Privacy Policy

Effective 18.09.20

We are delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of STREMLER AG (“Stremler”).

The processing of personal data is necessary for using the website and also if you, visitor of our website and the data subject in connection with certain personal data we process (“you”, “your”), ask for certain services over our website.

In this privacy policy, we describe how we process your personal information when you visit the www.stremler.de website (the “website).

1.0 At a glance


1.1 Who are “we”?

1.1.1 Controller

Stremler provides real time planning and control solutions for value chains. Our details as controller under the EU General Data Protection Regulation (GDPR) are as follows:

STREMLER AG, Am Schönbühl 1, 88131 Lindau, Germany, Phone: +49 (0) 8382 9352-0, Email: info@stremler.de


1.1.2. Data Protection Officer

You may contact our Data Protection Officer directly with all questions and suggestions concerning data protection. The details of our Data Protection Officer are as follows:

Brigitte Stremler, STREMLER AG, Am Schönbühl 1, 88131 Lindau, Germany, Phone: +49 (0) 8382 9352-0, Email: info@stremler.de


1.1.3. Hosting and Admin

Our website is hosted and administered by Squarespace https://www.squarespace.com/. In the course of providing us with services, Squarespace may access and process some personal data of website’s visitors.

The privacy and security documents and declarations of Squarespace are available here:

We make great efforts to minimize to the extent possible processing and sharing of your personal data and use it strictly for purposes mentioned in this privacy policy. Please be advised that some personal data might be shared with or accessed by Squarespace entities and partners located outside of the European Economic Area (EEA). Data processing is performed under strict contractual and technical safeguards to ensure the security, integrity and privacy interests in the data and for compliance with applicable laws.

For data transfer to jurisdictions outside of the EU we rely, among other safeguards, on Standard Contractual Clauses (SCC) as adopted by the European Commission decision (C(2010)593) of 5 February 2010 (as may be amended from time to time by European Commission decision) https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087.

Detailed information can be found in the Data Protection Addendum linked to above.


1.2 What data do we collect?

Depending on how you use our website, we collect certain categories of data:

  • Your IP address (The IP address is a code that identifies your device on an internet network. If we anonymize it, we can only deduce the region where you are located when you visit our website)
  • Your email address, if you provide it to us (for example, by sending us an email or otherwise contacting us), your name, if you share it with us, and additional personal information you provide to us through the contact form and other communications such as your full name, content of your request, and telephone number (optional)
  • Information about your device, like the type of internet browser you use, your operating system and the size of your browser window
  • The page you visited before landing on our website and the pages you visited on our website
  • The time and date you accessed our website
  • The HTTP status codes issued by our server when it responds to your browser’s request


1.3. Why do we collect and use your data?

We collect and use your data for the following purposes:

  • display our website
  • ensure the security of our website
  • allow you to contact us
  • allow you to receive further information about our services, for example, via our newsletter
  • evaluate and optimize our website


1.4 Who else gets access to your data?

We generally do not share personal data with third parties (as defined in Article 4(10) GDPR) except under the conditions and safeguards mentioned in the Data Protection Addendum.


1.5 How long do we keep your data?

The precise periods for which personal information is kept vary depending on the nature of the information and why we need it. Factors we consider in determining these periods include the minimum required retention period prescribed by law or recommended as best practice, the period during which a claim can be made with respect to an agreement or other matter, whether the personal information has been aggregated or anonymized, and other relevant criteria.


1.6 What are your rights?

When we collect your personal data, generally you have the following rights: the rights to access (Article 15 GDPR), rectify and erase (Articles 16, 17 GDPR) the data we hold about you; the right to transfer your data (Article 20 GDPR); and the rights to restrict and object to the processing of your data (Article 18 GDPR). We explain the relevant rights of the data subject in the Appendix at the end of this privacy policy.

2.0 Cookies


2.1 What are cookies?

Our website uses cookies. Cookies are text files that are stored in a computer system via an Internet browser. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored.

Cookies are used by the website for differentiation of your individual browser from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified using the unique cookie ID.

We use cookies to provide website visitors with more user-friendly services that would not be possible without the cookies setting. Cookies further allow us to optimize your experience while visiting the site and while using some features of our website, such the automated contact form.


2.2. What cookies do we use?

We apply a tool powered by Legal Monster https://www.legalmonster.com/ to provide you with enhanced oversight and control over cookies we use. You may review the type of cookies and receive further information about cookies our website uses over the cookie management tool of Legal Monster.


Provider: Legal Monster ApS
Purpose:
The cookies from Legal Monster help with ensuring that you are given the option to accept or reject cookies, block non-necessary cookies from working until you give consent and remember your cookie settings and choices. The cookies also help with keeping track of if and when you gave consent to analytical cookies, our privacy policy, T&Cs and email marketing.

Cookies:
legalmonster-consent-cache: Session cookie
legalmonster-cookie-consent: Expires after 180 days
legalmonster-pages-viewed: Session cookie
legalmonster-user: Expires after 180 days


Provider: Squarespace
Purpose: Prevents cross-site request forgery (CSRF).

Cookies:
crumb: Session cookie


2.3 Who else gets access to cookies data?

Our processors may have access to cookies data for purposes of web hosting, administration, security, and communication requests initiated by you. A list of cookies owners and further information related to cookies is available over our cookies management tool.


2.4 Why are we allowed to process this data?

Placing cookies and processing personal information using this technology is based, in the case of essential and functional cookies, on our legitimate interest (Article 6(1)(f) GDPR) to offer the website. Other types of cookies require your consent as expressed in the cookies setting presented through our cookies banner.


2.5 How long do we keep your data?

Session cookies are retained only for the time that your internet browser is connected to the website. Other types of cookies may be stored for a longer period. Detailed information about the duration of cookies retention is available over our cookies banner.

2.6 What are your rights?

You can manage the setting of non-essential cookies over our cookies management tool. Consent provided with respect to non-essential cookies can be withdrawn at any time in accordance with Article 7(3) GDPR.

Using the privacy preferences of your Internet browser or other software programs, you may at any time delete cookies installed on your device and make other individual choices relating to cookies, including permanently denying the setting of cookies. Keep in mind that deactivating the setting of cookies in the Internet browser used might disable functions of our website.


3.0 What data do we process to display our website?


We collect certain data to display the website in the best manner and to enable navigation. For example, we adapt the display of the website’s content to the size of your screen and to your browser characteristics.


3.1 What data do we collect?

We collect the following data:

  • Your IP address
  • The type and version of your internet browser (Chrome, Safari, Firefox, etc.)
  • The size of your browser window
  • Your operating system (Windows 10, macOS Mojave, etc.)
  • The page you visited before landing on our website
  • The page or pages you visited on our website
  • The time and date you accessed our website


3.2 Who else gets access to your data?

Our data processor Squarespace may have access to the data in accordance with the Data Processing Addendum as well as the terms and safeguards explained in section 1.1.3 above.


3.3 Why are we allowed to process this data?

We have a legitimate interest according to Article 6(1)(f) GDPR to process the personal data in order to inform you and other visitors about our services in the best possible manner.


3.4 How long do we keep your data?

We retain personal information regarding your use of the website for as long as our hosting account is active or for as long as needed to provide you with the website’s information and services. We also retain personal information for as long as necessary to achieve the purposes described in this privacy policy, to comply with our legal obligations, to protect ourselves in the event of disputes and to protect our and others’ interests.

The precise periods for which we keep your personal information vary depending on the nature of the information and why we need it. Factors we consider in determining these periods include the minimum required retention period prescribed by law or recommended as best practice, whether the personal information has been aggregated or anonymized, and other relevant criteria.


3.5 What are your rights?

To the extent your data has not been anonymized, you may exercise some of your data subject’s rights listed in the Appendix to this privacy policy, subject to the conditions under which these rights are available, including the rights to confirmation, access, limited processing, rectifying data and erasure.

4.0 Subscription to our newsletters


In our newsletter we inform our customers about news and offers. The newsletter can be subscribed to from the mask provided over the website. For the subscription, we use a so called a double opt-in procedure: You provide us with a valid email address, and then we send you a confirmation email to that address. Once you have confirmed your email address from the link provided in our email, the subscription is complete.


4.1. What data do we collect?

We collect through the subscription mask the following data:

  • First and last name
  • Email address
  • IP address


4.2 Who else gets access to your data?

We do not share personal data of our subscribers with third parties. Our service provider and data processor is Sendinblue https://www.sendinblue.com.

Data processing is subject to the Terms of Use https://www.sendinblue.com/legal/termsofuse and the Privacy Policy https://www.sendinblue.com/legal/privacypolicy of Sendinblue. Our Data Processing Agreement with Sendinblue is available as ANNEX 1 to the Terms of Use linked to above.


4.3 Why are we allowed to process the data?

Processing of the data is in order to deliver the newsletter to you. The collection of your personal data is based on your consent (Art. 6(1)(a) GDPR), which you can withdraw at any time by sending us an email expressing your wish to unsubscribe or through using a corresponding link that is found in each newsletter.


4.4 How long do we keep your data?

We keep your data as long as the subscription is active. When you unsubscribe, we stop sending you the newsletter and delete the data from our local database. Some personal data may be retained for a longer period if required by applicable law and regulations or by our data processor Sendinblue as long as our account is active and in accordance with the Data Processing Agreement linked to under section 4.2 above.


4.5 What are your rights?

You may unsubscribe from receiving the newsletter at any time. You may also exercise your data subject’s rights described in the Appendix, including the rights to access, erasure, rectification and portability, when applicable.

5.0 What data do we process to ensure the security of our website?


We collect certain data to maintain our website’s security, for example, to analyze technical problems and malicious attacks.

5.1 What data do we collect?

We collect the following data:

  • Your IP address
  • The type and version of your internet browser
  • The size of your browser window
  • Your operating system
  • The page you visited before landing on our website
  • The page or pages you visited on our website
  • The HTTP Status Codes issued by our server when it responds to your browser’s request (Status codes are issued by our server in response to a request made to the server)
  • The time and date you accessed our website


5.2 Who else gets access to your data?

We generally do not share your data collected for this purpose with third parties. However, in case of a cyberattack, we may need to share the data with law enforcement authorities. In such case, we may be required to provide the data to law enforcement authorities for criminal prosecution. Generally, we might be obliged by law (Article 6(1)(c) GDPR) to cooperate with law enforcement authorities.


5.3 Why are we allowed to process the data?

We have a legitimate interest according to Article 6(1)(f) GDPR to analyze your activity on our website in order to identify technical problems and protect it from cyberattacks. The data are used to ensure protection for the personal data on the server of our hosting service.


5.4 How long do we keep your data?

The data are stored on our server for as long as reasonably necessary to fulfill the purpose for which they were collected. In case of a security incident, we have a legitimate interest to keep the data as long as necessary to investigate the incident. For example, we might look into the IP addresses we collected in order to identify the origin of the attack.


5.5 What are your rights?

Your rights as a data subject of access, erasure, rectification, limit processing and data portability under Articles 15-20 GDPR may not apply if we are not able to link your IP address to your identity without your help. If you want to exercise your rights, you will need first to allow us to link your identity with your IP address. Your right to object to our processing may not apply due to our legitimate interest to investigate security incidents.

6.0 What data do we process when you contact us?


When you send us an email or use our contact form, we process your data in order to answer you and to be able to maintain the communication with you. If you contact us by e-mail or via our contact form, the personal data transmitted by you are automatically stored.


6.1 What data do we collect?

We collect and store the following data:

  • Your email address
  • Your name (if provided)
  • The time and date in which your message was sent
  • Other personal information that you decide to share with us in your message.


6.2 Who else gets access to your data?

No third party is granted access to this personal information.


6.3 Why are we allowed to process this data?

The personal data are transmitted by you on a voluntary basis and are stored for the purpose of processing and contacting you. We have a legitimate interest to collect and process your data in order to answer your request and to be able to maintain the conversation with you.


6.4 How long do we keep your data?

We store your personal data as long as necessary to answer your contact request and to maintain the conversation with you. Accordingly, the data are stored as long necessary to achieve the purpose of storage or as long as is permitted under applicable laws.


6.5 What are your rights?

The following data subject’s rights may apply: Your right of access, right to rectify the data we hold about you in case it is incomplete or inaccurate, and right to object to the processing, which would prevent us from using your data. You may be required to provide us with a specific reason for your request.

You further have the right to ask us to delete your data. This right applies only if your data is no longer needed for the purpose it was collected or your right to object processing applied. You can ask us to transfer your data to another service (right to data portability under Article 20 GDPR) and ask us to restrict usage of your data (right to restrict processing under Article 18 GDPR).


7.0 What data do we process to evaluate and optimize the website?

When you navigate our website, some personal data is being collected in order to create statistics about how visitors use our website. This enables us to evaluate, improve and enhance our website appearance.


7.1 What data do we collect?

The following data is being collected for optimization and analytics purposes:

  • The type and version of your internet browser, device type and operating system, in an anonymized, aggregated form
  • The size of your browser window
  • UTM Codes (A UTM code is a snippet of simple code that can be add to the end of a URL to track the performance of campaigns and content. There are 5 variants of URL parameters: source, medium, campaign, term and content)
  • The page you visited before landing on our website
  • The page or pages you visited on our website
  • The time and date in which you accessed our website


7.2 Who else gets access to your data?

No third party is granted access to this information. Our analytics service provider and data processor is Simple Analytics https://docs.simpleanalytics.com/.


7.3 Why are we allowed to process this data?

We have a legitimate interest (Article 6(1)(f) GDPR) to collect the data to create statistics about how visitors of our website use it and to evaluate and enhance our website.


7.4 How long do we keep your data?

Generally, we retain the data for as long as it necessary to maintain and improve our website in accordance with the purpose of collecting the data. If data is stored and processed in an anonymized, aggregated form, it may be retained without limitations.


7.5 What are your rights?

Your rights as a data subject may not apply if the data is processed in an anonymized, aggregated form. We generally cannot relate between analytics data and any specific visitor of the website. To the extent certain data may be considered personal data, some of your rights mentioned in the Appendix may apply.

8.0 Will this privacy policy change?

The information in this privacy policy may change over time, for example, when the law or the way in which we process personal data change. In such an event, we will provide a clear indication and publish the changes on our website.

9.0 How can you contact us and exercise your rights?

If you have questions, doubts or complaints about the way we process your personal data, please contact our Data Protection Officer under the contact details provided above. You can send an email to info@stremler.de, send us a letter or use our contact forms. We will do our best to answer quickly and address your concerns.

We will review your request and do everything we can to accommodate it. If we conclude that the rights concerning your personal data do not apply, we will explain to you why. We may require a proof of identity to ensure that we do not reveal your information to an unauthorized person.

You have the option to issue a formal complaint concerning our data processing practices to the relevant data protection authority in the state of Bavaria, Germany. Alternatively, you can contact the supervisory authority of the federal state or of the European Member State where you reside or work.

APPENDIX

Your Rights in Detail

For your convenience and information, we list below the main data subject’s rights that are or may be applicable to you as a visitor of our website:

  • Right of confirmation

    You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed. If you wish to do so, you may contact us any time.


  • Right of access

    You have the right to obtain information about your personal data stored at any time and a copy of this information. You may specifically ask us to provide information concerning

    • the purposes of the processing

    • the categories of personal data concerned

    • the recipients or categories of recipients to whom the personal data have been or will be disclosed

    • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period

    • the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing

    • the existence of the right to lodge a complaint with a supervisory authority

    • the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR

    • whether personal data are transferred to a third country or to an international organization.


  • Right to rectification

    You have the right to require, in the relevant circumstances, the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.


  • Right to erasure (Right to be forgotten)

    You have the right to require the erasure of personal data concerning you without undue delay. We are obligated to erase personal data without undue delay where one of the following grounds applies:

    • (a.) The personal data are no longer necessary in relation to the purpose/s for which they were collected or otherwise processed.

    • (b.) You withdraw consent to which the processing is based according to point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.

    • (c.) You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing.

    • (d.) The personal data have been unlawfully processed.

    • (e.) The personal data must be erased for compliance with a legal obligation in Union or Member State law to which we are subject.


  • Right of restriction of processing

    You have the right to require restriction of processing where one of the following applies:

    • (a.) The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data

    • (b.) The processing is unlawful and you oppose the erasure of the personal data and requests instead the restriction of their use

    • (c.) We no longer need the personal data for the purposes of the processing, but the data are required by you for the establishment, exercise or defense of legal claims

    • (d.) You objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether our legitimate grounds override those of yours.

  • Right to data portability

    You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format. You further have the right to transmit those data from us to another controller without hindrance, as long as the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means.

    Under Article 20(2) GDPR you have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others (Article 20(4) GDPR).


  • Right to object

    You have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

    We will no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

    If we process personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing.

  • Right to withdraw data processing consent

    You have the right to withdraw your consent to processing of your personal data at any time.