1. Introduction and General Terms
Dear visitor, we welcome your interest in the information we provide and your attention. Protecting your privacy when collecting, processing and using your personal information in accordance with the provisions of statute is very important to us. This Privacy Policy describes what we do with the personal information we collect, process or use through any of the websites under the responsibility of Sedus Stoll AG or Sedus Systems GmbH (hereinafter ‘Sedus’) containing a link to this Privacy Policy. This Privacy Policy concerns with the personal information of customers, interested parties, applicants or visitors.
Sedus is committed to protecting your personal information. Personal data consist of information that relates to natural persons and can be assigned to a particular individual (e.g. your name, your telephone number or your email address). If you disclose such information, we are required by law to use your information, subject to all of the legislation pertaining to the protection of personal information. The following Privacy Policy meets the requirements of Art. 13 GDPR with regard to informing data subjects about data processing,
Sedus websites may contain links to websites owned and operated by third-party companies and not subject to this Privacy Policy. These third-party websites are subject to separate data protection regulations of the respective website operators.
2. Controller
The controller within the meaning of the General Data Protection Regulation is:
Sedus Stoll Aktiengesellschaft
Christof-Stoll-Straße 1
79804 Dogern
Germany
Tel.: +49 7751 84 - 0
Fax: +49 7751 84 - 310
Email: sedus(a)sedus.com
Internet: www.sedus.com
You will find all the information here: https://www.sedus.com/en/common/publication-details
3. THE PRIVACY POLICY’S AREA OF APPLICATION
The legislator understands personal data processing to mean activities such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
Personal data is all information relating to an identified or identifiable natural person.
This privacy policy applies to personal data belonging to customers, interested parties, applicants or visitors.
This privacy policy applies to our website (sedus.com) including all subdomains as well as to PartnerNet, the Online Basket, the recruitment portal, Sedus ergo+, Sedus WHAT’S UP?, Sedus Knowledge Sharing, the Home Office Shop, and to Sedus Outlet. Plus shops designed for specific customers
3.1 Collection and processing of data during your visits to our website
When you visit our website, the web server always saves the IP address assigned to you by your internet service provider, the website from which you came, the web pages on our site that you visit, the amount of data transferred, the identification of your web browser, the time of your visit and other information about your access devices in server log files automatically sent to us by your browser. This data is stored in a server log exclusively for statistical purposes, e.g. to improve the website and its contents, including security.
3.2 Collection and processing of data during your visit to Sedus PartnerNET
When you access or log into the PartnerNET portal or set up an account using the registration system, we receive personal data and official contact details from you under certain circumstances. This may be your name, email address, postal address, country, phone number, fax number or customer number, as well as data that we have collected through your use of Sedus services. Your personal data is collected to allow you to use our PartnerNET portal. We check your data and activate your account.
3.3 Privacy policy for the use of Online-Basket
Registered and logged-in users receive access to Online-Basket. Online-Basket is an interactive tool that enables our commercial customers to freely configure, offer and order items of office furniture from Sedus for their end customers. In this regard, your customers’ personal data (e.g. name, address, email address) is collected insofar as it is necessary for the ordering process. In Online-Basket, the specified customer data is only stored temporarily, i.e. only for the duration of the session, and is deleted once you log out of the portal.
If the ordering process is continued during the next session, you have the option of saving your project-related and end customer-related data, enquiries and quotes on Microsoft OneDrive. You must have an appropriate account to do this. Since you are leaving PartnerNET in this regard, you need to log into OneDrive with a Microsoft account you set up previously or an account with a selected Microsoft partner. As soon as you log into OneDrive and save your data there, the Microsoft privacy policy applicable to the Microsoft account and to OneDrive shall apply. Microsoft OneDrive is not offered by Sedus. You can use Online-Basket without any need to register for Microsoft OneDrive and with Microsoft. But then, you will be unable to save your data. However, you can print out individually configured quotes at any time or save them as a PDF file.
3.4. “Knowledge Sharing” (Sedus online book shop)
(only available in select countries)
On our website www.knowledge-sharing.sedus.com, you can place a binding order for products. This website is hosted by our partner, W3CODE. In addition to the login credentials (user name, email address), we collect all data entered by the customer for the purpose of order processing. This data includes: Last name, first name, address. Such data which is absolutely necessary for delivery or order processing, is passed on to third service providers. As soon as the storage of your data is no longer necessary or legally required, it will be deleted.Signing in is optional. You can also make purchases as a guest. In this regard, we use cookies to s ave the login status and the contents of the shopping cart. This personal data in the order will be deleted 14 days after the order has been completed or cancelled. http://www.knowledge-sharing.sedus.com
3.5 Sedus online shop
(Only available in selected countries)
On our website www.outlet-sedus.com, we give you the option of making binding product purchases so that you can later collect and pay for them in the factory outlet. This website is hosted by our partner, W3CODE. In addition to the login credentials (username, email address), we collect the address details, phone number and email address you provide for the purpose of purchase processing. Optional title and company name. Login is optional. You can also make purchases as a guest. In this regard, we use cookies to safeguard the login status and the contents of the shopping basket. This personal data in the order shall be deleted 14 days after the order has been completed or cancelled.
On our website www.homeofficeshop.com, you can purchase products and pay directly through a payment service provider. This website is hosted by our partner, Squarespace. For processing your purchase, we collect your address data as well as your telephone number and email address (title and company name are optional). In this regard, we use cookies to save the status and the contents of the shopping cart. Personal data relating to orders will be deleted 30 days after the order has been completed or cancelled.
We have installed individual online shops for specific customers.
3.6. Newsletter subscription
Sedus offers a newsletter on its various websites, which provides information about current events and offers. To subscribe to the newsletter, you will need to enter a valid email address and confirm the link sent to you. You can unsubscribe at any time via a link in the newsletter.
3.7. Online chat
On our website www.sedus-outlet.com, we offer you an online chat, through which you can get in touch with Sedus.
3.8. Augmented Reality App (Sedus AR App)
Our Augmented Reality App can be downloaded and installed from various app stores.The app enables you to visualise a reality, enhanced by computer-generated information, in which the real world and the virtual world mix.Information and graphics about the real world being viewed are displayed in real time.
3.9 Use of the Chatbot
We use chatbot functions from avenit AG, Marlener Straße 2, 77656 Offenburg, Germany (hereinafter "avenit") on our website. With the help of avenit's chatbot functions, you can ask questions and thus conveniently access the information on our website that is of particular interest to you. The use of avenit's chatbot functions therefore enables us to provide you with an interactive and improved user experience on our website.
When using the chatbot, a direct connection to an avenit server is established. For technical reasons, your IP address is transmitted to avenit. If you enter your question in the chat while using the chatbot, the data you enter is transmitted to avenit's server and processed there to generate a response. avenit uses technologies from the service provider OpenAI, L.L.C., 3180 18th Street, San Francisco, CA, USA (hereinafter "OpenAI"). For technical reasons, your entered data is therefore forwarded to OpenAI servers and processed there. These servers may also be located in the USA. You can find more information about data processing by OpenAI on the following OpenAI web pages: https://help.openai.com/en/articles/7842364-how-chatgpt-and-our-language-models-are-developed, https://openai.com/policies/privacy-policy and https://openai.com/policies/data-processing-addendum.
The processing of personal data serves solely to process your inquiries. Our legitimate interest in data processing also lies in the purposes. Insofar as you have given us consent for this, the legal basis for the processing of this data is Art. 6 Para. 1 S. 1 lit. a) GDPR. If you wish to initiate the conclusion of a contract through your inquiry or if the inquiry serves to implement or process an existing contractual relationship between you and us, Art. 6 Para. 1 S. 1 lit. b) GDPR represents an additional legal basis. Otherwise, the legal basis for the processing of this data is Art. 6 Para. 1 S. 1 lit. f) GDPR.
You can revoke your consent to the processing of your personal data at any time. The legality of the data processing that has already taken place remains unaffected by the revocation. We would like to point out that the chatbot functions can no longer be used from the time of revocation.
In order to oblige avenit to process the transmitted data only in accordance with our instructions and to comply with the applicable data protection regulations, we have concluded a data processing agreement with avenit (Art. 28 GDPR).
If, in individual cases, personal data is processed outside the EU or the EEA, such as in the USA by OpenAI, and transmitted there, avenit has concluded a contract with OpenAI that includes the EU standard contractual clauses adopted by the EU Commission on June 4, 2021 within the meaning of Art. 46 Para. 2 lit. c) GDPR (see https://openai.com/policies/data-processing-addendum; you can find further general information on the following EU websites: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en and https://ec.europa.eu/germany/news/20210604-datentransfers-eu_de) to ensure an adequate level of data protection for the processing of personal data in the third country.
Subject to deviating statutory retention periods, the data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when we have finally processed your request. According to its own information, OpenAI deletes received data after 30 days at the latest.
Information about the third-party provider: avenit AG, Marlener Straße 2, 77656 Offenburg, Germany.
You can find further information on data usage by avenit, your rights and data protection in general on the following avenit website: chatvusyon.ai/datenschutz
4. What situations does Sedus contact you in?
Sedus may contact you:
- in connection with service and support for which you have registered in order to be sure that Sedus can provide you with the services;
- in connection with any correspondence or any comments or complaints we have received from you concerning Sedus products and services;
- in connection with personalised services you use;
- in order to invite you to participate in surveys on Sedus services (participation is always voluntary);
- for marketing purposes, i.e. newsletter and posting services, if you have already explicitly gave your consent to this effect.
5. What purposes do we process your personal data for – and what is the legal basis for this?
Contract fulfilment
We process your data so that we can prepare and fulfil the contracts we conclude with you. This also applies to information you make available to us in the context of pre-contractual correspondence. The specific purposes of data processing depend on the respective product and the request made, and can also be used to analyse your needs and check what products and services are suitable for you. Your data is also disclosed within the Sedus corporate group and to external assembly service providers and forwarding agents to fulfil the contractual obligation.
Goods and service providers
We also need your personal data so that we can check whether and what products and services we are able and allowed to offer you.
Details about the respective purposes of data processing can be found in the contractual documents and in our General Terms and Conditions.
Implementation of the application process
We process your data that you have sent us in the context of your application to check whether your specialist qualifications are suitable for the job advertised. We only use your information for the application process and transfer it to your personal file when a contract is concluded. If an agreement is not reached, your information will be deleted or destroyed after six months. We will not use your applicant information for any purposes other than implementation of the application process unless you have consented to further use of your data (e.g. inclusion in the applicant pool).
If you are under the age of 13, you need to ask a parent or legal guardian for permission before using our recruitment portal. If you think that we may be in unauthorised possession of personal data from a child under the age of 13, please contact us at sedus(a)sedus.com.
Following balancing of interests:
We improve our services and offer you suitable products.
As regards online chats, we process your data due to our legitimate interest in offering you our service in the best possible way, to be able to respond directly to your questions, to schedule dates and to inform you about current events and offers. In addition, we support you in finding retailers and in selecting products. For this purpose, we process your name, contact data and the entire conversation including the data disclosed by you.
To strengthen and optimise the customer relationship
In the context of our efforts to continuously optimise our relationship with you, we occasionally request that you take part in our customer surveys. The results of the surveys are used to adapt our products and services so that they meet your needs even better. The results of these surveys are used without any references to you.
Data processing and analysis for marketing purposes
Your needs are important to us and we try to provide you with information about products and services that is specifically suitable to you. We use the results from our joint business relationship and from market research for this purpose. The main objective in this regard is to adjust our product proposals to your needs. In this respect, we guarantee that we always process data in accordance with applicable data protection law. Please note that you can object to your personal data being used for this purpose at any time.
What do we specifically analyse and process?
- Results of our marketing campaigns to measure the efficiency and relevance of our campaigns;
- Information from your visits to our website;
- The possible need for our products and services.
Newsletter
You have the option of subscribing to our newsletter via our website. To send it, all we need is your email address, country and language. Any other information you provide is voluntary. You will only be sent our newsletter once you have successfully completed a double opt-in procedure. You have the right at any time to view your declaration of consent or to unsubscribe from the newsletter. Each letter that accompanies our newsletter contains corresponding links. If you unsubscribe from our newsletter, we will immediately block your contact details in our newsletter distribution list.
The legislator makes specific requirements regarding the effectiveness of electronic consent, such as that used to subscribe to the newsletter. This also includes logging your declaration of consent. We therefore log the date and time of your consent, the text of the declaration of consent, whether the checkbox was checked, your email address and any other voluntary information you provide. We also log the date and time you clicked on the confirmation link and the link in the confirmation email. We only collect this information to meet the legal obligations.
Based on your consent
If you have consented to processing of your personal data for one or more substantiated purposes, we may permissibly process your data. You can revoke this consent at any time with effect for the future without incurring anything other than the transmission costs at the basic rates (the costs of your internet connection). However, revocation of consent does not affect the lawfulness of the processing activities carried out until such time that you object.
Based on legal specifications or in the public interest
As a company, we are subject to a wide range of legal requirements (resulting from tax legislation, for example). We process your personal data to meet our legal obligations.
Sedus occasionally uses third-party providers to process your personal data – for instance, to conduct certain analyses (cf. Section 7, “Technologies”) or to rent storage space or server capacities for our web hosting and/or application. Sedus undertakes to ensure that these third-party providers and all data processors engaged strictly adhere to our instructions. Sedus maintains relevant agreements on the commissioned data processing operations with all providers as per Article 28 of the GDPR. When processing personal data outside of the EU/EEA, we ensure an adequate level of data protection in the third country that is appropriate for European data protection by entering into a contractual agreement based on the EU standard contractual clauses.
Augmented Reality App
When you use our Augmented Reality App, we process your data based on your consent which you give when you install the app. This applies in particular to the access to the camera. We use the data within the app to provide you with an AR experience and ensure functionality on your device. The pictures and data remain exclusively on your device.
For processing via online payment service providers
We have integrated components of the payment service provider PayPal on our online shop web page. Payments are processed via so-called PayPal accounts, which are virtual private or business accounts. In addition, PayPal offers the possibility to process virtual payments via credit cards if a user does not have a PayPal account. If the user selects “PayPal” as payment option in our online shop during the ordering process, the user’s data is automatically transmitted to PayPal. By selecting this payment option, the person concerned consents to the transfer of personal data required for payment processing. PayPal processes the data on its own responsibility.
We have also integrated components of the payment service provider Stripe on our online shop web page. If you choose a payment method offered by the payment service provider Stripe, we will, as part of the payment process, pass on your information provided during the ordering process together with the information about your order (name, address, account number, bank code, credit card number (if applicable), invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. Your data will only be passed on for the purpose of payment and order processing.
6. Browser cookies
A "cookie" – also commonly known as a “web cookie” or “browser cookie” – is a small-volume file that contains a unique ID and is sent to and automatically stored on your computer, tablet or mobile phone if you visit a website. Each website can send its own cookie to your web browser if your settings allow this. Most modern browsers support cookies, but give the user the option of deactivating them. You can specify that your browser should reject all cookies or display a message if a cookie is sent. However, some of the functions or services on our sites will not be fully operational without cookies.
On Sedus websites, cookies store information about your online preferences and thus enable us to tailor our websites to your interests. We also use cookies to continuously improve the quality of our services and to determine how our websites are used. To do this, we store the user’s preferences in cookies and track trends and patterns in how visitors navigate our websites.
There are different kinds of cookies.
Session cookies: A user’s session cookies for a website exist only in the RAM and only while the user is on the website. If an expiry date or validity period is not specified when the cookie is created, only a session cookie is produced. Web browsers normally delete session cookies when the user closes the browser.
Persistent cookies: Persistent cookies exist beyond the duration of the session. If a maximum age of one year was specified for a persistent cookie, for example, within this year the initial value specified in this cookie is always sent to the server if the user visits this server. This enables recording of how the user originally came to visit the website. This is why persistent cookies are also known as tracking cookies.
We may use third-party cookies to determine user trends and patterns using third-party web statistics providers. Third-party cookies are cookies that belong to domains other than the one shown in the browser’s address bar. Web pages may contain contents from third-party domains (e.g. banner advertising). This enables us to track the user’s browsing history. Data collected by third-party cookies is processed by the respective providers on behalf of Sedus as the data controller. The third-party cookies on the Sedus website are exclusively used by Sedus websites and web statistics providers and are not disclosed to third parties. Most modern browsers’ data privacy settings enable blocking of third-party tracking cookies (see Section 9 regarding this matter).
7. Technology
Sedus only uses internet technologies (e.g. cookies, JavaScript) to make it easier for you to work with internet applications. We use Google Analytics (a web analytics service) to analyse the content of this website, to compile reports on website activity for the website operator and to provide the website operator with other services relating to the website activity and internet use. Reports on your website activities are also compiled for Sedus, so that it can tailor its internet services to your needs.
The collected data is only analysed for statistical purposes and in anonymised form. Google Analytics truncates IP addresses before transmission for this purpose. We would like to inform you that the website uses the “gat._anonymizeIp();” Google extension. It guarantees that IP addresses are collected anonymously (IP anonymisation). Google does not combine your truncated IP address with other Google data.
You can object to any further tracking analysis at any time. You can also prevent the collection of the data on your use of the web-site by the cookie (including your IP address) as well as its evaluation by Google by downloading and installing the browser plug-in available from the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB. If you use more than one terminal or browser you must perform the opt-out for every terminal and every browser.
8. Social plug-ins
Our website uses what are known as social plugins (“plugins”) of social networking sites such as Facebook, LinkedIn, etc. If you access the Sedus website using a plugin such as this, your browser establishes a connection to the underlying social networking site’s server and downloads and shows you the visual representation of the plugin. During this process, the social networking site receives information relating to your visit to our website and other data such as your IP address.
All plugins are indicated with the brand of their respective operator: Facebook, Google, Twitter, Xing and LinkedIn (“operator”). To increase data protection and comply with applicable data protection legislation, Sedus has implemented the plugins using what is known as a two-click solution. This implementation guarantees that, when you visit our website, your browser does not establish a direct connection with the operators’ servers. Only if you activate the plugins by clicking on them and thereby consent to data transmission does your browser establish a direct connection to the respective operator’s server. The content of the plugin is thus transmitted directly to your browser by the operators and embedded in this website.
By embedding the plugin, the respective operator is informed that your browser has accessed our website. If you are logged into your account while visiting the website, the respective operator can link the visit directly to your account. If you interact with the plugin by clicking on the “Facebook Like button” or the “LinkedIn Share button”, for example, the corresponding information will be transmitted by your browser directly to the operator and saved by the latter. The information is also published in the relevant social network and may be displayed to your contacts. If you do not want such data to be transmitted to the operators, you must log out of your respective account before clicking on and activating the plugin.
You will find more information about the purpose and scope of the collection, processing and use of such data in the operators’ privacy policie
- Facebook: www.facebook.com/about/privacy/
- Google (analytics, maps, ...): developers.google.com/+/web/buttons-policy
- XING AG: www.xing.com/app/share
- LinkedIn: www.linkedin.com/legal/privacy-policy
- Commerce Connector: www.commerce-connector.com/web/en/privacy-policy/
- Woocommerce: docs.woocommerce.com/document/woocommerce-cookies/
- WordPress: codex.wordpress.org/WordPress_Cookies
- Intagram: https://help.instagram.com/519522125107875
- Pinterest: https://policy.pinterest.com/de/privacy-policy
- Paypal: https://www.paypal.com/de/webapps/mpp/ua/privacy-full
- Stripe: https://stripe.com/de/privacy#translation
You will find further information in the operators' data privacy policies about the purpose and extent of the collection, processing and use of this data.