V GDPR).
F. Duration of storage
Usually, personal data are deleted after the end of the legal archiving periods (primarily under commercial and tax law). If the personal data are not affected by the legal archiving periods, they will be erased when they are no longer necessary for the purposes described in section B. above. The storage period may deviate if you have consented to this at the time of collection of the data.
G. Rights of data subjects
You have the right to obtain access to your personal data stored by us, to have inaccurately stored personal data rectified or – if relevant – to change or revoke your consent to processing activities at any time, also without stating any reasons, effective for the future, to have processing of your personal data restricted, effective for the future, to object to processing of your personal data, effective for the future, or to demand erasure of your personal data. You have the right, subject to the conditions stipulated in Article 20 GDPR, to obtain the personal data that have been stored concerning you in a structured, common and machine-readable format and to transmit these data to another controller without any impairment by us.
Furthermore, you may contact the data protection officer named in section A. In order to avoid misuse, we may demand that requests be hand-signed or that the requester proves his or her identity otherwise.
You have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority competent for us is:
The state officer for data protection and freedom of information in Baden-Württemberg, Königstraße 10 a, D-70173 Stuttgart