The affected person: The affected person is any identified or identifiable natural person whose personal data is processed by the controller;
Processing: Processing means any process or series of operations related to personal data, such as collecting, capturing, organizing, storing, adapting or modifying, reading, querying, using, with or without the aid of automated procedures; disclosure through submission, dissemination or any other form of provision, reconciliation or association, restriction, deletion or destruction; Restriction of processing: Restriction of processing represents marking stored personal data to limit their future processing;
Profiling: Profiling is any automated processing of personal data that involves the use of such personal information to evaluate certain personal aspects relating to a natural person, and in particular, without limitation, aspects relating to: job performance; economic situation; health; persona; analyzing and/or predicting preferences, interests, reliability, behavior, whereabouts, or relocation of a natural person;Pseudonymization: the personal data processing that renders said data unattributable to a specific data subject without additional information. Furthermore, such information must be subject to technical and organizational measures that ensure the personal data can't be attributed to an identified or identifiable natural person; The controller: The controller is a natural or legal person, public authority, agency, or body that, alone or in concert with others, decides on purposes and means of personal data processing. Where the purposes and means of processing are determined by the Community Law or the Law of the Member States, the controller or the specific criteria for his designation may be provided for under the Community Law or the Law of Member States;
The processor: The processor is a natural or legal person, public authority, agency, or body that processes personal data on behalf of the controller;
The recipient: The recipient is a natural or legal person, agency, body, or other entity to whom Personal Data is disclosed (whether it is a third party or not). However, authorities which may receive personal data under the Community Law or the Member States Law in connection with a particular mission are not considered to be recipients;
Third parties: Third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and any persons authorized under the direct responsibility of the controller or the processor to process the personal data;
Consent: Consent is any expression of will given voluntarily and unambiguously by the data subject. Consent can take the form of a statement or other clear confirmatory act that confirms the data subject's consent regarding processing their data.
The person responsible within the meaning of the GDPR, other data protection laws in the Member States of the European Union and other provisions with a data protection character is:
STP Informationstechnologie Schweiz AG
Bahnhofstrasse 7, 9470 Buchs SG, Schweiz
Tel. +41 44 552 96 00
The data protection officer of the controller is:
STP Informationstechnologie GmbH
Brauerstraße 12, 76135 Karlsruhe, Deutschland
Tel. +49 72182815-0
Fax +49 72182815-555
Any data subject can contact our data protection officer at any time with any questions or suggestions regarding data protection.
The website of STP Informationstechnologie Schweiz AG collects a series of general data and information each time visitors access our website(s). The general data and information are stored in the log files of the server, and comprise of the following, without limitation:
• browser types and versions used;
• operating system used by the accessing system;
• the website from which an accessing system accesses our website (so-called referrers);
• the sub-web pages;
• the date and time of access to the website;
• an Internet protocol address (IP address);
• internet service provider of the accessing system; and
• other similar data and information used in the event of attacks on our information technology systems.
When using this general data and information, STP Informationstechnologie Schweiz AG does not conclude about the data subject. Instead, we use this information to: • correctly deliver the contents of our website;
• optimize the content of our website and to advertise it;
• ensure the continued functioning of our information technology systems and the technology of our website; and
• provide law enforcement authorities with the information necessary for law enforcement in the event of a cyberattack.
These anonymously collected data are therefore statistically processed and further evaluated by STP Informationstechnologie Schweiz AG to improve data protection and data security in our company and to ultimately ensure the highest level of personal data protection. The anonymous data of the server log files are stored separately from all personal data provided by an affected person.
The data subject has the opportunity to register on the website (http://stp-online.de and www.skr-inso.de) of the controller, providing their data in the process. The personal data is derived from the respective input mask used for the registration. The personal data entered by the data subject is collected and stored solely for internal use by the controller. The controller may transfer the data to one or more processors, such as a parcel service, that also uses personal data solely for internal use, which is attributable to the controller.
By registering on the website of the controller, the following data are collected and stored: the IP address assigned by the Internet service provider (ISP) of the data subject; the date and time of registration. These data are collected and stored to prevent and react upon any misuse of our services. In this respect, the storage of this data is required to secure the controller. The said data aren't disclosed to any third parties, barring the legal obligation to disclose to law enforcement serves.
By registering the data, the subjects voluntarily provide their data. Registered persons are free to modify provided personal data at any time or to delete them entirely from the database of the data controller. The controller shall, at any time upon request, provide information to each data subject as to which personal data the controller stores. Additionally, the controller shall correct or erase personal data at the data subjects' request.
Website visitors can subscribe to our newsletter, and their data are transmitted to the data controller at the moment of subscription. STP Informationstechnologie Schweiz AG informs its customers from time to time via a newsletter about our commercial offers. The newsletter of our company can only be received by the data subject if:(1) the data subject has provided their valid email address and
The newsletters of STP Informationstechnologie Schweiz AG contain so-called counting pixels. A counting pixel is a miniature graphic that embedded in emails that are sent in php format to enable log file recording and log file analysis. Pixels allows us to track the success rate of online marketing campaigns. For example, STP Informationstechnologie Schweiz AG can detect whether an affected person has opened an email and if it has clicked any links placed in said email. Such personal data will be stored and evaluated by the controller, to optimize the newsletter distribution and to appropriate the content of future newsletters to affected persons' interests. We will not disclose personal data to third parties. Affected persons can revoke their consent given via the double-opt-in procedure at any time. If revoked, the controller will delete the personal data. We will construe any request to unsubscribe from the newsletter as a revoking the consent.
STP Informationstechnologie Schweiz AG website contains information that enables quick electronic contact with our company and direct communication with us, which also includes a general address of the so-called electronic mail (email address). If an affected person contacts the data controller by email or through a contact form, the personal data provided by the data subject will be automatically saved. Such personal information, provided voluntarily by a data subject to the controller, is stored for processing or contacting the data subject.
Our websites may also contain the blog section, which may provide our visitors with an option to leave comments therein. A blog is a web-based, usually public-accessible portal in which one or more authors can post articles or write down thoughts in so-called blogposts. Usually, visitors and readers can leave comments on said articles and posts. If an affected person leaves a comment in the blog published on this website, we will save and store certain data, and namely:• the comment(s) left by the affected person;
The controller processes and stores personal data only for the period necessary to achieve the storage purpose or, if so required by the European directives and regulations or any other Member States' legislation, a specific purpose. If the storage purpose is not communicated or if a storage period prescribed by the Law expires, the personal data will be routinely blocked or deleted per the statutory provisions.
• processing purposes;
• categories of personal data being processed;
• the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or international organizations;
• to the extent possible, the planned duration for which the personal data will be stored or, failing that, the criteria for determining that duration;
• the right to rectify or erase personal data, as well as any limitation of the processing by the person responsible, or a right to object to such processing;
• the right to appeal to a supervisory authority;
• (if the personal data are not collected from the data subject, but a third party): all available information on the source of the data;
• any eventuality of automated decision-making including profiling per Article 22 (1) and (4) of the GDPR and - at least in these cases - meaningful information on the logic, scope, and intended impact of such processing on the data subject.
Furthermore, the data subject has a right of access as to whether personal data has been transmitted to a third country or an international organization. If this is the case, then the data subject has the right to obtain information about the appropriate guarantees concerning the transfer. If data subjects wish to avail themselves of the right to information, they may, at any time, contact any employee of the controller.Right to rectification: Any affected person affected has the right to demand the immediate correction of any inaccuracies in their data. Furthermore, the data subject has the right to request the completion of incomplete personal data, including through a supplementary declaration, taking into account the purposes of the processing. If an affected person wishes to exercise this right of rectification, they may, at any time, contact any employee of the controller.
Right to cancellation (right to be forgotten): Affected persons have the right granted by the Law to require the controller to immediately delete their data, provided that one of the following reasons is satisfied and the processing is not required:
• the personal data has been collected for such purposes or otherwise processed for which they are no longer necessary;
• the data subject withdraws the consent based on which the processing took place, per Article 6 (1) (a) or Article 9 (2) (a) of the GDPR, and lacks any other legal basis for the processing;
• the data subject objects to the processing under Article 21 (1) of the GDPR, and there are no legitimate high-level grounds for the processing, or the data subject submits, under Article 21 (2) of the DS GMO objection to the processing;
• the personal data was processed unlawfully;
• erasing personal data is necessary to fulfill a legal obligation under the Community or the Member States' Law, to which the controller is subject;
• the personal data were collected concerning information society services offered under Article 8 (1) of the GDPR.
If any of the above reasons are correct and a data subject wishes STP Informationstechnologie Schweiz AG to delete their data, they may, at any time, contact any employee of the controller. The employee of STP Informationstechnologie Schweiz AG will arrange that the request is fulfilled promptly. If we (STP Informationstechnologie Schweiz AG ) have published personal data, and if we are responsible for deleting personal data as the controller per Article 17 para 1 GDPR, we will take appropriate measures, subject to the available technology and implementation costs, to inform the data subject that other data controllers that process the published data have deleted all links to such data, as well as any copies, unless the processing is required. The employee of STP Informationstechnologie GmbH will arrange the necessary in individual cases.Right to restrict the processing: Any person affected by the processing of personal data has the right granted by the European directive and regulatory authority to require the controller to restrict the processing if one of the following conditions applies:
• the accuracy of the personal data is contested by the data subject for a period that allows the data controller to verify the accuracy of the personal data;
• the processing is unlawful, the data subject refuses to delete the personal data and instead requests the restriction of the use of personal data;
• the data controller no longer needs the personal data for processing purposes, but the data subject requires them to assert, exercise or defend their rights;
• the affected person has objected to the processing acc. Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh those of the person concerned. If one of the above conditions are met and an affected person wishes to request the restriction of personal data stored at STP Informationstechnologie Schweiz AG , they may at any time contact any employee of the controller. The employee of STP Informationstechnologie Schweiz AG will initiate the restriction of the processing.Right to Data portability: Any affected person has the right to receive their data provided to a controller in a structured, standard, and machine-readable format. Likewise, they have the right to request the controller to transfer such data to another person responsible without delay, provided that the processing is based on the consent pursuant to Art. 6 (1) (a) or Art. 9 para 2 (a) GDPR or on the basis of a contract in accordance with Article 6 (1) (b) of the GDPR and the processing is carried out using automated procedures, unless the processing is necessary for the performance of a task in the public interest or the exercise of public authority delegated to the controller. Furthermore, in exercising their right to data portability under Article 20 (1) of the GDPR, the data subject has the right to obtain that the personal data is transmitted directly from one controller to another, where technically feasible and, if so, this does not affect the rights and freedoms of others. The data subject may at any time contact any employee of STP Informationstechnologie Schweiz AG to assert the right to data portability.
Right to object: Any affected person has the right in certain particular situations, to object to the processing of their data. If there is an objection, we will no longer process personal data unless we can prove compelling reasons for processing that outweigh the interests, rights, and freedoms of the data subject, or if the processing serves the purpose of asserting, exercising, or defending any legal claims.
If STP Informationstechnologie Schweiz AG processes personal data to send direct mail, data subjects have the right to object at any time to the processing of their data for such advertising. If the data subject objects to the processing of STP Informationstechnologie Schweiz AG for direct marketing purposes, STP Informationstechnologie Schweiz AG will no longer process personal data for these purposes. Additionally, the data subject has the right, in certain situations, to object to the processing of their data for scientific or historical research purposes or statistical purposes, unless such processing is necessary to fulfill a task that is of the public interest.
The data subject can directly contact any employee of STP Informationstechnologie Schweiz AG to exercise the right to object. The data subject is also free, in the context of the use of information society services, notwithstanding Directive 2002/58 / EC, to exercise their right of opposition through automated procedures using technical specifications.Automated decisions in individual cases, including profiling: Affected persons have the right not to be subjected to a decision based solely on automated processing, including profiling, which has a legal effect, or in a similar manner (1) is materially affected, where the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is permitted by the Union or a Member State legislation to which the controller is subject, and appropriate measures exist for safeguarding the rights, freedom, and the legitimate interests of the data subject; or (3) with the express consent of the data subject.
Notably, it is important to distinguish if the decision:
• is required for the conclusion or performance of a contract between the data subject and the controller; or
• is made with the express consent of the data subject.
STP Informationstechnologie Schweiz AG shall take reasonable steps to safeguard the rights, freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person by the controller Statement of one's position and heard of the decision being challenged. If the data subject wishes to claim automated decision-making rights, they can contact an employee of the controller at any time.
Right to revoke a data processing consent: The affected person has the right to revoke consent to the processing of personal data at any time. If the data subject wishes to assert their right to withdraw consent, they may, at any time, contact any employee of the controller.
The controller collects and processes the personal data of applicants to process the application process. The processing can also be done electronically, especially if an applicant submits corresponding application documents to the controller by electronic means, for example by email or via a web form available on the website. If the controller concludes an employment agreement with an applicant, the data transmitted will be stored for the employment relationship per the Law. If no employment contract is concluded with the applicant by the controller, For example, the application documents will be automatically deleted two months after the announcement of the rejection decision, unless deletion precludes other legitimate interests of the controller. Other legitimate interests in this sense, for example, have the burden of proof in a procedure under the General Equal Treatment Act (AGG).
The controller has integrated links to Facebook on this website. Facebook is a social network. Using such a link (no plug-in) will redirect you away from the controller's website and to the destination address. A social network is an Internet-based social meeting place, an online community that usually allows users to communicate with each other and interact in virtual space. A social network can serve as a platform for sharing views and experiences or allows the Internet community to provide personal or business information. Facebook allows social network users to create private profiles, upload photos, and socialize via friend requests. The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The person responsible for the processing of personal data, if an affected person lives outside the US or Canada, is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.
The controller has integrated links (not a plug-in) to Twitter on this website. Twitter is a multilingual, publicly-accessible microblogging service where users can post and distribute tweets, which are limited to a certain number of characters. These short messages are available to anyone, including non-Twitter subscribers. The tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow a user's tweets. Twitter also allows you to address a broad audience via hashtags, links, or retweets. The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
Art. 6 I lit. A DS-GMO serves our company as the legal basis for processing operations in which we obtain consent for a particular processing purpose. If the processing of personal data is necessary to fulfill a contract of which the data subject is a party, as is the case, for example, in processing operations necessary for the provision of a service, the processing is based on Art. 6 I lit. B DS-GMO. The same applies to activities that are necessary to carry out pre-contractual measures, for example, in the case of inquiries about our products or services. If our company subject to a legal obligation that requires the processing of personal data, for example, to fulfill tax obligations, the processing is based on Art. 6 I lit. C DS-GMO. Ultimately, processing operations could be based on Art. 6 I lit. F DS-GMO. Processing operations that are not covered by any of the above legal bases are based on this legal basis if the processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the person concerned prevail. The European legislator mainly permits such processing operations. In that regard, it is considered that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, second sentence, DS-BER).
While processing personal data on the grounds of Article 6, I lit. F DS-GMO, it is in our legitimate interest to conduct business for the benefit of all our employees and shareholders.
The criterion for the duration of the storage of personal information is the respective statutory retention period. After the deadline, the corresponding data will be routinely deleted, if they are no longer required to fulfill or initiate a contract.
We clarify that the Law partly requires the provision of personal data (e.g., tax regulations) or can also result from contractual provisions (e.g., information about the contracting party). Occasionally it may be necessary for a contract to be concluded that an affected person provides us with personal data that must subsequently be processed by us. For example, the data subject is required to provide us with personal information when we enter into an agreement with the data subject. Failure to provide personal data would mean that the contract with the person concerned could not be completed. Before affected persons give any personal data, they must contact one of our employees.