1. Who is responsible for the processing of your personal data?
1.1 Your personal data are processed by mateco GmbH, Bottroper Str. 16, 70376 Stuttgart, with corporate registration number 764712 (hereinafter: “we”, “us”, “our”). You can contact us via e-mail at firstname.lastname@example.org.
1.3 Where reference is made to certain laws or regulations, such reference shall also include any change, replacement or annulment of said laws or regulations, including any related executive decisions.
2 Which categories of personal data do we process?
2.1 Whenever you use our Website, Webshops and Social Media Channels, we collect:
- technical information associated with the device you use, such as your IP address, browser type, geographical location and operating system;
- information concerning your browsing behavior, such as how long you visit, what links you click on, what pages you visit and how many times you visit a page.
2.2 When you fill out the contact form on our Website, or contact us via e-mail, telephone, fax or Social Media Channels, we collect:
- the basic identity information you provide us with, such as name, e-mail address, postal address, telephone number, the company you work for, your function;
- the content of your communication and the technical details of the communication itself (with whom you correspond at our end, date and time, etc.);
- publicly available information of your profile on Social Media Channels;
- any other personal data you choose to provide to us..
2.3. When you place an order on one of our Webshops, as customer or supplier, we collect:
- the basic identity information we require to process your order, such as your name, company, function, postal address and telephone number;
- details pertaining to the order itself.
2.4. All of the personal data listed above, we receive directly from you. It may happen that we receive additional information about your preferences and surfing behavior from partners such as Google, Facebook, YouTube, SurveyMonkey and MailChimp. If you require more information about the personal data these parties process about you and make available to others, you are kindly requested to consult their respective privacy policies:
- Google: https://www.google.com/intl/en/policies/privacy/
- Facebook: https://www.facebook.com/about/privacy
- YouTube: https://www.google.com/intl/en/policies/privacy/
- SurveyMonkey: https://de.surveymonkey.com/mp/policy/privacy-policy
- MailChimp: https://www.mailchimp.com/legal/privacy
3. Why do we process your personal information?
3.1. We process your personal data to provide you in a personalized and efficient way with the information, products and services you request via the Website, e-mail, telephone, fax, Social Media Channels and Webshops.
3.2. We process your personal data for marketing purposes, i.e. to provide you with targeted communications, promotions, offerings and other advertisements of us and selected partners.
Unless you are an existing customer who has already purchased similar goods or services from us and who we wish to target with our own marketing material, We will only send you communications, promotions, offerings, newsletters and other advertisements via e-mail or other person-to-person electronic communications channels if you have explicitly consented to receiving such communications, promotions, offerings, newsletters and other advertisements.
3.3. We process your personal data to comply with legal obligations or to comply with any reasonable request from competent law enforcement agents or representatives, judicial authorities, governmental agencies or bodies, including competent data protection authorities.
Your personal data may be transferred upon our own initiative to the police or the judicial authorities as evidence or if there are justified suspicions of an unlawful act or crime committed by you through your registration with or use of the Website, Webshops, our Social Media Channels or other communication with us.
3.4. We may be required to collect and transfer your personal data to the financial institution or payment service provider to allow your financial institution and the payment service provider to comply with their legal obligations, such as obligations under applicable anti-money laundering and counter-terrorism financing legislation.
3.5. We process your personal data to perform statistical analyses so that we may improve our Website, Webshops, products and services or develop new products and services.
3.6. We may process your personal data for informing any third party in the context of a possible merger with, acquisition of/by or demerger by that third party, even if that third party is located outside the EU.
4. What makes the processing of your personal data legitimate?
4.2. The processing of your personal data for the purpose of fulfilling an order you have placed via one of our Webshops is necessary for performing the agreement between you and us.
4.3. The processing of your personal data for the purposes outlined in clauses 3.3 and 3.4 is necessary to allow us to comply with our legal obligations.
4.4. The processing of your personal data for the purposes outlined in clauses 3.1 is necessary for the purpose of our legitimate interests, which are:
- continuous improvements to our Website, Webshops, Social Media Channels, products and services to ensure that you have the best experience possible;
- keeping our Website, Webshops, Social Media Channels, products and services safe from misuse and illegal activity;
- marketing and promotion of our products, services, brands an overall successful commercialization of our products and services.
5. Who receives your personal data?
5.1. We do not send your personal data in an identifiable manner to any third party without your explicit permission to do so. You understand, however, that if you use our Social Media Channels, your personal data is also processed by the social media providers. If you purchase anything via our Webshops, a financial institution or payment service provider may also receive your personal data in order to provide their services.
5.2. We rely on third party processors to provide you the Website and Webshops as well as to process your personal data on our behalf. These third party processors are only allowed to process your personal data on behalf of us upon explicit written instruction of us. We warrant that all third party processors are selected with due care and are obliged to observe the safety and integrity of your personal data.
6. Do we transfer your personal data outside the EEA?
6.1. We process your personal data first and foremost within the EEA. However, in order to process your personal data for the purposes outlined in article 3 above, we may also transfer your personal data to other entities within our group or to third parties who process on our behalf which are located outside the EEA. Each entity outside the EEA that processes your personal data shall be bound to observe adequate safeguards with regard to the processing of your personal data. Such safeguards will be the consequence of:
- the recipient country having legislation in place which may be considered equivalent to the protection offered within the EEA; or
- a contractual arrangement between us and that entity located outside the EEA. All those entities are parties to a contractual arrangement based on the EC’s Standard Contractual Clauses (controller-to-controller) (Commission Decision C(2004)5721.
6.2. We may transfer anonymized and/or aggregated data to organizations outside of the EEA. Should such transfer take place, we will ensure that there are safeguards in place to ensure the safety and integrity of your data as well as all rights with respect to personal data you might enjoy under applicable mandatory law.
7. What are the quality assurances with regard to your personal data?
7.1 We do our utmost best to process only those personal data which are necessary to achieve the purposes listed under article 3.
- an overriding interest of us, your financial institution, the payment service provider, or any other third party in keeping your personal data identifiable;
- a legal or regulatory obligation or a judicial or administrative order that prevents us from de-identifying them.
7.3. An essential aspect of our marketing efforts pertains to making our marketing materials more relevant to you. This means that we build a profile of you based on relevant characteristics as outlined in article 2 and then use this profile to provide you with communications, promotions, offerings, newsletters and other advertisements about products and services that may interest you. Targeted marketing shall be done based on the information we collect (as obtained through the ways explained before).
7.4. We will take the appropriate technical and organizational measures to keep your personal data safe from unauthorized access or theft as well as accidental loss, tampering or destruction. Access by personnel of us or its third party processors will only be on a need-to-know basis and subject to strict confidentiality obligations. You understand, however, that safety and security are best efforts obligations only which can never be guaranteed.
8.1 You have the right to request access to all personal data we process pertaining to you. We reserve the right to charge an administrative fee for multiple subsequent requests for access that are clearly submitted for causing nuisance or harm to us.
8.2. You have the right to ask that any personal data pertaining to you that are inaccurate, are corrected free of charge. If a request for correction is submitted, such request shall be accompanied of proof of the flawed nature of the data for which correction is asked.
8.3. You have the right to withdraw your earlier given consent for processing your personal data, in which case clause 8.4 will apply.
8.4. You have the right to request that personal data pertaining to you be deleted if they are no longer required in light of the purposes outlined in article 3 or if you withdraw your consent for processing them. However, you need to keep in mind that a request for deletion will be evaluated by us against:
- overriding interests of us, your financial institution, the payment service provider or any other third party;
- legal or regulatory obligations or administrative or judicial orders which may contradict such deletion.
Instead of deletion you can also ask that we limit the processing of your personal data if and when (a) you contest the accuracy of that data, (b) the processing is illegitimate or (c) the data are no longer needed for the purposes listed under article 3 but you need them to defend yourself in judicial proceedings.
8.5. You have the right to oppose the processing of personal data if you are able to prove that there are serious and justified reasons connected with his particular circumstances that warrant such opposition. However, if the intended processing qualifies as direct marketing, you have the right to oppose such processing free of charge and without justification.
8.6. You have the right to receive from us in a structured, commonly used and machine-readable format all personal data you have provided to us.
8.7. If you wish to submit a request to exercise one or more of the rights listed above, you can send an e-mail to email@example.com. An e-mail requesting to exercise a right shall not be construed as consent with the processing of your personal data beyond what is required for handling your request. Such request should clearly state which right you wish to exercise and the reasons for it if such is required. It should also be dated and signed, and accompanied by a digitally scanned copy of your valid identity card proving your identity. If you use the contact form, we may ask you for your signed confirmation and proof of identity.
We will promptly inform you of having received this request. If the request proves valid, we shall honour it as soon as reasonably possible and at the latest thirty (30) days after having received the request.
If you have any complaint regarding the processing of your personal data by us you may always contact us via the e-mail address listed in this clause 8.7. If you are not satisfied with our response, you can file a complaint with the relevant data protection authority: You are located in Germany the Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg is responsible:
Königstrasse 10 a
Postfach 10 29 32
For more information, visit www.baden-wuerttemberg.datenschutz.de.
If you visit us from Luxembourg, the competent authority is
Commission nationale pour la protection des données
1, avenue du Rock'n'Roll
Tel: (+352) 26 10 60-1