Data Privacy Statement

Freudenberg Sealing Technologies GmbH & Co KG (hereinafter referred to as "FST") offers both entrepreneurs, as defined by Section 14 of the German Civil Code, and legal persons under public law the opportunity within the scope of a service contract to use the business-to-business trading system on the "Industrial Supply & Services" online marketplace operated by FST (hereinafter referred to as the "ISS Marketplace") in accordance with the provisions of the ISS Terms and Conditions of Use. Vendors can offer and sell their goods via the ISS Marketplace. Customers can order and buy goods offered by Vendors via the ISS Marketplace.

These data protection notices serve to fulfil the information requirements under Art. 13–14 of the EU General Data Protection Regulation (GDPR), taking into account the collection and processing of personal data of the Users of the ISS Marketplace. In the sense of these data protection notices, "Users" are those natural persons that access the ISS Marketplace on behalf of a customer (for example, an employee or legal representative of a customer).

If personal data regarding a User is processed, that User is then classed as a "Data Subject" in the sense of the GDPR legislation. Details pertaining to a legal entity are not person-specific and therefore not covered by these data protection notices.

I.       Name and address of the controller

The controller is the natural person or legal entity, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

The controller responsible for processing personal data in the context of using the ISS Marketplace in the sense of the GDPR and other national data protection legislation, as well as other data protection provisions, is:

Freudenberg Sealing Technologies GmbH & Co KG

Hoehnerweg 2–4, 69469 Weinheim, Germany

E-mail: contact@iss.fst.com

Within the organisation of FST, only the following departments have access to the data collected in the context of operating the ISS Marketplace: (i) the department of FST which is responsible for operating the ISS Marketplace (ISS Operating Team) and (ii) the department responsible for the technical functionality of the ISS Marketplace (ISS Technical). No data exchange takes place with any other departments/divisions of FST or with any companies affiliated with FST.

Please note that the Vendors are also classed as controllers for processing certain personal data within the scope of using the ISS Marketplace. In such cases, the Vendors are obligated to make the corresponding data protection information available in the course of the contract conclusion process with the customer.

II.            Contact details of the data protection officer

The data protection officer of the controller can be reached via the following contact details:

Legitimis group GmbH

Dellbrücker Straße 116

51469 Bergisch Gladbach

Germany

datenschutz-fst@legitimis.com

Tel: +49 (0) 2202 28 9410

III.    General information on data processing

1.      Scope of personal data processing

The personal data of the User is only processed insofar as processing of this data is permitted based on legal regulations or on the basis of consent provided by the respective User.

2.      Legal basis for the processing of personal data

Insofar as processing of personal data is required to ensure compliance with a legal obligation to which FST is subject, Art. 6 (1) lit. c of the GDPR serves as the legal basis.

If processing is necessary in order to protect the legitimate interests of FST or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject, Art. 6 (1) lit. f of the GDPR serves as the legal basis for processing.

Insofar as FST has obtained the Data Subject's consent to process their personal data, Art. 6 (1) lit. a of the GDPR serves as the legal basis for the processing of personal data.

3.     Data erasure and storage period

Personal data is erased or blocked as soon as the purpose of storage no longer applies. Data can also be stored if provided for by the European or national legislator in directives, legislation or other regulations to which the controller is subject. The data is also blocked or erased when a retention period prescribed by the aforementioned standards expires, unless the data needs to be stored further for the purpose of contract conclusion/fulfilment or the data is required in order to assert, exercise or defend legal claims.

IV.           Provision of the ISS Marketplace

1.      Description and scope of data processing

Each time the ISS Marketplace is accessed, the FST system automatically records data and information from the computer system calling up the site.

The following data is collected here:

(1)   Information on the browser type and the version being used

(2)   The operating system of the User

(3)   The ISP (Internet Service Provider) of the User

(4)   The IP address of the User

(5)   The date and time of access

The data is saved in the log files of the FST system. However, this data is not stored together with other personal data of the respective User.

2.     Legal basis for data processing

The legal basis for temporary storage of the data and the log files is Art. 6 (1) lit. f of the GDPR.

3.     Purpose of data processing

Temporary storage of the IP address by the system is necessary in order to facilitate provision of the ISS Marketplace content on the User's computer. To this end, the IP address of the User must remain saved for the duration of the session.

The information is saved in log files to secure the functionality of the ISS Marketplace. In addition to this, the data is used to optimise the ISS Marketplace and to ensure the security of IT systems operated by FST. However, no evaluation of the data for marketing purposes takes place in this context.

The legitimate interest of FST in data processing according to Art. 6 (1) lit. f of the GDPR also lies in these purposes. 

4.     Duration of storage

This data is erased as soon as it is no longer required to achieve the purpose of its collection. When capturing data in order to provide the content of the ISS Marketplace, this is the case when the respective session is terminated.

In terms of data storage in log files, this is the case no later than after seven days. However, storage that goes beyond this period is also possible. In this case, the IP addresses of the Users are erased or anonymised, so that it is then no longer possible to assign the data to the client.

5.     Opt-out and objection options

The recording of data in order to provide the content of the ISS Marketplace and storage of the data in log files is crucial for operation of the ISS Marketplace. As such, there is no "opt-out" on the part of the User.

V.            Facilitating orders

1. Description and scope of data processing

FST processes the personal data made available to FST within the scope of the purchase order for goods (name and e-mail address of the User, telephone number, billing and delivery addresses, as well as bank and credit card details) in order to facilitate the submission, processing and delivery of orders.

2. Legal basis for data processing

The legal basis for the data processing is Art. 6 (1) lit. f of the GDPR.

3. Purpose of data processing

Processing of the data is necessary in order to facilitate order processing. The aforementioned personal data of the User is required so that the Vendors can process the orders.

Here, the legitimate interest of FST lies in being able to offer its services via the ISS Marketplace. In addition, the legitimate interest of the Vendors lies in being able to process orders.

The aforementioned personal data of the User is only disclosed to the Vendor in question and, if necessary, to service providers commissioned by FST. Please refer to Section IX of these data protection notices for further information.

4. Duration of storage

This data is erased as soon as it is no longer required to achieve the purpose of its collection. This is the case when the data is no longer required in order to process an order. Even after processing an order, there can still be a need to store the User's personal data in order to comply with contractual or legal obligations (for example, to make order history information available to registered Users).

5. Opt-out and objection options

The User can object to the storage of their personal data at any time. It is sufficient to simply send FST an informal e-mail with this request. In cases such as this, the controller then no longer processes the personal data, unless compelling and legitimate reasons for the processing can be provided which outweigh the interests, rights and freedoms of the Data Subject or if the processing serves to assert, exercise or defend legal claims. In cases such as this, FST reserves the right to exclude the respective User from any further use of the ISS Marketplace, as use of the ISS Marketplace is not possible without processing of personal data.

VI.           Registration

1.     Description and scope of data processing

FST offers its customers the opportunity to register on the ISS Marketplace. In this case, once the registration has been activated accordingly by FST, it is then no longer necessary to enter the data and information specified in Section 3 (2) of the ISS Terms and Conditions of Use for future orders. The data is entered into an input screen here and then transmitted to and stored by FST. The data is only ever forwarded to the data processors stated in Section X. No other forwarding of data to third parties takes place. The following personal data is collected within the scope of the registration process:

(1)   Username

(2)   Password

(3)   E-mail address

(4)   Company name

(5)   Postal, billing and delivery addresses of the customer

(6)   VAT number of the customer

(7)   IP address of the User at the time of registration

(8)   Date and time of registration

When registering, a customer profile is created and saved.

Within the scope of the registration process (or during first access to the ISS Marketplace with the access details), the User is requested to provide consent for processing this data.

2.     Legal basis for data processing

When the User has submitted consent, the legal basis for processing the data is Art. 6 (1) lit. a of the GDPR.

3.     Purpose of data processing

A registration by the customer is required for making certain content and services available in the ISS Marketplace. Once registered, it is then no longer necessary to provide the data stated in Section IV.1 for future orders.

4.     Duration of storage

This data is erased as soon as it is no longer required to achieve the purpose of its collection. This is the case for the data collected during the registration procedure if the registration is cancelled or amended.

5.     Opt-out and objection options

Users have the option to change the settings governing the way in which their data is saved at any time. In addition to this, there is an option to erase data. To make use of this option, simply send an e-mail request to: contact@iss.fst.com.

VII.      Messaging function

1.     Description and scope of data processing

FST provides an integrated, automated messaging system (hereinafter referred to as: "Messaging") via the ISS Marketplace which can be used for the purpose of simplifying communication between customers and Vendors, as well as between customers and FST. When a User makes use of the Messaging function, the data entered in the input screen (name and e-mail address of the User, as well as the content of the message and, if applicable, also order-related information) is sent to the Vendor and, depending on the content of the message, potentially also to FST and stored in the respective e-mail inboxes.

In this context, depending on the content of the message, the data may be forwarded to data processors commissioned by FST (see Section IX). However, no further forwarding of any data to third parties is performed. The data is used exclusively for processing the conversation.

2.     Legal basis for data processing

The legal basis for processing the data collected within the scope of sending a message is Art. 6 (1) lit. f of the GDPR. 

3.     Purpose of data processing

The processing of personal data from the input field is used solely to facilitate efficient communication with the Vendor and FST. This is where the necessary legitimate interest of FST and the respective Vendor lies in terms of processing the data.

4.     Duration of storage

The data is erased or blocked as soon as the purpose of storage no longer applies. Data can also be stored if provided for by the European or national legislator in Union rules, legislation, or other regulations to which the controller is subject. The data is also blocked or erased when a retention period prescribed by the aforementioned standards expires, unless the data needs to be stored further for the purpose of contract conclusion or fulfilment. FST is not responsible for storage of the data by the Vendor. Opt-out and objection options

If Users use the Messaging function to establish contact with a Vendor or FST, they can object to the storage of their personal data by FST at any time. It is sufficient to simply send FST an informal e-mail with this request. In such cases, the conversation cannot be continued. In this case, all personal data which has been saved as part of establishing contact is erased or anonymised, thereby ensuring that no personal reference can be made.

VIII.        Forwarding data

In the case of orders being placed, only the Vendors in question and FST have access to the data collected for the purpose of facilitating the order. This data is disclosed on the basis of Art. 6 (1) lit. f of the GDPR. Here, the legitimate interest of FST lies in being able to offer its services on the ISS Marketplace. The legitimate interest of the Vendors lies in being able to process the orders.

The registration data, the technical usage data and the log files are not forwarded to Vendors or any other third parties.

FST only forwards the necessary data to specialised service providers (such as web hosting providers, help desk providers, payment providers, cloud service providers, suppliers). The data may only be saved and used by the service providers to fulfil the purpose of the forwarding. Processing takes place in compliance with the regulations for data processing in accordance with Art. 28 of the GDPR. Unless otherwise indicated, FST only uses service providers that are based in the EU/EEA.

FST uses the following service providers that are based in the USA: Google, Inc, Zendesk, Inc, LinkedIn.

IX.           Cookies

The ISS Marketplace uses cookies. You can find more detailed information in our cookie guidelines, which can be called up at https://uk.iss.fst.com/cookies.

X.            Newsletter

1.     Description and scope of data processing

In the ISS Marketplace, Users can subscribe to a newsletter, in which FST offers information on new products, offers and further FST advertising campaigns/promotions.

When you subscribe to the newsletter, we save your IP address and the date of the subscription.

2.     Purpose of data processing

Data processing is used exclusively for the purpose of sending you the newsletter you have subscribed to. The IP address is saved only as evidence in the event that a third party misuses an e-mail address and subscribes to the newsletter without the knowledge of the rightful holder of the e-mail address. This data is used solely for dispatching the newsletter and is not passed on to any third parties.

3.     Legal basis for data processing

Your e-mail address is processed on the basis of a declaration of consent in accordance with Art. 6 (1) lit. a of the GDPR. The IP address and the date of subscription are processed on the basis of Art. 6 (1) lit. f of the GDPR. This permission allows processing of personal data within the scope of the "legitimate interest" of the controller, insofar as your own basic rights, fundamental freedoms or interests do not override this. Our legitimate interest lies in documenting the declaration of consent, as well as both detecting and preventing fraud.

4.     Opt-out and withdrawal options

You can withdraw your consent to the use of the e-mail address to dispatch the newsletter at any time. This unsubscription can be performed via a link in the newsletters themselves, via your user profile or by sending an e-mail. You can object to the processing of your IP address and the date of your subscription at any time. In this case, simply send an e-mail request. However, objecting to the processing of the IP address and the subscription date can lead to FST deleting the respective e-mail address from the newsletter mailing list.

5.     Duration of storage

This data is erased as soon as it is no longer required to achieve the purpose of its collection. When processing data for the purposes of the newsletter, this is the case if you unsubscribe from the newsletter.

XI.           Rights of the Data Subject

6.     Right of access to information, rectification, erasure, restriction and transmission

Where the statutory prerequisites are met, Users have the right to request from FST information regarding personal data or data processing that affects them (Art. 15 of the GDPR), as well as rectification, erasure and restriction of processing of personal data that affects them (Art. 16 to 18 of the GDPR) and transmission of personal data that affects them (Art. 20 of GDPR).

7.     Right to withdrawal of consent

Where the statutory prerequisites are met as per Art. 21 of the GDPR, Users also have a right to object to data processing that is based on a "legitimate interest" of the controller in line with Art. 6 (1) lit. f of the GDPR.

Users have the right to withdraw their data protection declaration of consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

8.     Right to lodge a complaint at a supervisory authority

In line with Art. 77 (1) of the GDPR, Users have the right to complain to the responsible supervisory authority if they are of the opinion that the processing of their personal data is not being performed lawfully, in particular infringing on the GDPR.