Privacy Policy for Business Partners of ANDREAS STIHL AG & Co. KG

The following Privacy Policy will inform you about the nature and scope of the processing of so-called personal data by STIHL. Personal data is information which is to be or can be attributed directly or indirectly to yourself.

This Privacy Policy applies to the processing of personal data of our contacts at customers, potential customers, distribution partners, suppliers, cooperation partners, organizations and project partners (hereinafter referred to as “business partners”) by ANDREAS STIHL AG & Co. KG, Badstraße 115, 71336 Waiblingen (the “controller”). STIHL’s Data Protection Officer can be contacted at the aforementioned address, FAO Data Protection Department, or at datenschutz@stihl.de.

If you have an inquiry, ask for a quote from us or conclude a contract with us, we will process your personal data. We also process your personal data among other things in order to meet statutory obligations, to protect a legitimate interest in the business relationship with you or on the basis of consent granted by you.

Depending on the legal basis, the personal data will fall under the following categories:

• Personal and contact information (e.g. surname, first name, business address, business telephone/mobile number/fax/email/function/position)
• Payment data, e.g. information which is necessary for the processing of payment transactions or the prevention of fraud, including credit card numbers and card verification numbers
• Other information whose processing is necessary in a project or the execution of a contract with us or which is provided voluntarily by our contacts, e.g. orders placed, inquiries made, proof of qualifications or project details
• Information which is collected from publicly available sources, information databases or credit agencies
• Information concerning relevant court cases and other legal disputes in which the business partners are involved, insofar as this is necessary in compliance screenings

The processing of the aforementioned categories of personal data is necessary in order to achieve the following purposes:

• Communication with business partners concerning products, services and projects, e.g. in order to process inquiries made by the business partner
• Planning, execution and management of the (contractual) business relationship between us and the business partner, e.g. in order to process the order of products and services, to collect payments, for accounting, billing and debt collection purposes and in order to process deliveries
• Organization of customer surveys, marketing campaigns, market analyses, competitions or similar actions and events
• Maintenance and protection of the security and safety of our products, services and websites, prevention and detection of security risks, fraudulent behavior or other criminal or malicious activities
• Compliance with legal requirements (e.g. retention periods required by tax and commercial law)
• Settling of legal disputes, enforcement of existing contracts and assertion, exercising and defense of legal rights

The legal basis for the processing is provided by Article 6 (1)(b), (c) and (f) GDPR or your express consent pursuant to Article 6 (1)(a) GDPR. The processing of personal data is necessary in order to achieve the aforementioned purposes, including the execution of the (contractual) business relationship with the business partner. Our legitimate interest is established by the aforementioned purposes of data collection.

If the aforementioned personal data is not provided or if it cannot be collected, it may be the case that the individual purposes described cannot be achieved.

If an express retention period is not stated at the time of collection (e.g. in accordance with a declaration of consent), your personal data will be erased if it is no longer required in order to fulfil the purpose for which it is stored, unless statutory retention requirements (e.g. retention periods required by tax and commercial law) require otherwise.

Some processing is performed by companies within the STIHL Group. Data is therefore transferred regularly within the Group. As a rule, the data is transferred on the basis of a contract data processing agreement. In other cases, the legal basis for the data transfer is provided by Art. 6 (1)(f) GDPR, whereby our legitimate interest lies in the efficient design of our processes.

We transfer personal data to courts, supervisory authorities or law firms insofar as this is permitted by law and necessary in order to comply with applicable law or assert, exercise or defend legal rights.
When we work with service providers (so-called contract data processors), e.g. IT maintenance service providers, these only act in accordance with our instructions and are required by contract to comply with the applicable requirements under data protection law.
If the service providers are located in countries outside of the European Economic Area (“third countries”), personal data is only transferred if the data transfer is made in accordance with the principles of the so-called Privacy Shield, on the basis of so-called standard contractual clauses of the EU Commission or if an adequacy decision by the EU Commission exists.

In addition to the right to withdraw the consents you have given us, you have the following further rights provided the respective statutory requirements are met:

• Right to information relating to your personal data stored by us pursuant to Art. 15 GDPR 
• Right to rectification of inaccurate or completion of accurate data pursuant to Art. 16 GDPR
• Right to erasure of your data stored by us pursuant to Art. 17 GDPR, unless statutory or contractual retention periods or other statutory obligations and rights to continue to store the data are to be complied with 
• Right to restriction of the processing of your data pursuant to Art. 18 GDPR
• Right to data portability pursuant to Art. 20 GDPR
• Right to complain to a supervisory authority

Under the conditions of Art. 21 (1) GDPR, the data processing can be objected to on grounds relating to the particular situation of the data subject.

The above general right to object applies to all of the processing purposes described in this Privacy Policy, which are processed on the basis of Article 6 (1)(f) GDPR. We are only required under the GDPR to action such a general objection if you give reasons of overriding importance for this.

We will revise this Privacy Policy if changes are made to the data processing or if any other events make this necessary. You will always find the current version as amended on this website. You should therefore visit this website regularly in order to inform yourself of the current version of the privacy policy.