Stiebel Eltron Privacy Policy

I. General information and provisions for the Stiebel Eltron websites

Introduction

As the operator of these online and mobile services, Stiebel Eltron GmbH & Co. KG, Dr. Stiebel Strasse 33, 37603 Holzminden, Germany, Managing Director: Dr. Kai Schiefelbein, is responsible for the processing of your personal data as users of our services, as referred to in the General Data Protection Regulation (GDPR). We take the protection of your privacy and your personal data very seriously. We therefore only process your personal data in accordance with the contents of this Privacy Policy and the GDPR.

In this Privacy Policy, we would like to let you know what personal data we process about you in our online and mobile services, for what purpose and according to which legal basis this processing is permitted.

Data processing when you access our websites and use our apps

Stiebel Eltron automatically collects and stores information in its server log files that your browser or the app transmits to us. This data cannot be assigned by Stiebel Eltron to specific individuals. This data is not merged with other data sources. The following data is collected:

  • Browser type/version
  • Operating system used
  • Referrer URL (the previous page visited)
  • Host name of the accessing computer (IP addresses v4 and v6 are anonymised)
  • Time of the server request

The IP address is valid worldwide and uniquely identifies your computer at the time of allocation by your internet provider. In its most common form (IPv4), it consists of four blocks of digits separated by dots or extended by additional digits (IPv6). In most cases, as a private user, you will not use a constant IP address, as this is only temporarily assigned to you by your provider (referred to as a "dynamic IP address"). With permanently assigned IP addresses (referred to as "static IP addresses"), a clear assignment of user data via this feature is technically quite straightforward.

  • The aforementioned data will be processed by us for the following purposes:
  • Ensuring a smooth connection to the website
  • Ensuring convenient use of the aforementioned website
  • Evaluation of system security and system stability
  • For further administrative and statistical purposes

The personal data in the server log files is processed on the basis of point (f), Art. 6(1) GDPR. This authorisation allows the processing of personal data for the purposes of the "legitimate interests" pursued by the controller, except where such interests are overridden by your fundamental rights, freedoms or interests. Our legitimate interest is the facilitation of administration and the ability to detect and track hacking. You can object to this data processing at any time if reasons exist with regard to your particular situation which would speak against the data processing. All you need to do is send an email to the data protection officer. Our legitimate interest is based on the purposes listed above for data collection. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.

The server log files containing the aforementioned data are automatically deleted after 26 months, or anonymised if used for statistical purposes. We reserve the right to store the server log files for longer if facts are present which could lead us to assume that unauthorised access has taken place (such as attempted hacking or a "DDOS attack").

Use and verification of personal data
The personal data you provide includes the following:

  • Your name
  • Your address (postcode, city, street and house number, other address details)
  • Your email address
  • Your telephone number and/or mobile number
  • Product name of your Stiebel Eltron product
  • Serial number of your Stiebel Eltron product

If you provide us with personal data, we use it to respond to your enquiries, to process and carry out a consultation request you have submitted, for technical administration, for login activities, for the heat pump quotation service and the services provided within the respective websites or apps. The legal basis for this is point (a), Art. 6(1) GDPR or your consent. You can revoke your consent to the use of the data you have provided at any time. To do so, please contact: datenschutz@stiebel-eltron.de, stating where possible the services used.

  • Processing within the Stiebel Eltron Group
  • Transfer to third countries
  • Linking to external websites
  • Cookies and the use of analysis tools

Collection of device data on our website using cookies (“Cookie Notice”)

If you visit the website of Stiebel Eltron, we use cookies for data collection in your browser in order to collect certain information about your current browser session. Cookies also enable our website to store your actions and preferences (e.g. login details, language, font size and other display preferences) for a certain period of time so that you do not have to re-enter them each time you visit or navigate from one page to another. We use cookies for different purposes. That is why the use of cookies is based on different legal bases. Below you will learn which cookies we use for which purposes.

Processing “necessary” – functionality of the website and system management

We use “necessary cookies” to be able to operate our website. As part of this process, a personal ID number is also stored for you as a visitor to our website for purposes of administration and identification. This allows us to provide you with a consistently good service. For this purpose we store data such as the products you have placed in your shopping cart or the language preferences you have set. These cookies are stored for the duration of your browser session. Without these cookies our website will not be shown to you in its full extent.

The legal basis for the processing of your personal data is Article 6(1)(f) GDPR – legitimate interest.

webppol
ppms_privacy_

Processing “statistics” – improvement of website performance

We use “statistical cookies” in order to continually improve the performance of our website. This includes the data we have collected from you for the following purposes:

  • Web analytics – Based on your navigation patterns, we analyse the data to improve the functionality and design of our website.
  • Effectiveness of advertising – Based on the route you took to reach our website, we measure the effectiveness of our ads by analysing the click-through rates of our ads. This allows us to optimise the impact of ads that we place on external websites.
  • Data for partners – We are required to share certain data with our advertising partners or service providers in the event that you have arrived on our website via a visit to their website and have purchased products from us. We have to do this because we may have to pay these partners/service providers a fee in consideration of their services. For that reason we pass on data regarding your visit, including any products purchased by you.
  • Fault management – We track faults on our websites in order to fix faults or other problems without delay.

The legal basis for the processing of your personal data is Article 6(1)(a) GDPR – consent.

_pk_id
_pk_ses
stg_traffic_source_priority
stg_last_interaction
stg_returning_visitor
stg_fired__<conditionID>
stg_utm_campaign
stg_pk_campaign
stg_externalReferrer
_stg_optout

Processing “marketing” – direct advertising on third-party web platforms and advertising

We use “marketing cookies” of our advertising partners in order to ensure that our marketing messages are displayed to you at the right time and in the right place. These are permanent cookies but with a limited time frame. These cookies contain a personal ID which allows navigation patterns to be assigned to individual users. We also use these cookies to ensure that ads are not shown to the individual user without limits and in order to measure the effectiveness of our advertising campaigns. The IDs stored by these cookies are provided by our partners. We cannot use the same IDs in our systems. In addition, we use these cookies in order to display adverts that are relevant for your location, e.g. to inform you where the product that you are just viewing is available in your vicinity (e.g. trade partners).

The legal basis for the processing of your personal data is Article 6(1)(a) GDPR – consent.

Categories of personal data:

  • Appliance details
  • Location information
  • Behaviour and profile data: this data is collected by observing your surfing patterns.
  • Preferences (if known to Stiebel Eltron)

Retention period

The cookies used to collect your device data and the data regarding your surfing patterns will be stored in your browser for the duration of your session or until you delete the cookie settings in your browser; however, they will be stored no longer than for 180 days.

Categories of recipient

  • Controller Stiebel Eltron Group
  • Subsidiaries and affiliated companies of Stiebel Eltron GmbH & Co. KG
  • Support suppliers for website management
  • Management consultants
  • Suppliers of data analytics services
  • Advertising partners
  • Social media platforms

Piwik PRO

We use Piwik PRO Analytics Suite as our website/app analytics software and consent management tool. We collect data about website visitors based on cookies. The collected information may include a visitor’s IP address, operating system, browser ID, browsing activity and other information. See the scope of data collected by Piwik PRO.

We calculate metrics like bounce rate, page views, sessions and the like to understand how our website/app is used. We may also create visitors’ profiles based on browsing history to analyze visitor behavior, show personalized content and run online campaigns.

We host our solution on Microsoft Azure in Germany and the data is stored for 25 months.

The purpose of data processing: analytics and conversion tracking based on consent. Legal basis: Art. 6 (1)(a) GDPR.

Piwik PRO does not send the data about you to any other sub-processors or third parties and does not use it for its own purposes. For more, read Piwik PRO’s privacy policy.

Google remarketing

This website uses Google remarketing. Google remarketing is an advertising service of Google Inc. ("Google", Mountain View, USA), with which we can provide you with targeted adverts of presumed interest, based on your usage behaviour during previous visits to our website. Such adverts only appear on Google advertising spaces, either those of Google Adwords or the Google Display Network.

You can object to Google remarketing in the Google Ad Settings or edit your settings. Alternatively, you can prevent remarketing by deactivating cookies in your browser settings.

Facebook remarketing

This website uses the "Custom Audiences" remarketing function from Facebook Inc. ("Facebook"). This function is used to present interest-based adverts ("Facebook ads") to visitors to this website when they visit the social network Facebook. For this purpose, Facebook's remarketing tag has been implemented on this website. This tag establishes a direct connection to the Facebook servers when you visit the website. The fact that you have visited this website is then transmitted to the Facebook server and Facebook assigns this information to your personal Facebook user account. Further information about how Facebook collects and uses data, as well as your rights and options in this regard for protecting your privacy, can be found in Facebook's privacy policy at https://www.facebook.com/about/privacy/. Alternatively, you can deactivate the "Custom Audiences" remarketing function at https://www.facebook.com/settings/?tab=ads#_=_[EM1] . You must be logged into Facebook to do this.


Google reCAPTCHA service

We use the Google reCAPTCHA service to determine whether certain data entered in our contact or newsletter form comes from an actual person or a computer. Google uses the following information to determine whether you are a human being or a computer: IP address of the device you are using, the website you are visiting in which the CAPTCHA is integrated, the date and duration of your visit, the identification data of the browser and operating system you are using, Google account if you are logged into Google, mouse movements on the reCAPTCHA images and tasks where you have to identify images. The legal basis for the data processing described above is point (f), Art. 6(1) GDPR. We have a legitimate interest in this data processing to ensure the security of our website and to protect ourselves from automated input (attacks). Privacy policy: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated

II. Provisions for business users

Use of personal data when registering for the trade partner portal

You can register with us as a trade partner through our online and mobile services. To do so, you need to enter the data requested on the input screen, such as your name, address and email address. We also record the date and time of registration and the IP address. As part of the registration process, we will ask you for your consent to the use of the data.

The legal basis for processing the data for registration in the case of consent is point (a), Art. 6(1) GDPR. If you register with us to fulfil or initiate a contract, the legal basis for processing the data is additionally point (b), Art. 6(1) GDPR.

Registration is required to fulfil or initiate a contract with us for certain services, or to obtain useful design engineering tools, information on training courses, or spare parts, for example.

The data will be stored by us for as long as necessary to fulfil the contract. In addition, we store this data for the fulfilment of post-contractual obligations and on the basis of commercial and tax retention periods for the legally prescribed period. As a rule, this retention period is 10 years to the end of the respective calendar year.

Use of personal data when registering for events or information visits

On some pages of our website, you can enter personal data in order to register for information visits, training courses or events run by Stiebel Eltron. We will only use this data to process your enquiry. If you enter your email address and telephone number as a participant in one of our events, you will receive a confirmation email. Afterwards, the data is stored to evaluate the event, for example. This data will be deleted after 26 months at the latest if there are no legal retention periods to the contrary, e.g. for verification of professional qualifications, hospitality, costs, etc.

You can revoke your consent to the use of the data provided during registration until the start of the event. To do so, please contact: Energy.Campus@stiebel-eltron.de

III. Provisions for private users

Transmission and forwarding of personal data

In order to respond to requests for professional consultation or be able to provide the details of qualified contractors for consultation and/or the purchase, maintenance or repair of a heat pump or other product from the Stiebel Eltron range, we forward the personal data entered by you – with your consent – to external qualified contractors who work in partnership with our company and are based in your region.

These trade partners will be asked to contact you within a fixed time frame in order to provide the professional consultation and/or quotation you have requested. For this purpose, the qualified contractor will contact you by email and/or telephone.

Further processing and deletion of your data

Furthermore, your data will not be passed on or sold to third parties, i.e. people or companies that do not belong to the Stiebel Eltron Group. Stored personal data will be deleted if you revoke your consent to its storage, if the data is no longer required for the purpose intended by the storage, or if its storage is inadmissible for other legal reasons.

Use of personal data when using the heat pump quotation service

When you give us personal data, you are providing us with your data on a voluntary basis. You are thereby giving your consent that the data provided may be used by Stiebel Eltron or a qualified contractor for the purpose of preparing a quotation and getting in touch with you.

With the heat pump quotation service, the data collected is used exclusively to prepare a quotation, and later for the qualified contractor to contact you.

You can revoke your consent at any time by sending us a message to this effect. Once the stated time limits have elapsed, the relevant data will be deleted as a matter of course.

Trade partner and wholesaler search with Google Maps

When you use our website, you can view trade partners and wholesalers in your area who work with us on a map. We use Google Maps to display the map. Google Maps is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Details about how personal data is processed when you use Google Maps can be found under the following link: http://www.google.de/intl/de/policies/privacy/

To view trade partners and wholesalers in your area who work with us, you must first specify your location. The location can either be entered manually or determined automatically using the localisation function of your internet browser. No personal data will be processed during manual entry unless you provide your home address to be displayed. Your IP address has to be processed to automatically determine your location using the localisation function of your internet browser. In this case, processing is based on your consent (point (a), Art. 6(1) Regulation (EU) 2016/679), which the internet browser asks for when calling up the map. In this context, your IP address is not stored by us.

Use of personal data when using the spare parts shop

We use your personal data for orders only within our company and affiliated companies, and with the company commissioned to process orders.

For order processing, we work together with various companies that are responsible for logistics. We ensure that our partners also comply with data protection regulations. We pass on your address data (name and address) to the respective transport company that will deliver the products you have ordered to you. The legal basis for this is point (b), Art. 6(1) GDPR. The processing of your personal data is necessary to fulfil the contract with you.

The data will be stored by us for as long as necessary to fulfil the contract. In addition, we store this data for the fulfilment of post-contractual obligations and on the basis of commercial and tax retention periods for the legally prescribed period. As a rule, this retention period is 10 years to the end of the respective calendar year.

Use of personal data within the scope of the 5 year guarantee

If you have opted for a heating system in which all the main components come from STIEBEL ELTRON, you have the option of extending the guarantee to 5 years.

This guarantee is related to you as a person, not to the system, therefore Stiebel Eltron processes your data so that you would be able to assert your claims against Stiebel Eltron in the event of a guarantee case.

The legal basis for the processing of your personal data is point (b), Art. 6(1) GDPR.

The data will be stored by us for as long as is necessary to fulfil the contract. In addition, we store this data for the fulfilment of post-contractual obligations and on the basis of commercial and tax retention periods for the legally prescribed period. As a rule, this retention period is 10 years to the end of the respective calendar year.

IV. Provisions for applicants

Via the applicant portal, you can apply for a job with us and submit all the necessary information and documents. You can use the online form to send us your application documents. The use of the applicant portal is voluntary; you can also send us your application in other ways, for example by email or post.

When an application is received via the applicant portal, your documents will be forwarded electronically to the responsible employees at our company. If you have applied for an advertised position, the documents will be automatically deleted two months after completion of the recruitment procedure, provided there are no other legitimate interests to the contrary. Such legitimate interests in this sense could be, for example, the burden of proof in a procedure according to the German General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz, AGG). In the case of an application without reference to an advertised position (unsolicited application), the application is kept for as long as there is the possibility that it may be of interest. You have the option of requesting the deletion of your application at any time, even before the intended retention periods have expired. In the event of a successful application, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. In all other cases, the legal basis for storing your applicant data is your consent in accordance with point (a), Art. 6(1) GDPR.

V. Communication with us

Advertising and advertising consent

We, STIEBEL ELTRON GmbH & Co. KG and STIEBEL ELTRON Deutschland Vertriebs GmbH will only inform you or send you surveys about products and services from Stiebel Eltron by email, post or telephone if you have expressly given us your consent to use your personal data for advertising purposes (opt-in). You opt in by actively ticking the box at the bottom of our forms, next to the statement: "Yes, Stiebel Eltron GmbH & Co.KG and STIEBEL ELTRON Deutschland Vertriebs GmbH may use my email address and/or telephone number to inform me about their latest products and services. I also consent to the opportunity to provide both criticism and praise through market and opinion research. I can revoke this consent at any time with future effect."

Please note that the text you see on the respective website/app may also list different companies if they are relevant to your enquiry.

If you have given us your consent for such use but no longer wish to receive advertising or surveys from Stiebel Eltron in the future, you can revoke your consent at any time with future effect. Your data will then be deleted or, if still required for invoicing and accounting, stored for these purposes. You can email us about this at info-center@stiebel-eltron.de.

Newsletter

When you subscribe to our newsletter, your email address will be used for our own advertising purposes until you unsubscribe. You will receive regular information by email about current topics, as well as emails for special occasions, such as special promotions.

The e-mails are sent to you in a personalised manner based on the data we received by your registration as a partner (e.g. salutation, surname, e-mail address) and your user behaviour (clicks and openings). 

In the course of this, we reserve the right to create individual and anonymised profiles on response behaviour. 

In case of the creation of individual and anonymised profiles, the legal basis is our legitimate interest for direct sales in accordance to Art. 21 (1) and (2) GDPR. You have the right to object to this at any time. To object, please contact datenschutz@stiebel-eltron.de.

If you have not given us your written consent to subscribe to our newsletter, we will use the double opt-in procedure, i.e. we will not send you a newsletter by email until you have expressly confirmed to us that we should do so. We will then send you a notification email and ask you to click on a link contained in it to confirm that you would like to receive our newsletter.

The legal basis for the processing of your data is your consent pursuant to point (a), Art. 6(1) GDPR, if you have expressly subscribed to the newsletter. Within the framework of legal requirements, you may also receive our newsletter or an email from us without your express consent because you have ordered goods or services from us, through which we have received your email address and you have not objected to receiving information by email. In this case, the legal basis is our legitimate interest in the transmission of direct advertising pursuant to point (f), Art. 6(1) GDPR.

If you no longer wish to receive newsletters from us, you can revoke your consent at any time with future effect or object to further receipt of the newsletter without incurring any costs other than the transmission costs according to the basic tariffs. Simply use the unsubscribe link contained in each newsletter or send a message to us or our data protection officer.

Contact

You can contact us via our customer hotline, by email or by post. If you wish to use one of these contact options, we record the personal data that you transmit to us via the selected contact option. This may be your name, address, email address, customer number and telephone number. You can decide for yourself what information you want to send us via the contact options.

We process this data exclusively for the purpose of being able to respond to or process your enquiry or request.

If you wish to use the contact form in our online services, we record the personal data you provide in the contact form, in particular your name and email address. We also store the IP address and the date and time of the enquiry. We process the data submitted in the contact form exclusively for the purpose of being able to respond to your enquiry or request.

Legal basis for the use of contact options, withdrawal of consent

The legal basis for processing data for the use of the available contact options is point (a), Art. 6(1) GDPR. You can revoke your consent at any time. After we have dealt with the matter, the data will initially be stored in case further queries arise. Deletion of the data can be requested at any time, otherwise deletion will take place once the matter has been fully resolved. At such time, we will delete the data immediately, unless we are obliged to store it due to commercial or tax regulations.

Social media

In our online services, you will find links to the social network Facebook, Xing, Twitter, as well as to our YouTube channel. You can recognise the links by the respective provider's logo. We do not process any data in this regard.

By clicking on the links, the corresponding social media pages are opened, to which this Privacy Policy does not apply. Please refer to the privacy policies of the individual providers for details of the provisions applicable there; you will find these under:

Facebook:  https://www.facebook.com/privacy/explanation

YouTube:    https://policies.google.com/privacy?hl=de&gl=de

Xing:          https://privacy.xing.com/de/datenschutzerklaerung

Twitter:      https://twitter.com/de/privacy

VI. Registration

You can register with us as a user through our online services. To do so, you need to enter the data requested on the input screen, such as your name, address and email address. We also record the date and time of registration and the IP address. As part of the registration process, we will ask you for your consent to the use of the data.

The legal basis for processing the data for registration in the case of consent is point (a), Art. 6(1) GDPR. If you register with us to fulfil or initiate a contract, the legal basis for processing the data is additionally point (b), Art. 6(1) GDPR.

Registration is required to fulfil or initiate a contract with us for certain services.

The data will be stored by us for as long as necessary to fulfil the contract. In addition, we store this data for the fulfilment of post-contractual obligations and on the basis of commercial and tax retention periods for the legally prescribed period. As a rule, this retention period is 10 years to the end of the respective calendar year.

VII. Information about the rights of the data subject – your identity

In order to comply with the rights of the data subject pursuant to the GDPR, it may be necessary for Stiebel Eltron to request further information to verify your identity in cases where personal data was collected on the basis of a contractual relationship, on a random sample basis, or in cases of justified doubt. This is particularly the case if a request for information is available in electronic form, but the sender's details do not reveal the identity of a natural person concerned.

Right of access, right to object, right to rectification and right to erasure

  • Pursuant to Art. 15 GDPR, you have the right to obtain access to your personal data processed by us. In particular, you may obtain information about the purposes of the processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged storage period, the existence of the right to request rectification, erasure, restriction of processing or the right to object, the existence of a right to lodge a complaint, the source of your data if not collected from yourself, and the existence of automated decision making, including profiling, and if applicable, meaningful information about the details involved;
  • Pursuant to Art. 16 GDPR, you have the right to obtain without undue delay the rectification of inaccurate or incomplete personal data stored by us;
  • Pursuant to Art. 17 GDPR, you have the right to obtain the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
  • Pursuant to Art. 18 GDPR, you have the right to obtain restriction of processing of your personal data if you contest the accuracy of the data, if the processing is unlawful and you oppose the erasure of the data, if we no longer need the data but if you need it for the establishment, exercise or defence of legal claims, or if you have objected to processing pursuant to Art. 21 GDPR;
  • Pursuant to Art. 20 GDPR, you have the right to receive the personal data you have provided to us in a structured, commonly used and machine-readable format, and have the right to transmit this data to another controller.

To exercise these rights, please contact:

Data protection officer of the Stiebel Eltron Group
STIEBEL ELTRON takes account of its statutory obligations and has appointed a company data protection officer. If you have any further questions or would like information about personal data that relates to yourself, please address your written request to our data protection officer. You are also entitled to request the correction, blocking or deletion of this data, provided this is not prohibited by statutory regulations.

 

STIEBEL ELTRON GmbH & Co. KG

Dr. Stiebel Strasse 33

37603 Holzminden
Germany

Data protection officer

Andreas Campe

Telephone: +49 (0) 55 31 - 702 702

Fax: +49 (0) 55 31 - 702 95 106

Email: datenschutz@stiebel-eltron.de

 

Complaints

If you believe that we are not processing your personal data in accordance with this Privacy Policy or the applicable data protection regulations, you can lodge a complaint with our data protection officer. The data protection officer will look into the matter and inform you of the outcome. You also have the right to complain to a supervisory authority.

VIII. Further information

Disclosure of data to third parties

As a general principle, we do not transfer any personal data to third parties other than for the purposes explained in this Privacy Policy. However, if we are obliged to do so by law or court order, we will transfer your data to the authorities entitled to receive information.
 

Links to other websites

Our online services contain links to other websites. These links are usually marked as such. We have no influence over the extent to which the applicable data protection regulations are observed on the linked websites. We therefore recommend that you also find out for yourself about the respective privacy policies on other websites.
 

Changes to this Privacy Policy

The status of this Privacy Policy is indicated by the date shown (below). We reserve the right to amend this Privacy Policy at any time with future effect. The latest version can be accessed directly via our online services. Please visit our online services regularly to check the Privacy Policy.

Status of this Privacy Policy: August 2022