STACKIT

Data protection notice

Data protection for visitors to our websites stackit.de and portal.stackit.de and our newsletter subscribers.

→ Last updated 06/2020

We take the protection of your personal data very seriously and strive to provide you with comprehensive information about the processing of your personal data. The following data protection notice explains how and for what purposes we process your personal data in connection when you visit our website or contact us.

As a rule, the personal data of yours that we collect is obtained directly from you. The statutory basis is, in particular, the EU General Data Protection Regulation (GDPR).

1. “Controller” within the meaning of Article 4(7) GDPR

The controller responsible for the below-described processing within the meaning of Article 4(7) GDPR is:

Schwarz IT KG
Stiftsbergstraße 1
74172 Neckarsulm
Germany

Telefon: +49 7132 30-4000
E-Mail: datacenter@mail.schwarz

2. Communication by e-mail/telephone/mail/contact form

2.1 Purposes of the processing/legal basis

We treat all personal data that we receive from you by e-mail telephone, mail or contact form confidentially. We use your data solely for the limited purpose of processing your request. This is also the case when we process data that you send us via the expert form or the form for requesting a return call from one of our experts. This data is likewise processed for the limited purpose of responding to your request, sending you personalized information and offers or contacting you by telephone at the agreed time.

The legal basis for the processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the interest in responding to your requests so that customer satisfaction is ensured and promoted.

When you send us personal data by contacting us for purposes of initiating or performing an existing contractual relationship, Article 6(1)(b) GDPR is the legal basis for data processing.

2.2 Recipients/categories of recipient

As a rule, we do not transfer the data to third parties outside Schwarz IT KG. In exceptional cases, we will have a processor process the data on our behalf. Such processors are carefully selected and bound by contract in accordance with Article 28 GDPR.

2.3. Obligation to provide your data

You are under no statutory or contractual obligation to provide personal data to us. However, if you do not provide us with the data required to process your request, we will not be able to process or respond to it.

2.4. Storage time/criteria for determining storage time

We delete or securely anonymize all information we receive from you when you make inquiries no later than 90 days after the final response is sent to you. The information is retained for 90 days in case you contact us again after a receiving a response from us on the same matter and we need to refer to our previous correspondence. Based on experience, we generally do not receive any questions concerning our responses after 90 days. If you assert your rights as a data subject, your personal data will be stored for three years after the final response in order to document the fact that we provided you with comprehensive information and that the legal requirements have been met.

If you send us personal data for purposes of initiating or performing a contract, statutory retention obligations require us to store that data for up to 12 years.

3. Data processed when you visit this website

3.1. Purposes and legal basis of processing

When you visit this website, log files are generated containing the following information:

  • the website/application from which you accessed our site (referrer URL)
  • the IP address
  • the date and time of access
  • the client request
  • the http response code
  • the data volume transmitted
  • the name and URL of the requested file
  • information about the type of browser and operating system you are using
  • the name of your Internet service provider

The legal basis for the processing is Article 6(1)(f) GDPR. Our legitimate interest arises from our interest in protecting our systems and preventing improper and/or fraudulent activity each time that a user accesses this website.

Where processing of the aforementioned data is necessary for preparing or performing a contractual relationship, we process your data on the basis of Article 6(1)(b) GDPR.

3.2. Recipients/categories of recipient

As a rule, we do not transfer the data to third parties outside Schwarz IT KG. In exceptional cases, we will have a processor process the data on our behalf. Such processors are carefully selected and bound by contract in accordance with Article 28 GDPR.

3.3. Obligation to provide your data

You are under no statutory or contractual obligation to provide personal data to us. However, such data will be processed for technical reasons as soon as you access our site. The only way to prevent your data from being processed is to stop using our website.

3.4. Duration of storage

We store the aforementioned data for a period of seven days.

4. Cookies

We, Schwarz IT KG, Stiftsbergstraße 1, 74172 Neckarsulm, Germany, are the controller with respect to data processing in connection with the use of “cookies” and other similar technologies to process usage data on all (sub-)domains at stackit.de and portal.stackit.de.

Cookies are small text files that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our websites. Cookies do not cause any harm to your end device, nor do they contain any viruses, trojans or other malware. The cookie stores certain information that results in connection with the specific end device deployed. This does not, however, mean that we will immediately become aware of your identity.

You may also configure your browser to ensure that a warning appears every time a new cookie is placed. This makes the use of cookies more transparent for you. You may also configure your browser to refuse acceptance of all or some cookies from certain sources. Please be advised, however, that disabling cookies may limit the functionality of this website.

4.1. Purposes and legal basis of processing

Cookies and the other technologies used to process usage data are deployed for the following purposes, depending on the categories of cookie/other technologies:

  • Necessary: These cookies help to make a website usable by enabling basic functions such as site navigation and access to secure pages. The website cannot function properly without these cookies.
  • Preferences: Using these methods, we can take into account your actual or perceived preferences to enhance the user experience. For example, we can use your settings to display our websites in a language relevant to you. They also mean we can avoid displaying products that may not be available in your region.
  • Statistics: These methods enable us to tailor the design of our services by producing anonymized statistics about how they are used. For example, we can use them to determine how better to adapt our websites to user habits.
  • Marketing: These enable us to display relevant advertising content based on an analysis of your usage behavior. Your usage behavior can also be tracked over various websites, browsers or devices via a user ID (unique identifier).

Depending on the purpose, the use of cookies and similar technologies to process usage data involves processing the following types of personal data in particular:

Necessary:

  • user inputs, in order to remember inputs across multiple sub-pages;
  • authentication data to identify a user after signing in, enabling you to access authorized content on subsequent visits (e.g., access to the customer portal);
  • security-related events (e.g., identifying repeat failed sign-in attempts);
  • required data.

Preferences:

  • settings to customize the user interface that are not linked to a permanent identifier.

Statistics:

  • pseudonymized usage profiles containing information on the use of our website. These contain in particular:
    • browser type/browser version;
    • operating system used;
    • referrer URL (i.e., the previously visited page);
    • host name of the accessing computer (IP address);
    • time of the server request;
    • individual user ID; and
    • events triggered on the websites (web browsing behavior).
  • The IP address is routinely anonymized, which in principle means it is no longer possible to identify you.
  • We only store the user ID together with other data you provide (e.g., name, e-mail address) if you give us express permission to do so. In itself, we cannot use the user ID to identify you.

Marketing:

  • pseudonymized usage profiles containing information on the use of our website. These contain in particular:
    • IP address;
    • individual user ID;
    • products potentially of interest;
    • events triggered on the websites (web browsing behavior).
  • IP addresses are routinely anonymized, which in principle means it is no longer possible to identify you.
  • We only store the user ID together with other data you provide (e.g., name, e-mail address) if you give us express permission to do so. In itself, we cannot use the user ID to identify you. We may potentially share the user ID and associated usage profiles with third parties via providers of advertising networks.

The legal basis for using preference, statistical and marketing cookies and similar technologies is your consent given pursuant to Article 6(1)(a) GDPR. The legal basis for using technically necessary cookies and similar technologies is your consent given pursuant to Article 6(1)(f) GDPR. We have a legitimate interest in ensuring the technical stability and security of website operation.

You may withdraw/modify your consent at any time with effect for the future without this affecting the lawfulness of the processing based on consent before its withdrawal. Click here to make your selection.

For an overview of the cookies and other technologies we use, including the respective purposes of processing, storage periods and any third party providers involved, see our cookie policy.

4.2. Recipients/categories of recipient

When using cookies and similar technologies to process usage data, we may on occasion retain specialized service providers, particularly from the field of online marketing, to process data. These service providers process data on our behalf.

If you have consented to processing for marketing purposes, we may potentially share your User ID and the associated user profiles with third parties via the providers of advertising networks.

For information about other recipients in connection with using cookies to process data, see our cookie policy under the heading “Providers”.

4.3. Transfer of data to third countries

As a rule, we do not transfer your data to recipients located outside of the European Union or the European Economic Area. To the extent that you have consented to the use of the relevant cookies, your data will only be transferred if it is processed using Google Analytics in which case it will be transferred to the servers Google LL, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The data transfer is based on standard data protection clauses of the EU.

4.4. Obligation to provide your data

You are under no statutory or contractual obligation to provide personal data to us. You may prevent cookies from being stored by adjusting the aforementioned settings, selecting the categories of cookies accordingly or by withdrawing or modifying any consent you may have given.

4.5. Duration of storage

For information on the duration of storage for cookies, see our cookie policy. If “persistent” is entered in the “expiration” column, the cookie will be stored permanently until the corresponding consent is withdrawn.

5. Newsletter subscription (currently only available for employees of the Schwarz Group)

5.1. Purposes and legal basis of processing

We offer you the opportunity to subscribe to our newsletter. If you consent to receive our newsletter, we will use your e-mail address and name (if provided by you) to send you information about STACKIT. This includes, for example, information about new features, support options and news in connection with STACKIT and our associated services.

The legal basis for such processing is your consent pursuant to Article 6(1)(a) GDPR.

To ensure that no mistakes are made when entering the e-mail address, we use the “double opt-in” procedure: once you enter your e-mail address in the registration field, we will send you a confirmation link. Your e-mail address will not be added to our distribution list until you click on the confirmation link.

You may withdraw your consent to receive the newsletter at any time with effect for the future, e.g., by unsubscribing from the newsletter on our website. The link to the unsubscribe page is provided at the bottom of every newsletter. When you unsubscribe, we consider your consent to a newsletter subscription and the receipt of newsletter based thereon as withdrawn. We will delete your usage data. The lawfulness of the processing carried out until such time as we receive your notice of withdrawal shall not be affected.

5.2. Recipients/categories of recipient

The data you send us to subscribe to the newsletter cannot be accessed by any third parties.

5.3. Obligation to provide your data

You are under no statutory or contractual obligation to provide personal data to us. Subscribing to our newsletter is voluntary and always subject to your consent.

5.4. Duration of storage

Your e-mail address and your name (if provided by you) will be deleted as soon as you unsubscribe from our newsletter.

6. Our pages in Social Media

6.1 Responsibilities

Responsible for the data collection and processing described below are partly us, Schwarz IT KG and partly the respective operators of the social media platforms.For certain processing activities, we and the platform operators also act as jointly responsible parties in the sense of Art. 26 DSGVO.

We operate the following social media sites:

Link: LinkedIn
Link: Xing

6.1.1 Responsibility of platform operators

We have only limited influence on the data processing by the operators of the social media platform (e.g. administration of members and shared information). At the points where we can exert influence and parameterise data processing, we work within the scope of the possibilities available to us to ensure that the operator of the social media platform handles data in a manner that complies with data protection regulations. In many places, however, we cannot influence the data processing by the operator of the social media platform and don’t know exactly what data the operator processes.

The platform operator operates the entire IT infrastructure of the service, maintains its own data protection regulations and maintains its own user relationship with you (if you are a registered user of the social media service). In addition, the operator is solely responsible for all questions regarding the data of your user profile, to which we as a company have no access.

For more information on data processing by the provider of the social media platform and further options for objection, please refer to the provider’s data protection declaration:

Link: LinkedIn
Link: Xing

6.1.2 Our responsibility as Schwarz IT KG

6.1.2.1 Purpose and legal basis of the data processing

The purpose of the data processing by us on our social media presences is to inform customers about services, campaigns, competitions, factual topics, company news and the interaction with visitors to the social media presentations on these topics, as well as to answer corresponding queries, praise or criticism.

We only reserve the right to delete content if this should be necessary. We may share your content on our site if this is a function of the social media platform and communicate with you via the social media platform. The legal basis is Art. 6 para. 1 lit. f) DSGVO. The data processing is carried out in the interest of our public relations and communication. The operator has no influence on the processing of your data by us in the context of customer communication or competitions.

As already mentioned, we make sure that our social media pages comply with data protection regulations as far as possible in those places where the provider of the social media platform gives us the opportunity to do so.

6.1.2.2 Recipients/categories of recipients

The data you enter on our social media pages, such as comments, videos, pictures, likes, public messages, etc., are published by the social media platform for this purpose and are not used or processed by us at any time for other purposes. We only reserve the right to delete illegal content if this should be necessary. This is the case, for example, with infringing or illegal posts, hate comments, salacious comments (explicitly sexual content) or attachments (e.g. pictures or videos), which may violate copyrights, personal rights or criminal laws.

We may share your content on our site if this is a function of the social media platform and communicate via the social media platform. If you send us an inquiry on the social media platform, we may also refer you to other, secure communication channels that guarantee confidentiality, depending on the answer required. You always have the possibility to send us confidential inquiries to our address mentioned under point 1. or in the imprint.

6.1.2.3 Obligation to provide your data

You are contractually and legally not obliged to provide us with personal data. We do not collect any personal data from you if you use our pages in social media for purely informational purposes. If you do not wish to provide us with personal data, you can still visit our pages. In this case, however, you will not be able to use any advanced functions such as the news function, the posting of pictures or articles, etc.

6.1.2.4 Storage period

All personal information that you send us in response to inquiries will be deleted or securely anonymized by us no later than 90 days after the final response to you. The 90-day retention period is explained by the fact that it may happen from time to time that you contact us again after a reply on the same matter and we must then be able to refer to the previous correspondence. Experience has shown that, as a rule, after 90 days, there are no further queries about our answers. If you assert your rights as a data subject, your personal data will be stored for 3 years after the final reply in order to prove that we have provided you with comprehensive information and that the legal requirements have been met.

All public posts by you on one of our social media pages remain in the timeline for an unlimited period of time, unless we delete them due to an update of the underlying topic, a violation of law or our guidelines, or you delete the post yourself. With regard to the deletion of your data by the operator himself, we have no possibility of influencing this. The data protection regulations of the respective operator therefore apply in addition.

6.2 Shared responsibility

There is partly a relationship with the operator of the social media service according to Art. 26 para. 1 DSGVO (joint responsibility):

For the web tracking methods used by the social media platform operator, the platform operators and we act as jointly responsible parties. The web tracking can also be carried out independently of whether you are logged in or registered on the social media platform. As already mentioned, we can unfortunately hardly influence the web tracking methods of the social media platform. For example, we cannot switch this off.

The legal basis for the webtracking methods is Art. 6(f) DSGVO. The interest in optimising the social media platform and the respective fan page is to be regarded as justified in terms of the aforementioned provision.

Further information on the recipients or categories of recipients as well as the storage period or the criteria for determining the storage period can be found in the data protection declarations of the platform operators. We have no influence on these.

The possibilities for exercising your rights to prevent these web tracking methods can be found in the data protection declarations of the platform operators. You can also contact the platform operators using the contact data provided in the respective imprint.

With regard to statistics provided to us by the social media platform provider, we can only influence and prevent them to a limited extent. However, we make sure that no additional optional statistics are made available to us.

Please be aware that it cannot be ruled out that the social media platform provider will use your profile and behavioral data to evaluate your habits, personal relationships, preferences, etc. Schwarz IT KG has no influence on the processing or transfer of your data by the provider of the social media platform.

7. Your rights as the data subject

Under Article 15(1) GDPR, you have the right to obtain information, free of charge, on the personal data stored about you.

If the statutory requirements are met, you also have a right to rectification (Article 16 GDPR), erasure (Article 17 GDPR) and restriction of processing (Article 18 GDPR) of your personal data.

If the basis of processing is Article 6(1)(e) or (f) GDPR, you have a right to object under Article 21 GDPR. If you object to processing, your data will no longer be processed thereafter, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests of the data subject in the objection.

If you have provided the processed data yourself, you have a right to data portability under Article 20 GDPR.

If the data processing is carried out on the basis of consent granted under Article 6(1)(a) or Article 9(2)(a) GDPR, you may revoke that consent at any time with effect for the future without this affecting the lawfulness of the previous processing.

In the above-mentioned cases, or if you have questions or complaints, please write to or e-mail the data protection officer. You also have a right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority located in the state in which you live or where the controller is domiciled has jurisdiction.

8. Data protection officer

For further questions concerning the processing of your data or the exercise of your rights, please contact the competent data protection officer of the controller at:

datenschutz süd GmbH
– Stichwort Schwarz IT KG –
Wörthstraße 15
97082 Würzburg
Germany

E-Mail: office@datenschutz-sued.de