Here you can download or print out our Privacy Statement.
The protection of its customers‘ data is of utmost importance for A. Sutter Fair Business. With the following information we would like to give you an overview of the processing of your personal data and about the rights granted to you in this respect. Which data are used and how they are processed is mainly dependent on the service contract agreed upon with you. Thus, not all parts of this statement may be applicable in your case.
The privacy statement of A. Sutter Fair Business GmbH contains terms which are defined by
Article 4 of the General Data Protection Regulation (GDPR).
- 1. Who is responsible for data processing and who can I turn to?
1.1 Responsible Person
Responsible person according to GDPR is
A. Sutter Fair Business GmbH
Bottroper Str. 20
Phone: +49 (201) 8316-001
Fax: +49 (201) 8316-009
General E-Mail contact: firstname.lastname@example.org
Managing Director: Martin Sutter
In case you wish to contact us regarding data protection aspects, especially to assert your rights according to GDPR, please use the following E-Mail address:email@example.com.
As soon as a person concerned contacts us via E-Mail, the personal data of the concerned person will be saved automatically. Such data, sent to us on a voluntarily basis by a concerned person, will be saved for reasons of processing or contacting the concerned person. There will be no passing on of these personal data to third parties. As changes of laws or of our company processes may require adjustments of this privacy statement, we would ask you to read this privacy statement on a regular basis and to mind the status. You may read, save, and print the privacy statement under „Privacy Statement“ at any time.
1.2 Contact Data of the Data Protection Officer
A. Sutter Fair Business GmbH has appointed an external data protection officer, who you can also contact under the address mentioned below, adding „Datenschutz A. Sutter Fair Business GmbH“:
Herr Simon P. Parl, Dipl.-Wjur. (FH)
arbeitgeber ruhr GmbH
Phone: +49 (0234) 588 77 -38
Fax: +49 (0234) 588 77 -70
- 2. Which sources and data do we use?
We use personal data which we gather within the scope of use of our websites by i.e. customers, interested parties, or applicants.
- 3. Why do we process your data (purpose of processing) and what is the legal basis?
We process personal data in accordance with the regulations of the European Union General Data Protection Regulation (GDPR) and the Bundesdatenschutzgesetz (German Federal Data Protection Law):
3.1 Regarding Fulfillment of Contractual Duties (Article 6(1 lit. b) GDPR)
The processing of data may be effected within the scope of contractual duties with you as our customer or within the scope of pre-contractual measurements. A processing within the scope of pre-contractual measurements is effected, i.e. in case of inquiries regarding our services.
3.2 Within the Scope of Balancing of Interest (Article 6(1 lit. f) GDPR)
Processing procedures rest on this legal basis, in case the processing is necessary to protect a justified interest of our company or a third party, unless your interests, fundamental rights, and fundamental freedoms predominate. Thus, we process your data beyond the actual fulfillment of the contract to protect justified interests of our company or third parties, i.e. to:
- Maintain business relationships
- Check and optimize processes for requirement analyses for direct customer approach
- Send advertisements or make market or opinion researches, in case you did not contradict the use of your data
- Assert legal claims or defense in case of legal disputes
- Guarantee the security of our IT and of the IT operation of our company
- Insert measurements for the business management and development of services and products
3.3 Based on Your Consent (Article 6(1 lit. a) GDPR)
In case you have given us your consent to process your personal data for distinctive purposes (i.e. for marketing purposes or to send a newsletter), the legality of this processing is based on your consent.
3.4 Based on Legal Requirements (Article 6(1 lit. C) GDPR) or on Public Interest (Article 6(1 lit. e) GDPR)
Within the scope of legal requirements, we are subject to i.e. tax laws. Among others, the fulfillment of fiscal control and reporting obligations is one of the purposes of data processing. Furthermore, we are legally bound to store data by i.e., the regulations of the code of commercial law or the fiscal code.
3.5 Within the Scope of Creating an Employment Relationship (Article 88 DSGVO i.V.m. § 26 Abs. 1 BDSG)
If you apply for a job with our company, we may process your personal data.
- 4. What does that mean in detail, referring to the provision of this website and the services offered therein?
4.1 Provision of the Website and Creating of Log Files
Our website is hosted on our own servers.
Each time our website is called up, our system automatically gathers data and information from the computer system of the calling computer. The following data are gathered:
- Information regarding the browser type and version used
- Operating system of the user
- Internet-service-provider of the user
- IP-address of the user
- Date and time of the access
- Websites, from which the user’s system accesses our website
- Websites, which are accessed from the user’s system via our website
These data will also be saved in the log files of our system. These data will not be stored together with other personal data of the user. Legal basis for the temporary storing of these data in the log files is Article 6 (1 lit. b) GDPR.
The temporary storing of the IP-address by our system is necessary to enable the delivery of the website to the computer of the user. Therefore, the IP-address of the user has to be stored for the time of the session. The storage in the log files is made to guarantee the functionality of the website. Furthermore, we use these data to optimize the website and to secure our IT-systems. The data will not be analyzed for marketing reasons in this respect.
The data will be deleted, as soon as they are no longer necessary for the purpose they have been gathered for. As far as the gathering of data for the provision of the website is concerned, they will be deleted as soon as the respective session has been terminated.
In case of the storage of the data in log files, this will happen in a period of 30 days at the latest. A further storage of the data is possible. In that case, the IP-addresses of the users will be deleted or alienated, so that an allocation of the calling client will no longer be possible.
The gathering of data for the provision of the website and the storage of the data in log files is mandatory for the operating of the website. Thus, users have no contesting option.
4.2 Contact Form and E-Mail Contact
On our website, there is a contact form, which may be used for electronic contact. If you choose to take this option, your data entered in the input mask will be transferred to us and saved. These data contain:
- Free text for notes
At the time of registration, the following data will be saved additionally:
- IP-address of the user
- Date and time
For us, the only purpose of processing personal data in the input mask is contacting you. All other personal data processed during the dispatching process, only serve to prevent an abuse of the contact form and to guarantee the security of our IT-systems.
Alternatively, a contact via the provided E-mail address is possible. In this case, the data transferred together with your E-mail will be stored. These data will not be transferred to third parties. The data will exclusively be used for the processing of your voluntary contact. Your consent provided, the legal basis for the processing of the data is Article 6 (1 lit. b) GDPR. If the purpose of the E-Mail contact is concluding a contract, additional legal basis for the processing is Article 6 (1 lit. b) GDPR.
The data will be deleted, as soon as they are no longer necessary for the purpose of their gathering. Concerning personal data from the input mask of the contact form and those, which are delivered by mail, this is the case when the respective conversation with you, the user, has been terminated, i.e. when it becomes clear from the circumstances that the respective issues have been clarified. Additional personal data gathered during the dispatch process will be deleted after 30 days at the latest.
You have the option to withdraw your consent to process your personal data at any time. Contact us via E-mail, and you can contradict the storage of your personal data at any time. In such a case, the conversation cannot be continued. All personal data, which had been gathered in the scope of the contact, will be deleted.
4.3 SSL and TLS encryption
For safety reasons and to protect the transmission of sensitive content, for example orders or requests sent to the site operator, this site uses SSL resp. TLS encryption. You can recongnize an encrypted connection by the browser’s adress bar chaning from “http://” to “https://” and the lock symbol in the adress bar.
If SSL resp. TLS encryption is enabled date you sent us cannot be read along by third parties (end-to-end encryption). The protocols authenticate the communication partner ensure the integrity of the transported data.
4.4. Ways of Tracking
Most cookies used by us are so-called “session cookies”. They are used to technically provide our web-site’s services to you. After your visit the set cookies will automatically be deleted by your browser.
Other cookies stay on your computer and cause the recognition of your terminal device on your next visit (so-called persistent/permanent cookies). They contain a so-called cookie ID. A cookie ID is a distinct identifier of the cookie. It consists of a character string, which makes it possible to assign websites and servers to the individual internet browser where the cookie has been stored. This enables visited websites and servers to distinguish the individual browser of the concerned person from other internet browsers containing other cookies. A respective internet browser can be recognized and identified via the explicit cookie-ID. The purpose of this recognition is to facilitate the use of our website for the user. The user of a website with cookies, for instance, does not have to enter his access data with each visit on the website, because this will be done by the website and the cookie of the visitor stored in his computer system. A further example is the cookie of a shopping cart in an online-shop.
These cookies will automatically be deleted after a predetermined time, different form cookie to cookie. Legal basis for this is art. 6 par. (1 lit. b) GDPR.
You can adjust your browser settings in order that you are informed about setting cookies and cookies are only allowed in individual cases, for example third party cookies (cookies set by a third party therefore not the actual web presence you are visiting), preclude the acceptance of cookies for specific cases of in general, as well as activate the automatic deletion of cookies when closing you browser. You can delete cookies stored by your browser at any time.
Deactivating cookies may limit the functionality of this website.
The following links inform you about this possibility for the most common web browsers:
Should you not have undertaken different settings or will undertake them cookies which enable necessary technical functions resp. ensure them will stay on your device until you close your browser. Other cookies can stay on your device for longer (up to 6 months).
To ensure your privacy you should check and manually delete cookies on your device as well as your browser regularly.
4.4.1 Google-Analytics with Anonymizing Function
You can also prevent the registration by Google Analytics by clicking on the following link. An opt-out cookie will be placed, which will prevent the future registration of your data when visiting this website:
Deactivating Google Analytics
Please note that th opt-out-cookie can be deleted. Deletion of the opt-out-cookie depends on your individual browser settings. If the cookie is deleted it must be set anew by clicking on the above-mentioned link.
If you set the opt-out-cookie it may occur that not all services provided by us work as intended.
Our websites use Google Maps for the creation of maps and route maps. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. On invocation of our website your browser loads the necessary code from Google. For this purpose your browser needs to connect to Google’s servers. Hereby Google is informed that your IP address connected to our website. At the same time Google may place cookies on your device, unless you have forbidden the use or readout of cookies in your browser. Location date may also be gathered, should you allow this in your browser.
The use of Google Maps follows the interests of an attractive design of our online-offers and an easy discoverableness of places indicated on our website. This is a justified interest according to Article 6 (1 lit. f) GDPR. Data transfer into the USA is according to implementation resolution (EU) 2016/1250 of the EU commision (EU-U.S. Privacy Shield).
To ensure the transfer to Google it is necessary to gather your IP address. You are not obliged to provide these data, however, usage of the affected parts of our website are not possible without such provision.
You may read the privacy statement of Google Maps here: https://www.google.com/policies/privacy/.
4.5 Use of Social Media Plug-Ins
Our websites contain plug-ins of the social networks. They are exclusively operated by the respective providers. Within the scope of our online-presentation, the plug-ins are indicated by the icon (pictogram) of the respective provider. As per standard, there will be no data transferred to these providers when you visit our websites.
When visiting a sub-page of our website, which contains such a plug-in, your browser will only connect to the servers of the respective providers after you have activated an icon. This will initiate a transfer of the plug-in content to your browser which will then be included in the depicted page. Thus, the information about your visit to our websites will be transferred to the respective provider.
Should you be logged in to your personal account with the respective provider at the same time you are visiting our website (i.e. by a further browser-session), the provider can as well assign your visit to our website to your account. With the plug-ins users can share links, post, or like contents in social networks such as Twitter, Facebook, or Google+.
By interacting with these plug-ins, i.e. by clicking on the respective icon or leaving a comment, this information will be transferred to the respective provider and will be saved there.
Should you wish to prevent such a data transfer, you have to sign out from your account with the respective provider prior to visiting our website. For the extent and purpose of the data gathering by the respective provider as well as for the processing and use of your data, please turn to the privacy policies on the website of the providers.
On our website we use buttons of the social network Twitter, operated by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. The bookmarks are indicated by the Twitter logo (stylized blue bird). By clicking on the logo, it is possible to share an article or a page of this offer on Twitter or to follow the provider on Twitter. When a user calls up a website of this internet presentation, which contains such a button, his browser will establish a direct link with the servers of Twitter. The content of the Twitter-button will then be directly transmitted to the browser of the user. We have no influence on the handling of the data gathered by Twitter with this plug-in. If you are logged in with Twitter, Twitter can assign your visit to your Twitter-account. For information on the purpose and extent of the data-gathering as well as the further processing and use of the data by Twitter, and your respective rights and setting options for the protection of your privacy, please turn to the privacy statement of Twitter https://twitter.com/privacy?lang=de https://twitter.com/privacy?lang=de
If you do not want Twitter to gather your personal data via our internet presentation, you have to log out of your Twitter account prior to visiting our website. If applicable, you also have to delete cookies set by Twitter on your PC.
This website uses plug-ins from Youtube.de/Youtube.com, which is operated by YouTube, LLC, Cherry Ave., USA, represented by Google Inc. When you access our website with such a plug-in, a connection to the YouTube servers is established and the plug-in is displayed on the website by notification to your browser. This transmits to the YouTube server which of our websites you have visited. If you are logged in to YouTube as a member, YouTube assigns this information to your personal user accounts of these platforms. When using these plug-ins, such as clicking/starting buttons of a video or sending a comment, this information is assigned to your E.g. YouTube user account, which you can only prevent by logging out before using the plug-in. Information on the collection and use of data by the platform or plug-ins can be found in the data protection notices: https://www.google.de/intl/de/policies/privacy
- Which data do we process when you apply for a job?
A. Sutter Fair Business GmbH gathers and processes personal data of applicants for the purpose of conducting an application process.
We process the information we obtained from you during the application process, e.g. letter of application, CV, testimonials, correspondence, agreements by phone or spoken. Information relevant to us are next to contact data especially information about your education, qualification, work experience, and skills. We will only assess you by your aptitude for the the job, so that you do not have to send us an application photo.
An application by email is generally not encrypted, unless your email provider supports transfer encryption via Secure Socket Layer (SSL/TLS). If you wish, you may send us encrypted emails after previous agreement by phone. Alternatively you may send us your application documents as encrypted and password protected date (.zip or the likes) and disclose the password to decrypt them to us by phone or other means.
Applicants contact our company via a special E-mail address indicated on our website, which is only accessible for employees dealing with personnel issues.
Within the scope of the applicant management, we process data provided to us for the purpose of initiating an employment relationship according to Article 88 GDPR i.V.m. § 26 Abs. 1 BDSG (German Law). Alternatively, work agreements according to Article 88 GDPR i.V.m. § 26 Abs. 4 BDSG (German Law) as well as consents (i.e. for photos) according to Article 88 GDPR i.V.m. § 26 Abs. 2 BDSG (German Law) apply.
Should special categories of personal data (i.e. severe disability) be processed, Article 88 GDPR i.V.m. § 26 Abs. 3 BDSG (German Law) applies. Furthermore, the processing of health data may become necessary for the judgement of your working ability, according to Article 9 (2 h) i.V.m. § 22 Abs. 1 b) BDSG (German Law).
We process and save your personal data for as long as it will be necessary for the fulfillment of the purpose of the data-gathering, or contractual or legal duties, i.e.:
- In case we conclude an employment contract with the applicant following the application process, we will save the provided data for the purpose of conducting the employment relationship under observance of the legal provisions.
- In case we do not conclude an employment contract with the applicant, the application documents will automatically be deleted three months after the announcement of the rejection, unless there are no conflicting justified interests of A. Sutter Fair Business GmbH. A justified interest is i.e. the burden of proof in a proceeding according to the Allgemeinen Gleichbehandlungsgesetz (AGG) (General Equal Treatment Act).
- Legal basis for data processing in the application process and as part of the personal file are § 26 1 S. 1 BDSG (German Law) & Art. 6 (1 lit. b) GDPR and, as far as you consented, e.g. by providing information not necessary for the application process, Art. 6 (1 lit. b) GDPR.
If you want us to save your application in our „applicants pool“ for a period exceeding three months, you have to make a prior written request, in which you also give us your permission to do so.
You are, of course, at liberty to withdraw your application at any time. In this case, your data will be deleted, unless they are necessary for the fulfillment of the purpose of their gathering. An E-mail to us, stating your withdrawal, will be sufficient. The revocation of any given permissions is possible at any time.
- Which data do we process when you visit our online-shop or place an order there?URL:https://shop.suttermedia.de/
We use the data provided by you for the purpose of ordering goods or services without your explicit consent exclusively for the fulfillment and processing of your order. With the complete settlement of the contract and compensation in full, your data will be locked for further use and deleted after expiry of the legal retention period, unless you have explicitly approved the further use of your data.
Your data will be transferred to our subcontractors, i.e. to the delivery company commissioned to deliver your goods, as far as a delivery is necessary and cannot be conducted online, or to print shops. For the processing of payments we will transfer your payment data to the payment provider commissioned with the payment, i.e. in case of payments by credit card to the credit card provider. In case you fail to pay open invoices despite repeated reminders from our side, we will transfer the necessary data to a collection agency for collection. These companies may use your data only for the purpose of fulfillment of the order and not for any other purposes. basis for the transfer of the data in connection with online- orders is Article 6 (1 lit. b) GDPR.
Our shop-websites (https://shop.suttermedia.de/) contain plug-ins of the following payment-providers:
On our website we offer, among others, payments with the services of Concardis, operated by Concardis GmbH, Helfmann-Park 7, 65760 Eschborn, Germany (in the following called “Concardis”).
If you choose payment via Concardis, the payment data you enter will be transferred to Concardis. You can read the privacy statement of Concardis here: https://www.concardis.com/datenschutzerklaerung
The transfer of your data to Concardis is made on the legal basis of Art. 6 (1 lit. b) GDPR (Consent) and Article 6 (1 lit. b) GDPR (Processing to fulfill a contract). You have the option to withdraw your approval at any time. A withdrawal does not affect the effectiveness of data processing procedures in the past.
On our website we offer, among others, payments via PayPal, operated by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22- 24 Boulevard Royal, L-2449 Luxembourg (in the following called “PayPal”).
If you choose payment via PayPal, the payment data you enter will be transferred to PayPal. You can read the privacy statement of PayPal here: https://www.paypal-gifts.com/de/terms-and-conditions/
The transfer of your data to PayPal is made on the legal basis of Art. 6 (1 lit. b) GDPR (Consent) and Article 6 (1 lit. b) GDPR (Processing to fulfill a contract). You have the option to withdraw your approval at any time. A withdrawal does not affect the effectiveness of data processing procedures in the past.
On our website we offer, among others, payments with the services of Klarna, operated by Klarna AB, Sveavägen 46, 111 34 Stockholm, Schweden (in the following called “Klarna”).
If you choose payment via Klarna, the payment data you enter will be transferred to Klarna. You can read the privacy statement of Klarna here: https://www.klarna.com/de/datenschutz/
The transfer of your data to Klarna is made on the legal basis of Article 6 (1 lit. b) GDPR (Consent) and Article 6 (1 lit. b) GDPR (Processing to fulfill a contract). You have the option to withdraw your approval at any time. A withdrawal does not affect the effectiveness of data processing procedures in the past.
- Which security measures do we take for the protection of data saved with us?
We have taken technical and administrative security measures to protect your personal data against loss, destruction, manipulation, and unauthorized access.
Our employees and our subcontractors are obligated to adhere to the valid data protection laws.
Please note that because of the given structure of the internet, it may be possible that the regulations for data protection and the above-mentioned security measures may be disregarded by persons or institutions outside of our area of responsibility. In particular, unencrypted data – even if transferred by E-mail – may be read by third parties. We have no technical influence on this. It is in your area of responsibility to protect your data by encryption or otherwise against misuse.
Nevertheless, data transfers can generally have security gaps, so that an absolute protection cannot be guaranteed. For this reason, each concerned person is entitled to transfer personal data to us in other ways, i.e. via telephone or courier.
- Which rights can you assert against us?
Each concerned person has the right of
According to Article 15 GDPR you may demand information about the personal data processed by us. In particular, you may request information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right to rectification, deletion, restriction of processing or opposition, the existence of a right of appeal, the origin of their data, if not collected from us, and the existence of automated decision-making, including profiling and, where applicable, meaningful information on its details;
Pursuant to Article 16 GDPR, you may immediately request the correction of inaccurate or complete your personal data stored by us;
Pursuant to Article 17 GDPR, you may request the deletion of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or for the assertion, exercise or defense of legal claims;
8.4 Restriction of Processing
Pursuant to Article 18 GDPR, you may request the restriction of the processing of your personal data in so far as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you require it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Article 21 GDPR;
8.5 Data portability
Pursuant to Article 20 GDPR, you may receive your personal data that you have provided to us in a structured, common and machine-readable format or request the transfer to another controller;
8.6 Withdrawal of your consent
In accordance with Art. 7 3 GDPR you may revoke your consent to us at any time. As a result, we are not allowed to continue the processing of data based on this consent for the future.
Please send your revocation to the above-mentioned data or by e-mail to: firstname.lastname@example.org
8.7 Complaint to a supervisory authority
You can complain to a supervisory authority in accordance with Article 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office.
8.8 Right of objection
If your personal data is based on legitimate interests in accordance with Article 6 sec. 1 p. 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, insofar as there are reasons for doing so that arise from your particular situation.
If you wish to exercise your right of withdrawal or objection, please send an e-mail to: email@example.com
- Status of the data protection declaration
As of: January 2020