To the configurator
SATA Loyalty Program
Downloads
Information
Contact
Homepage

Privacy Policy

Privacy Policy

Privacy Policy SATA GmbH & Co. KG.

1. General

We appreciate your interest in our company and our products and services. We take the protection of your personal data very seriously. We process your data in compliance with applicable legal regulations governing the protection of personal data, in particular the EU General Data Protection Regulation (GDPR) and the country-specific implementation laws that apply to us. In this privacy policy, we provide you with comprehensive information concerning the processing of your personal data by SATA GmbH & Co. KG and the rights you have in this regard.

Personal data is information that can be used to identify a natural person. In particular, this includes their name, date of birth, address, telephone number, email address and also their IP address. Anonymous data are data that do not allow for any tracking of the user.

Subsequent declaration explains which data is collected and the respective purpose, to what extent the data is accessible to third parties and which preventive measures are taken by SATA. Furthermore, the declaration provides information on your legal rights in connection with the handling of this data.

It is our objective to protect all data entrusted to us as well as possible and to fully comply with all legal requirements. Should you wish to make suggestions as to how we can further improve the security of the data entrusted to us, we would kindly ask you to send a message to datenschutz(at)sata.com.

2. Controller and data protection officer

Controller in accordance with Article 4(7) GDPR:

SATA GmbH & Co. KG
Domertalstr. 20
70806 Kornwestheim
Telefon: +49 (7154) 811 – 0
Telefax: +49 (7154) 811 – 196
E-Mail: datenschutz(at)sata.com 
Web: www.sata.com

Contact details data protection officer: E-Mail: DSB(at)sata.com

3. Your rights as the data subject

Firstly, we would like to inform you of your rights as a data subject. These rights are set out in Articles 15 -22 GDPR. These include the rights of...

  • Information (Article 15 GDPR),
  • Erasure (Article 17 GDPR),
  • Rectification (Article 16 GDPR),
  • Data portability (Article 20 GDPR),
  • Restriction of data processing (Article 18 GDPR),
  • Objection against data processing (Article 21 GDPR).

In order to assert these rights or if you have any queries concerning data protection at our company, please get in touch with our data protection officer using the contact details above. You also have the right to lodge a complaint with a data protection supervisory authority.

4. Rights of objection 

Please bear the following in mind in connection with rights of objection:
When we process your personal data for the purpose of direct advertising, you have the right to object to this data processing at any time without giving reasons. The same applies to product and service improvement measures and measures designed to improve the shopping experience insofar as these are connected with direct advertising.
Should you object to the processing of your data for purposes of direct advertising or for purposes connected to the improvement of our services, we will cease processing your personal data for these purposes. The objection can be informal and should be sent to the above address.

When we process your data to safeguard legitimate interests, you can object to such processing at any time for reasons connected to your specific situation; the same applies to any profiling based on these provisions.

We will cease processing your personal data unless we can demonstrate compelling reasons for the processing that outweigh your interests, rights and freedoms or unless the purpose of processing is the assertion, exercise or defence of legal claims.

5. Purpose and legal basis of data processing

When processing your personal data, the provisions of the GDPR and all other applicable provisions under data protection laws are complied with. The legal basis for this data processing is set out in Article 6 GDPR in particular.

We use your data to negotiate business transactions, to fulfil contractual and legal obligations, to execute the contract, to offer products and services, to process queries and process/fulfil any orders and contracts, to carry out administrative work and strengthen customer relationships, to carry out employee and customer satisfaction surveys (which also include analysis for marketing purposes and direct advertising with product and price information) and for our applicant portal. Where necessary, you will be asked for your consent. In addition, the data are also used for other purposes subject to your consent, for example to send you newsletters containing information on our products and services.

Your consent to data processing can also represent a permission under data protection law. Before you grant your consent, we will provide you with details concerning the purpose of the data processing and your right of revocation.
Certain categories of personal data under Article 9(1) GDPR will only be processed if this is necessary to comply with legal regulations and if there is no reason to assume that your protectable interests outweigh the need for processing.

6. Disclosure to third parties / occasion and scope

We will only disclose your data subject to statutory provisions, to fulfil our contractual obligations or if you have agreed to such use. In these circumstances, we only disclose the data (for example name and address) that are necessary for us to fulfil our statutory, legal or contractual obligations or that third parties require to ensure a smooth process, in particular to fulfil a contract that has been concluded.

Apart from the above, no data are disclosed to third parties unless we are obliged to do so under mandatory legal acts or regulations (disclosure to external bodies such as supervisory or criminal prosecution authorities).

7. Data recipients/categories of recipients

In our company, we ensure that your data are only sent to those persons who require it to perform their duties or fulfil contractual and legal obligations. The same applies to any data exchanged with our associated companies, for example in the UK or Canada, and to the disclosure of address data of customers who have agreed to initiate contact or to receive our newsletter; such data will then be disclosed to our international contact partners. Data are also disclosed to fulfil contracts.

In many cases, service providers support our technical department in the performance of its tasks. The necessary data protection agreements have been concluded with all service providers, e.g. contract data processing agreements. Service providers with whom we collaborate include, for example, shipping providers, payment service providers, agencies, credit rating agencies and IT service providers.

8. Transfer to third countries / intended transfer to third countries

Data is only transferred to third countries (outside the European Union and European Economic Area) if this is necessary to fulfil the contractual relationship, if required by law or if you have agreed to this transfer of data. The scope of the information disclosed is set out in Section 6.

In these cases, we take reasonable and necessary measures subject to Art. 44 et seq. GDPR to ensure that the data are afforded an equivalent degree in protection in the third country, for example by utilising standard EU contractual clauses.

9. Data storage period

We store your data for as long as they are needed for the purpose for which they are processed. Please bear in mind that many statutory retention periods require the continued storage of data. This applies to retention obligations under commercial law or tax laws in particular (e.g. the German Commercial Code (Handelsgesetzbuch) and the German Tax Code (Abgabenordnung)). If there are no further retention obligations, the data will be routinely deleted once the purpose has been attained.

This means that we may retain data if you have authorized us to do so or if legal disputes arise and we require evidence within the framework of statutory limitation periods.

10. Secure transfer of your data

We employ appropriate technical and organisational security measures to optimally protect the data we store from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The security level is constantly monitored in co-operation with security experts and updated to meet new security standards.

The transmission of data to and from our website (SATA.com and the website of the SATA Loyalty Program coins & more) is encrypted. We use the transfer protocol HTTPS for our website, subject to current encryption protocols. Applications submitted via our applicant portal are protected through content encryption. Only we can decrypt these data. It is also possible to use alternative communication channels (for example post).

Obligation to provide the data
Various personal data are required in order to enter into, execute and terminate the contract and fulfil the associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides.

We have summarised the details of this in Paragraph 11. In certain cases, data must also be collected or provided in compliance with statutory provisions. Please bear in mind that it is not possible to process your query or fulfil the underlying contractual obligations unless these data are provided. This means that if you do not agree to the use of part of all of your data out of an abundance of caution, you may not be able to use our products and/or services at all, or may only be able to use them with restrictions. Should you continue to use our products or services or parts of these, you accept any disadvantages that may arise due to the non-provision of data.

Categories, sources and origin of the data
The respective context determines which data we process. The content and scope depend on whether you submit an online order, submit a query via our contact form, send us an application, submit a claim etc.

Please note that we may also provide separate information on data processing in specific situations, e.g. when uploading application documents or contacting us; this information is provided in the appropriate places.

11. Services provided and retrieval of data:

General information concerning the retrieval and use of data / principle of data economy

When you use the various services offered, e.g. when you visit the website, retrieve SAL information, register for premium warranties, contact us, utilize user self-service, subscribe to the newsletter, search for dealers, search for importers, register for the Virtual Painter, register for Photobox, register for the SATA Loyalty Program coins & more, visit our online shop, place orders, register for prize draws and surveys within the SATA Loyalty Program coins & more, register for meetings, seminars and training sessions, order from the catalogue and use the Nozzle Finder, we collect the data itemized below. These data are used to contact you, respond to your queries and requests, make your visit to our websites (SATA.com and the website of the SATA Loyalty Program coins & more) easier and adjust your data; they are indispensable for purposes of participation in SATA events, order processing, participation in the customer loyalty programme and supporting the sales activities of our customers and partners. We do not disclose these data
without your consent except in the situations described in detail above.

When doing so, we comply with the principle of data economy and data reduction inasmuch as you only need to enter the data which we require to process your request and perform the service in question. We usually also process your IP address for technical reasons and for legal protection. All fields not marked with an asterisk (*) denote optional data that can be provided but are not essential (e.g. for a more personalised response to your queries). For some services, additional consent is required for the further processing of your personal data. We will indicate the respective purpose when asking you for this. Without this consent, your personal data will not be processed further.

Should you contact us by email, we will only process the personal data provided in the e-mail to for purposes of handling your query. No other data will be collected if you do not use the contact forms provided.

You can of course de-register from all services you have signed up to at any time using the relevant service functions or by sending an e-mail to unsubscribe(at)sata.com (this must include a detailed description of the service you no longer wish to subscribe to); you can also effectively withdraw your consent without giving reasons.

Should you consent to receive advertising (e.g. our SATA newsletter or SATA Loyalty News) by clicking the respective checkbox, we will process your data to provide you with information and send offers regarding our products/services/new products/technology news/special promotions/special offers/price information/functions such as trade fairs, events, training courses and seminars by e-mail or post. You can revoke your consent at any time and without giving reasons by calling +49 (0) 7154/811-0, by sending an e-mail to unsubscribe(at)sata.com or by letter to SATA GmbH & Co. KG, Domertalstraße 20 ∙ 70806 Kornwestheim, Postfach 1828 ∙ 70799 Kornwestheim , Germany.

a) We collect and process the following data when you visit our website:

  • Name of the Internet service provider
  • Information concerning the website from which you are redirected to us
  • Web browser and operating system usedThe IP address assigned to you by your Internet service provider
  • Accessed files, transferred data volume, downloads / file export
  • Information concerning the parts of our website that you access, including date and time of your visit

For reasons of technical security (in particular for protection against attempted attacks on our web server), these data will be saved in accordance with Article 6(1) f) GDPR for a period not exceeding 7 days.

b) We collect and process the following data when you send a SAL information request:

  • Title
  • First name*
  • Last name*
  • Phone
  • E-mail address*
  • Request for permission to send you our newsletter
  • IP address
  • Name of the dealer
  • Dealer e-mail address
  • SAL number*
  • Comments
  • Captcha

The information provided will only be used to process your enquiry and will be deleted when it is no longer required, except in cases where mandatory regulations regarding retention periods preclude its erasure. The legal basis for processing these data is Article 6(1) b) GDPR.

c) We collect and process the following data when you register for our premium warranty:

User data

  • Title
  • First name*
  • Surname*
  • Country*
  • E-mail address*
  • Phone
  • Request for permission to send you our newsletter
  • IP address
  • Comments
  • Captcha

Product data

  • SAL and/or serial number*

The information provided will only be used to process your registration for our premium warranty and will be deleted when it is no longer required, except in cases where mandatory regulations regarding retention periods preclude its erasure. The legal basis for processing these data is Article 6(1) b) GDPR.

d) We collect and process the following data when you contact us (contact form):

  • Title
  • First name*
  • Last name*
  • Subject*
  • Country*
  • Phone*
  • E-mail address*
  • Your message*
  • Captcha

If you use our contact form to contact us, we will process any details you enter into the contact form to contact you and reply to your queries and requests. The legal basis for processing these data is Article 6(1) b) GDPR.

e) We collect and process the following data in the context of our user self-services:

  • Language of the form
  • Title
  • First name*
  • Last name*
  • E-mail address*
  • Country
  • Language*
  • Sector (vehicle repairs, airbrush, paint manufacturer, vocational school, retail, private persons, other, industry, carpenter/painter)
  • Company name
  • Street/house number
  • ZIP code
  • City
  • Your reply when asked if you would like to receive information by e-mail or our newsletter
  • Your reply when asked if you would like to receive information by post
  • Your reply when asked if you prefer not to receive any information

The legal basis for processing these data is Article 6(1) b) GDPR.

f) We collect and process the following data when you register for our newsletter and/or the SATA Loyalty News:

  • E-mail address*
  • Title
  • First name*
  • Last name*
  • Consent to advertising by email or newsletter*
  • Captcha*

You can subscribe to our free SATA newsletter on our website. You can only register for our SATA Loyalty News using the SATA Loyalty App coins & more or via the SATA Loyalty Website. Your name and the e-mail address provided when signing up for the newsletter are used to send the personalised newsletter. We also use anonymised link tracking for statistical purposes. When you state which country you are in, we will send you information customized for your sector and country. We will need your postal address if you would like to receive the newsletter by post.

The principles of data economy and data reduction are observed since only the e-mail address (and, if applicable, the name in the case of personalised newsletters) is marked as a mandatory field. For technical reasons and legal protection, we also process your IP address when you sign up for the newsletter.

We use the so-called double opt-in procedure for sending newsletters by e-mail. This means that you will only receive advertising by e-mail if you have expressly confirmed in advance that we can activate the newsletter service. This includes us sending you a notification e-mail and asking you to confirm that you want to have our newsletter sent to this email address by clicking on a link in this e-mail.

You can of course unsubscribe at any time using the cancellation options listed in the newsletter to revoke your consent. You also have the option to unsubscribe from the SATA newsletter at any time directly via our website.
The legal basis for processing these data is Article 6(1) a) GDPR.

g) Webshop

We will process certain personal data when you visit our webshop. Please note the following in connection with the collection of these data:

Registration / customer account (Art. 6(1) f) GDPR)

We offer our users the option to register by providing certain personal data. The advantages of registering include the ability to access your order history and save the data for your order form, meaning that you will not have to enter your details again and again. In other words, you need to register so that the contract we conclude with you can be fulfilled (via our webshop) or so that we can complete pre-contractual steps (e.g. when you place an order as a guest).

We comply with the principle of data reduction and data economy by marking any mandatory fields that are required for the registration with an asterisk (*). This means that you will only have to enter your first surname and given name, your e-mail address and a password (including a repetition of the password) when creating a user account.
To place an order in our webshop, we also need your billing address (street, house number, post code, town, country and, for some countries, a phone number) and information about any specialist dealers near you; the latter is used for statistical purposes. If the delivery address is not identical to the billing address, we will also require the above information for the delivery address.

When registering your details on our website, the IP address of the user and the date and time of registration will also be saved (technical background data). By clicking on the button “Create Account”, you agree to the processing of your data for these purposes.

Please note: the password you enter is saved by us in encrypted form. Employees of our company cannot read this password. This means that they will not be able to assist you if you forget your password.

In this case, please use the “I have forgotten my password” function, which will reset your current password and send you an automatically generated link by e-mail to create a new password. None of our employees are permitted to ask you for your password on the phone or in writing. You must never disclose your password should you receive such requests.

Once the registration process is complete, we will save your data in the protected customer area for further use. When you register on our website with your e-mail address as a user name and password, the data you have provided will be made available on our website and may be accessed!

Registered individuals can change/correct their billing or delivery address. You can also add further information such as your company name, phone number or VAT ID number to the user account. Changes/corrections can also be made with the help of our customer service team. Needless to say, you can also cancel your registration or delete your user account. In this case, your user account will be deleted within 3 months. This will not affect any further retention of your personal data if these are subject to legal retention periods.

Ordering from our webshop (Art. 6(1) b) GDPR)

Our webshop offers you a wide selection of products that can be ordered online.

We collect and process the following data when you place an order:

Mandatory information

  • E-mail address
  • Given name and surname
  • Street and house number
  • Post code and town
  • Country
  • State (if the selected country is the USA/Canada)
  • Phone number (if the selected country is the USA/Canada)

Optional information

  • The Company
  • Phone number (mandatory if the selected country is the USA/Canada)
  • VAT ID number (not available for all countries)

When you place your order, we will also collect information about your preferred specialist dealer for statistical purposes.

Information for customers selecting the USA or Canada as their home country:

When selecting the USA/Canada, we will also collect the following information about your local dealer:

  • Dealer / company name
  • Contact partner or technical agent
  • Street, ZIP code, town
  • State and country

We will only process the information you provide in your order form to complete your order and fulfil the contract, unless you have agreed to any other use of your information.

For technical reasons and legal protection, we will also process your IP address. Without the information marked as mandatory, we will regretfully have to decline the contract, since we will be unable to fulfil it.

Payment systems (Art. 6(1) a), b) GDPR), credit check (Art. 6(1) f GDPR)

In our webshop, you can pay by credit card or by PayPal. The relevant payment data will be collected to carry out your order and process the payment. For technical reasons and legal protection, we will also process your IP address.
The principles of data economy and data reduction are complied with since you only need to provide us with the data we require to process the payment and fulfil the contract as well as the data we are obliged to collect by law.
Without this data, we will unfortunately have to decline the contract, since we will not be able to fulfil it.

Our payment system uses SSL-encryption to protect your data during transmission.
Note concerning credit card payments: As is usual with credit card payments, we will check the information associated with the credit card.
Note concerning PayPal: PayPal is a company of PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal , L-2449 Luxembourg. If the data subject selects the PayPal payment option in our online shop when ordering, the data subject's data are automatically passed on to PayPal.

By selecting this payment option, the data subject agrees to a transfer of the personal data required to process the payment. The personal data transferred to PayPal generally include the data subject's given name, surname, address, e-mail address, IP address, phone number, mobile number or other data that are necessary to process the payment. Personal data associated with the respective order are also needed to fulfil the sales contract. Details of PayPal's privacy policy can be accessed at: https://www.paypal.com/de/webapps/mpp/ua/privacy-prev (for the legal situation from 25 May 2018).

Configurator Custom Design Gun

Our webshop offers the option to customise your spray gun using our configurator.

You can choose the colour of your spray gun and either download the result as a template or place it directly into your basket. In general, the configurator can be used without entering personal data, but we will process your IP address for technical reasons and legal protection.

Repair service (Art. 6(1) b) GDPR)

Some country-specific versions of our webshop offer a repair service. This allows you to request a quote for the repair of defective goods using our online form. We collect the following information in connection with repair requests:

Mandatory information

  • The information in your user profile
  • Product category
  • Model
  • Description of the issue
  • Cancellation policy and waiver of cancellation

Optional information

  • SAL number
  • Invoice date
  • Screenshot of the error message
  • Warranty case
  • Any uploaded files (e.g. warranty ticket)

The data collected for the repair service will only be processed to fulfil the contract (sending the quote).

h) We collect and process the following data when you order from the marketing catalogue:

  • Name*
  • First name*
  • Street*
  • ZIP Code*
  • City*
  • Country*
  • E-mail address*
  • SATA Sales Representative
  • Item ordered*
  • Comments

You can e-mail the completed form to us to place an order from the SATA marketing catalogue. If you do so, we will process the information provided by you to process and complete your order as per the order form. The legal basis for processing these data is Article 6(1) b) GDPR.

i) We collect and process the following data in connection with prize draws/consent to advertising:

You can participate in raffles on various channels. If you complete the raffle mask, we will only process the data entered here to carry out the raffle.

The principles of data economy and data reduction are observed since you only need to enter the data we require to carry out the raffle and notify the winners. Usually, the following data are collected:

  • Name*
  • First name*
  • Address
  • E-mail address* (depending on the means of communication)
  • Age*
  • If applicable, consent to receiving the newsletter

The mandatory fields are marked with (*). For technical reasons and legal protection, we will also process your IP address. The other fields are optional and you can complete these if you wish. If you do not complete the mandatory fields, we will not be able to enter you into the raffle. You will then be unable to participate.

The raffle mask also offers you the option to consent to advertising. You can also participate in the raffle without agreeing to receive advertising.

If you agree to receive advertising by clicking the respective check box, we will also process your data to send you information and offers relating to our products and services by e-mail. You can revoke your consent at any time without giving reasons by sending an e-mail to info@sata.com, utilizing the user self-service option, clicking on the de-registration link in the newsletter or sending a letter to SATA GmbH & Co. KG, Domertalstraße 20, 70806 Kornwestheim, Germany.

The legal basis for the processing of these data for advertising purposes is Article 6(1) a) GDPR and the legal basis for the processing of data for the raffle is Article 6(1) f) GDPR.

j) We collect and process the following data when you create and use an account in the SATA Loyalty App coins & more:

  • Title
  • Given name, surname*
  • Date of birth*
  • Industry
  • Company name*
  • FAO
  • Delivery address*
  • Extra address line
  • Country
  • County
  • E-mail address*
  • Phone
  • Language (of app content)

Additional data:

  • User data (log-in time, time stamps of transactions such as granting permission, IP address, end device manufacturer and model)
  • Additional information (optional, such as occupation, usage data of the SATA products)
  • Scan / purchase data
  • Scan / purchase frequency
  • Scope of scan

The SATA Loyalty Program coins & more (“programme”) is a loyalty-based customer retention programme. The operator of the pro-gramme, the SATA Loyalty App coins & more (“app”) and the SATA Loyalty Website is SATA GmbH & Co KG (“SATA”).

First and foremost, the programme is subject to the general terms and conditions as amended. The privacy regulations below apply additionally for natural persons who take part in the programme (“participants”) and regulate the handling of personal and other data of participants (“participant data”) in connection with the programme. In particular, it specifies which participant data are col-lected, used and processed in each case, which purposes the data are used for and the rights of the participants in connection with data processing.

Collecting and processing of participant data by SATA

Registration and usage data

When creating a user account in the app, SATA collects the name, date of birth, phone number, e-mail address, industrial sector, app language and address of the participant as well as the name and address of the company for whom the participant works and in connection with which the premium coins are collected and redeemed (“registration data”). SATA uses the registration data for implementing and managing the programme, in particular for SATA coin management and the sending of rewards. The legal basis for this data processing is Article 6(1) f) GDPR. Once your registration is complete, you will also be assigned a unique user ID.

Alongside the registration data, SATA also automatically collects additional participant data through the SATA Loyalty App coins & more in connection with its use; the participant is not notified separately of this and not need to actively participate in this process. The data collected include the date and time of the most recent login, changes to the app user account and the IP address used for the most recent login, and the model and manufacturer name of the end device used (“usage data”). SATA uses the usage data to ensure the app works, to improve the app and to ensure the security and stability of its IT systems. The IP address of the end device accessing the app is used in the event of an attack on the IT systems of SATA or any unauthorised use thereof as well as for statistical purposes. The legal basis for the data processing in this case is the legitimate interest of SATA in ensuring the security
and functionality of the app in terms of Art.6(1) f) GDPR.

Your user data will be erased or anonymised in the following cases:

If you do not confirm your registration by complying with the instructions in the verification e-mail within 72 hours after receiving it, the user data entered during registration will be anonymised so that you can no longer be identified. Anonymised user accounts will continue to include the following information for statistical purposes: User ID, title, industry sector, country, town (state/province/region/county/Bundesland), any permissions granted, transactions including time stamps and SATA-coins as well as any (expired) coin portfolio. It will no longer be possible to retrospectively connect this information to one particular user account.

If you request deletion of your user account or delete the account yourself, any personal data connected to your account will be anonymised within 24 hours, meaning that the data can no longer be used to identify you. Please note that it will no longer be possible to log into your account once the information has been anonymised.

The information is also anonymised automatically if no account activity is recorded for a period of 5 years.
If you have sent an enquiry using the contact form in the SATA Loyalty App coins & more, any data included in the enquiry will be erased two months after successful closure of the ticket. The user ID, issue and time stamp of the initial customer message will remain on file for statistical purposes. We will no longer be able to trace an enquiry to a specific individual.

User accounts are also deleted if the company for which the user account was created was added to the blocked user list for companies by an authorised individual. In this case, any existing user accounts connected to the company in question will be deleted. If an authorised person submits a request to block an account, the name, e-mail address and company name of this person will be stored for as long as they participate in the SATA Loyalty Program coins & more.

Should the participant have issued his or her prior consent, their registration and usage data will also be processed and used to determine so-called “booster periods”, to draw prizes and to make contact in connection with raffles. “SATA coin-Boosters” are used during promotional periods defined by SATA, when several points can be accumulated when scanning a coin or immediate prizes can be awarded during a raffle.

We collect and process the following data in connection with customer enquiries (service e-mails):
When participating in the SATA Loyalty Program coins & more, customers will receive regular service e-mails containing information about transactions affecting their SATA coin balance as well as the current balance and maintenance cycles. The service e-mails do not contain advertisements.

Data used:
Registration details (see above)
Day the message was sent
The legal basis for sending these service e-mails is the existing relationship with the customer under the SATA Loyalty Program coins & more, Art. 6(1) b) GDPR.
We collect and process the following information in connection with surveys
As a user of the SATA Loyalty Program coins & more, you can participate in surveys. If you do participate, we will only process the data you submit to carry out the survey.
We will use the registration details you entered when signing up to the SATA Loyalty Program coins & more to carry out the survey.

We will also collect:
The date on which you participated
Replies to each question (multiple choice)
Number of SATA coins paid as an incentive
The legal basis for participation in surveys is your consent within the meaning of Art. 6(1) a) GDPR. You can revoke your consent at any time by sending an e-mail to INFO(AT)SATA.COM.
If you do withdraw your consent, the results of the survey will be anonymised so that we can no longer link the results of the survey to your user account. This will also be the case if you decide to close your user account or if any of the circumstances causing closure of your account as outlined above materialise.

In some cases, participating in a survey will also enter you into a raffle. Should that be the case, your registration details will also be used for the raffle, see Art. 6(1) b) GDPR.

k) Applicant portal

We appreciate your interest in a career with SATA GmbH & Co. KG. We recognise the importance of keeping your data confidential and only process the personal data you provide in the application form to complete the application process effectively and correctly and to get in touch with you during the application process. The data will not be disclosed to third parties without your consent.

Our data protection practices are compliant with the provisions of the EU General Data Protection Regulation and the German Digital Services Act (DDG). We will only collect, process and store your personal data to process applications. Moreover, your data will also only be used for additional purposes as detailed in your declaration of consent if you agree to such processing of your data, e.g. to provide you with information concerning offers in our newsletter etc. We collect, process and use the following data when you access this website or individual files on the website: IP address, website from which the file was accessed, name of the file, date and time of access, name of your internet service provider, operating system used, browser type and version, transferred data volume and report concerning the success of the access (so-called web log). These data are processed to make it possible to use the website (establishment of a connection) and for purposes associated with system security, technical administration of the network infrastructure
and the optimisation of online content. The data collected as part of this process cannot be traced to a specific person.

This means that you as a user remain anonymous. This data is not combined with other data sources. SATA only uses the personal data you provide when registering with our job portal and completing the online form for processing the application and for the hiring process. The same applies to any documents that are uploaded to our server, such as school-leaving certificates, university certificates, work references and photos. These documents are stored together with your personal data and will only be used for the application process. With regard to the provision of the application form, we are supported by our service provider DPS Business Solution GmbH, Am Moosfeld 3, 81829 Munich. The data privacy agreement required under data protection law has been concluded with this company so as to ensure that your data are protected. Information on data privacy practices at DPS Business Solution GmbH is available at: https://www.dps-bs.de/datenschutz/.

All personal data which is collected in conjunction with the use of our website is only recorded, processed and used for its designated purpose. Compliance with current legislation and the requirement of your prior consent are strictly observed. When completing the application form, you will be asked to provide personal data. We comply with the principles of data economy and data reduction since you only have to provide the information we require to fully assess your application documents. These mandatory fields are marked with an asterisk (*). Unfortunately, we cannot assess your application documents without these data. If you do not provide all the data requested, our application system will not allow you to upload the application documents.
The following specific data – where provided – will be stored (mandatory fields are marked with an asterisk (*)):

  • First name*
  • Last name*
  • Surname*
  • E-mail*
  • Uploaded files (e.g. CV, certificates etc.) *

We implement appropriate security measures so as to safeguard the security and confidentiality of your data as best as we can. These ensure that your application documents are transferred to us in encrypted form. We will store your data for the purposes set out above until the application process has been compleed. The legal basis is Article
6(1)(b) GDPR.

Should we (the data controller) conclude an employment contract with you (the applicant), the data that have been transferred will be stored for the purpose of fulfilling the employment relationship in compliance with statutory regulations (see Article 88(1) GDPR and § 26 of the German Federal Data Protection Act - BDSG, new version). Should no employment contract be concluded with you (the applicant) and should you have revoked any consent which you have given, your application documents will be deleted automatically three months after notification of the rejection, provided that no other legitimate interests on our part prevent a deletion or unless there is a legal basis for saving the files for a longer period. Such an additional legitimate interest is, for example, burden of proof in legal proceedings in accordance with the General German Law relating to Equal Treatment (AGG).

l) Düsenfinder (Nozzle Finder) app

When using the Düsenfinder (Nozzle Finder) app, we collect and process the following information:

  • Language used
  • Selected nozzle
  • Selected system (metric/imperial)
  • The user behaviour regarding Firebase features (section 14.)

The Nozzle Finder ("Düsenfinder") is the app for a fast, simple and in-depth selection of the nozzle matching your SATAjet X 5500.

If you have given your consent, these data will be recorded and processed for the optimisation of the app and for an improved user
experience. The legal basis for processing these data is Article 6(1) a) GDPR. You can revoke your consent at any time in the app
settings.

m) Dealer and importer search

When you use the dealer and importer search functions, we collect and process the following information:

  • Once you have entered your town or post code into the search bar, we will use this information to list suitable contacts near you.
  • You can also choose to have your location determined automatically by clicking on “determine exact location”; this feature can only be used if your device is allowed to access your location.

In this case, your geographical coordinates will be processed to determine your location as accurately as possible and to list suitable contacts near you. We offer you this service through Google Maps (section 14.)

The legal basis for the processing of these data is your consent in terms of Art. 6(1) a) GDPR.

n) Customer database

We use leading state-of-the-art software tools to manage our customer relations, e.g. with regard to consent or our customer loyalty
programme. All data – as set forth in the contract – are stored on serves in the European Union.

The systems store the following information:

  • Title
  • Given name, surname*
  • Date of birth*
  • Industry
  • Company name*
  • FAO
  • Delivery address*
  • Extra address line
  • Country
  • County
  • E-mail address*
  • Phone
  • Language (of the app)

Additional data:

  • Usage data (log in time, time stamps of transactions such as granting permission)
  • Additional information (optional, such as occupation, usage data of the SATA products)
  • Scan / purchase data
  • Scan / purchase frequency
  • Scope of scan

12. Automated decision making in individual cases

We do not currently use purely automated processing to make decisions. 

13. Cookies (Art. 6(1) a), f) GDPR, § 25(1), (2) TTDSG [German Telecommunications-Telemedia
Data Protection Act])

Our website uses so-called cookies. Their purpose is to make our service more user-friendly, more effective and more secure. Cookies
are small text files that are placed on your end device and stored (locally) on your browser. Cookies only contain pseudonymised
data; in most cases, they are actually anonymised. Some cookies are stored solely for the duration of a browser session (so-called
"session cookies"), while others are stored for lengthier periods (so-called "persistent cookies", e.g. for consent settings). The latter
are deleted once the period specified (usually 6 months) has expired. Along with our own cookies, the website also uses cookies
managed by third parties. These use the information contained in the cookies, e.g. to show you content or collect information about
the web pages you visit.

We use technically necessary cookies that are mandatory for the operation of the website and to safeguard its operability; the basis
for this is our legitimate interest within the meaning of Art. 6(1) f) GDPR. We also use cookies without your consent if their sole purpose
is to store or access information in your end device regarding the transmission of messages or if they are absolutely essential
for the provision of a service that you have expressly requested (§ 25(2) TTDSG).

Subject to your consent, we use cookies that enable us and third parties to perform functions such as analysing the use of our services.
This enables us to tailor the content to the needs of our users. By using cookies, we are also able to measure the effectiveness
of a specific advertisement and, for example, to place these depending on the thematic interests of our users. The legal basis
for this is your express consent (Art. 6(1) a), f) GDPR, § 25(1) TTDSG).

You can change your cookie settings and revoke your consent at any time with future effect by clicking on our consent banner. Please
note that changes must be made separately for each end device.

 

If you have accounts with the third-party providers we use and are logged in to those accounts, your data may be linked with the respective
account. You can prevent this from taking place by revoking or not giving your consent to the use of the cookies concerned
or by logging out from the respective accounts beforehand.

Most browsers accept cookies automatically. You can of course also deactivate, restrict or delete cookies on your end device manually
via your browser settings or using a software programme. If you deactivate the placement of cookies, you will be not be able to
use all the functions on our website or your use of these functions will be restricted. Please also note the information provided in the section on the service that uses the cookies.

14. User profiles/web tracking procedures

a) Matomo (Art. 6(1) a) GDPR, § 25 Abs. 1 TTDSG)

Subject to your consent (Art. 6(1) a) GDPR, § 25(1) TTDSG), our website uses the service “Matomo” (formerly “Piwik”), an Open-
Source web analysis service of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo stores cookies on your end
device that facilitate an analysis of how you use our website. By using Matomo, we can analyse how our website and its individual
features and offers are used so that the user experience can be improved continuously. For data protection reasons, all the data we
collect will be stored locally only. You may withdraw your consent to the use of Matomo at any time:

 

In this context, we collect and process the following categories of data:

  • two bytes of the IP address of the accessing user system
  • the website accessed
  • the website from which the user reached the accessed website (referrer)
  • the sub-pages retrieved from the accessed website
  • the time spent on the website
  • the frequency with which the website is accessed

We use Matomo with the setting “Anonymize Visitors’ IP addresses”. This means that IP addresses will be processed in a shortened
form, making it impossible to link them to a particular individual. The software is configured to only save partial IP addresses by
masking 2 bytes of the IP address. This makes it impossible to trace the shortened IP address to the accessing computer. The IP
address transferred by your browser via Matomo will not be combined with other data we collect.

b) Friendly Captcha

We use the service Friendly Captcha to protect our website against SPAM. Friendly Captcha is a proof-of-work based anti-bot solution
with the user's device doing all the work. We generate a unique crypto puzzle for each visitor. Solving the puzzle only takes a few
seconds and is done while the user enters their data into the respective online form. Using Friendly Captcha does not place cookies
on the user's end device. The legal basis for the use of this service is our legitimate interest in protecting our website against
SPAM, Art. 6(1) f) GDPR. You can find more information about the privacy policy of Friendly Captcha at https://friendlycaptcha.com/privacy/.

c) Matomo Tag Manager (Art. 6(1) a) GDPR)

This website uses Matomo Tag Manager. This service facilitates the management of website tags via an interface. Matomo Tag
Manager only implements tags; it does not place cookies or collect personal data. Matomo Tag Manager triggers other tags that will
potentially collect data but it does not access such data itself. Furthermore, for data protection reasons, we only host Matomo Tag
Manager locally. Being a technologically necessary service, our legitimate interest (Art. 6(1) f) GDPR) in using Matomo Tag Manager
is the availability and operation of our website within legal frameworks.

d) Facebook Custom Audiences (“visitor action pixel”)

(Art. 6(1) a) GDPR, § 25(1) TTDSG)

This website uses the so-called “Facebook pixel” of the social network Facebook, which is operated by Facebook Inc, 1 Hacker Way,
Menlo Park, CA 94025, USA or, if you are resident in the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour,
Dublin 2, Ireland.

The legal basis for the data processing is your consent within the meaning of Art. 6(1) a) GDPR and § 25(1) TTDSG. You can withdraw
your consent at any time.

Using the pixels enables us to track the behaviour of website visitors whenever they have been forwarded to the provider’s website
by clicking on a Facebook ad.

This allows the effectiveness of Facebook ads to be analysed for statistical and market research purposes and to be optimised for
future marketing measures. However, the data is stored and processed by Facebook, so that a connection to the appropriate user
profile is possible and Facebook can use the data for its own advertising purposes in accordance with Facebook’s data policy.
You can allow Facebook and its partners to display adverts on and outside Facebook. A cookie can be saved on your computer for
these purposes. We use the Facebook pixel only to display our adverts for those users who have visited our website or who show
certain characteristics that we disclose to Facebook. With the assistance of the Facebook pixel, Facebook can identify our website
visitors as a target group for advertisements.

Personal data may be transferred to the USA by Facebook Inc., meaning that your data are at risk of being processed by US authorities
for control and monitoring purposes without you being entitled to any legal remedies. However, we will take all feasible measures
and measures required under data protection law pursuant to Art. 44 et seq. GDPR to achieve adequate data protection in the
third country.

The Facebook pixel allows your behaviour on multiple sites to be traced once you have viewed or clicked on a Facebook advertisement.
The purpose of this process is to evaluate the effectiveness of the Facebook advertisements for statistical and market
research purposes in order to help optimise future advertising measures.
Facebook processes data in accordance with the Facebook data usage policy: https://www.facebook.com/policy. Specific
information concerning the Facebook pixel and its function can be obtained here: https://www.facebook.com/business/help/651294705016616.
You may withdraw your consent to this use at any time:

 

e) Firebase (Art. 6(1) a) GDPR, § 25(1) TTDSG)

When you use the SATA-Loyalty app or the Nozzle Finder app, we will use the Firebase service to analyse your user behaviour provided
you have authorised this in your app settings. The legal basis for the collection of these data is Art. 6(1) a) GDPR and § 25(1)
TTDSG.

You can prevent the placement of cookies at any time by selecting the relevant settings in your app; however, please note that you
may not be able to use all of the functions in this app if you do so.

You can find further information under http://www.google.com/intl/de/analytics/privacyoverview.html (general information concerning
Firebase and data protection).

Please note that in the app, Firebase has been extended by the gat._anonymizeIp(); code to guarantee the anonymised collection of
IP addresses (so-called IP masking). This means that Google will only collect your IP address in shortened form as per our instructions,
which guarantees anonymisation and means that your identity cannot be traced. When activating IP anonymisation in our app,
your IP address will first by shortened by Google within Member States of the European Union or other Member States of the European
Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there.
This includes a transfer of personal data to a third country, meaning that your data are at risk of being processed by US authorities
for control and monitoring purposes without you being entitled to any legal remedies. However, we will take all feasible measures
and measures required under data protection law pursuant to Art. 44 et seq. GDPR to achieve adequate data protection in the third
country.

f) Doubleclick (Art. 6(1) a) GDPR, § 25(1) TTDSG)

This website uses Doubleclick by Google. Doubleclick is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA
94043, USA (“Google”). Doubleclick uses cookies to show you customised advertisements. To do so, your browser is assigned a
pseudonymised identification number that is used to check which ads are shown and/or clicked. Doubleclick cookies allow Google
and its partners to show ads based on previously visited websites. Any information collected as part of this process is transferred
to Google servers in the USA and stored there for analytical purposes. If IP anonymisation is activated on this website, your IP address
will be shortened by Google within member states of the European Union or in other signatory states of the Agreement on the
European Economic Area. Data will only be transmitted to third parties where legal regulations so require or if we have concluded a
contract for data processing. The data will not be combined with any other data collected by Google.

The legal basis for the data processing is your consent within the meaning of Art. 6(1) a) GDPR and § 25(1) TTDSG. You can withdraw
your consent at any time.

We will delete or anonymise the data collected through Google Analytics once we no longer require them for our purposes. This will
be the case after 14 months.

 

g) Google Maps (Art. 6(1) a) GDPR, § 25(1) TTDSG)

Our website uses Google Maps (API) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). To ensure
data protection, Google Maps is deactivated when you visit our website for the first time. A direct connection to the Google servers
is only established if you activate Google Maps (consent within the meaning of Art. 6(1) a) GDPR and § 25(1) TTDSG). You can withdraw
your consent at any time:

 

This is to prevent any transmission of your data to Google when you visit our website for the first time. Once activated, Google
Maps will save your IP address. It is usually transmitted to a Google server in the USA and stored there. This involves a transfer of
personal data to a third country, meaning that your data are at risk of being processed by US authorities for control and monitoring
purposes without you being entitled to any legal remedies. However, we will take all feasible measures and measures required under
data protection law pursuant to Art. 44 et seq. GDPR to achieve adequate data protection in the third country. You can find more
information about how Google processes user data in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/.

h) YouTube Embeds (Art. 6(1) a) GDPR, § 25(1) TTDSG)

We have embedded videos hosted on the platform YouTube on this website (embeds). This always includes a transfer of data to the server hosting that platform. Such processing is based on your consent that you may withdraw at any time.

Embedding YouTube videos is done using a technological process called Framing. Framing means that by simply embedding a HTML link provided by YouTube into the coding of a website a frame is generated on the third party website, allowing for playing videos stored on the YouTube servers.

We use the framing codes generated by YouTube in their so-called “advanced data protection mode”. According to information provided by YouTube, this mode ensures that cookie activities and any data collection initiated as a result will only start once the video is actually played. The collection of data when simply accessing a website with framed content is not possible in this mode.

To be able to play YouTube content, we require your consent (Art. 6(1) a) GDPR) that you can grant by using the button embedded into the videos itself, if you haven’t already done so when selecting your cookies. Please note that your IP address will be transmitted to YouTube (YouTube, LLC 901 Cherry Ave. San Bruno, CA 94066 USA) and that the provider will place cookies in your browser. This includes a transfer of personal data to an insecure third country, meaning that your data are at risk of being processed by US authorities for control and monitoring purposes without you being entitled to any legal remedies. But we will take all feasible measures and measures required under data protection law pursuant to Art. 44 et seq. GDPR to achieve adequate data protection in the third country.

For your convenience, we will store your consent for 132 days using a so-called Local Storage Object that we save in your browser.

i) Vimeo Embeds (Art. 6(1) a) GDPR, § 25(1) TTDSG)

In addition to YouTube embeds, some parts of our website also include videos from the platform Vimeo. Again, data will be transferred
to the Vimeo server. Such processing is based on your consent, which you may withdraw at any time.

To be able to play Vimeo content, we require your consent (Art. 6(1) a) GDPR, § 25(1) TTDSG), which you can grant – if you have not
already done so when selecting your cookies – by using the button embedded into the video itself. Please note that your IP address
will be transmitted to Vimeo (Vimeo, LLC555 West 18th Street New York, NY 10011, United States) and that the provider will place
cookies in your browser. This involves a transfer of personal data to an insecure third country, meaning that your data are at risk of
being processed by US authorities for control and monitoring purposes without you being entitled to any legal remedies. However,
we will take all feasible measures and measures required under data protection law pursuant to Art. 44 et seq. GDPR to achieve
adequate data protection in the third country.

For your convenience, we will store your consent for 132 days using a so-called Local Storage Object that we save in your browser.

j) Embedded fonts

This website uses external fonts by Google Fonts and Font Awesome. Google Fonts is a service of Google Inc. ("Google"), Font Awesome
is a service of Fonticons, Inc. These web fonts are only embedded locally for data protection reasons. No data is transmitted
to third parties.

Our use of Google Fonts and Font Awesome is based on our interest in presenting our online services in a uniform and appealing
manner. This constitutes a legitimate interest within the meaning of Art. 6(1) f) GDPR.

k) Google Ads Remarketing/Google Ads Conversion Tracking (Art. 6(1) a) GDPR, § 25(1) TTDSG)

Our website uses the Remarketing feature by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). The Remarketing
function allows us to show users who have visited our website interest-based ads on other websites within the Google advertisement
network (during a Google search or on YouTube, so-called “Google Ads” or on other websites). The interaction of the users
on our website is analysed for this purpose, e.g. which offers the user was interested in, so that customised ads can be shown to
users on other pages after they have used our website.

To do this, Google stores a number in the browsers of users who visit certain Google services or websites in the Google display network.
This number, known as a “cookie”, is used to record the visits of these users. This number is used to identify a web browser
on a particular device and not to identify a person. We collect and process the following data as part of Google Ads Remarketing:
Websites visited, IP address, duration of visit, other information about the use of websites, content relating to the user's interests.
We also use the advertisement service Google Ads Conversion Tracking by Google Ireland Limited (Gordon House, Barrow Street,
Dublin 4, Ireland). The Display Network, Shopping and Search types which we have activated measure the interactions between you
and ads placed by Google.

This works by placing a cookie every time you click on an ad placed by Google. This cookie then traces your further activity regarding
the advertised product (conversion tracking). This information helps us measure how effective our advertisement campaigns are.
We collect the following data: Ads you have clicked, IP address, web query, usage data, cookie ID, date and time of your visit, cookie
information, error URL, browser language, browser type.

These Google services are used on the basis of your consent within the meaning of Art. 6(1) a) GDPR. You can withdraw your consent
at any time.

Any withdrawal of consent only applies to the end device and the web browser on which the cookie is placed; if necessary, please
repeat this step on all your devices. If you delete the opt-out cookie, you will be asked for consent to data transfer again.
You can also change your browser settings to eliminate third-party ads. You can also prevent Google tracking permanently by
downloading and installing a plug-in for standard web browsers, which is available here: https://support.google.com/ads/answer/
7395996.

Your data is sent to Google for analysis. If you have a Google account, Google may also combine the data collected during its tracking
activities. This involves a transfer of personal data to a third country, meaning that your data are at risk of being processed by
US authorities for control and monitoring purposes without you being entitled to any legal remedies. However, we will take all feasible
measures and measures required under data protection law pursuant to Art. 44 et seq. GDPR to achieve adequate data protection
in the third country.

The data collected through this feature will be deleted once they are no longer required for our purposes. Usually, this is the case
after 183 days.

You will find more information about Google and Google’s privacy policy under: http://www.google.com/privacy/ads

j) Leadfeeder

This website uses the Leadfeeder service provided by Dealfront Group GmbH, Durlacher Allee 73, 76131 Karlsruhe, Germany.
Using Leadfeeder enables us to collect and process company-related IP addresses and thus to analyse which companies have visited
our website and to what extent. This analysis encompasses the pages visited and the time spent on each. In general, this does
not enable us to draw conclusions regarding individual website visitors from the company.
Leadfeeder generally collects the following information:

  • Name, title
  • Contact information (e-mail address, telephone number, address)
  • Contract details, services, customer number)
  • Contact history (telephone calls, meetings, e-mail correspondence)
  • Website traffic and metadata

The legal basis for our use of Leadfeeder is your consent (Art. 6(1) a) GDPR), which you may revoke at any time with future effect by
clicking on this link  

The data collected using Leadfeeder will be retained for as long as is necessary to fulfil the purpose for which they were collected.
Should you withdraw your consent, we will delete the collected data from this time or retain it solely in anonymised form.
You will find more information on how Leadfeeder works and its data privacy policy at https://www.leadfeeder.com/privacy/.

15. Links to social networks

Social networks with links to the SATA Website

On our websites, you can find links to the social media services of Facebook, Instagram and YouTube. You can recognise links to
social media websites by the respective company logo. If you follow these links, you will be redirected to our company page with the
social media service in question. When clicking a social media link, a connection to the servers of that service will be established.
This alerts the servers of the social media provider that you have visited our website. Other data are transmitted to the service provider
as well. This includes, for example:

  • Address of the website on which the activated link can be found
  • Date and time the website was accessed and the link activated
  • Information about the browser and operating system used
  • IP address

Should you already be logged into the social media service at the time of activating the link, the social media service provider can
use the transferred data to find your user name and possibly your real name and can combine this information with your personal
user account with the social media service. You can prevent such connection to your personal user account by logging out of your
user account first.

The servers of the social media service are located in the USA and other countries outside the European Union. This means that the
social media service provider can also process data in countries outside of the European Union. Please bear in mind that companies
in these countries are subject to data protection legislation that does not guarantee the same level of data protection as the laws in
the Member States of the European Union.

Please be aware that we have no influence over the scope, type and purpose of the data processed by the social media service providers.
More detailed information concerning the use of your data by social media services integrated into our website can be found
in the privacy policy of the respective social media service provider.

Social networks not integrated into the SATA website

We also have company accounts with the social networks LinkedIn and Xing. There are no direct links to these platforms on our
website, but you can find our page when searching on the platforms directly.

When visiting our company profile on one of these social networks, a connection is established to the servers of that service. This
alerts the servers of the social media provider that you have visited our company profile on those services. Other data are transmitted
to the service provider as well. This includes, for example:

  • Date and time the website was accessed
  • Information about the browser and operating system used
  • IP address

The servers of the social media service are located in the USA and other countries outside the European Union. This means that the
social media service provider can also process data in countries outside of the European Union. Please bear in mind that companies
in these countries are subject to data protection legislation that does not guarantee the same level of data protection as the laws in
the Member States of the European Union.

Please be aware that we have no influence over the scope, type and purpose of the data processed by the social media service providers.
More detailed information concerning the use of your data by social media services integrated into our website can be found
in the privacy policy of the respective social media service provider.

16. Data protection policy/information concerning data privacy on social media

SATA GmbH & Co. KG maintains a social media presence. Insofar as we control the processing of your data, we ensure that the
applicable data protection provisions are complied with.

Below, you can find the most important information relating to data protection laws in connection with our internet presence.
Name and address of the controller responsible for operations. In addition to SATA GmbH & Co. KG, the following are responsible for the respective corporate presence under the EU General Data

  • Protection Regulations and other provisions in data protection law:
  • Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
  • Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
  • YouTube (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland)
  • LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland)
  • TikTok (musical.ly Inc., 10351 Santa Monica Blvd #310, Los Angeles, CA 90025 USA)

However, you use these platforms and functions on your own responsibility. This applies in particular to any use of interactive functions
(for example submitting comments, sharing, rating). Please also note that your data may be processed outside the European Union in such cases.

Purpose and legal basis

We maintain fan sites to communicate with the visitors to these sites and to provide you with information about our products and
services via these channels.

We also collect data for statistical purposes to further develop and optimise the content and to make our service more attractive.
The data required for this purpose (for example total number of website accesses, website activities and data provided by visitors,
interactions) is processed by the social networks and then made available. We have no control over the generation and display thereof.
In addition, the social media sites and SATA GmbH & Co. KG process your personal data for market research and advertising purposes.
This allows, for example, for the creation of user profiles based on your user behaviour and the interest you have shown. This
makes it possible to display ads that we believe to meet your interests on the platforms and elsewhere. Usually, cookies are saved
on your computer for this purpose. Regardless of the above, data which are not directly collected from your end devices can also
be saved in your use profiles. Saving and analysis also take place across devices. This is especially but not only the case if you are
registered as a member and logged into the respective platforms.

SATA GmbH & Co. KG processes your personal data in accordance with our legitimate interest in effective information and communication
under Article 6(1) f) GDPR. Should you be asked if you agree to the data processing, i.e. if you agree by clicking a button or similar (opt-in), the legal basis for the processing is Article 6(1) a) and Article 7 GDPR.

Your rights/lodging objections

If you are a member of a social network and do not wish the network to collect data relating to you via our online presence and to
connect this information to your data saved in the respective network, you must

  • log out of the respective network before visiting our fan site,
  • delete the cookies on the device and
  • close and re-launch your browser.

However, if you log in again, the network will again recognise you as a specific user.

Please see the information linked below for detailed information about processing and options to object (opt-out):

Overall, you have the following rights with regard to the processing of your personal data: Right of information; right of rectification;
right of erasure; right to have processing restricted; right of objection; right of data portability; right to complain to the responsible
data protection authority about any unlawful processing of your personal data.

However, as SATA GmbH & Co. KG does not have full access to your personal data, you should also contact the social media providers
directly if you want to exercise your rights as these have access to the personal data of their users and can take the necessary
measures and provide information.

However, should you require assistance, we will of course attempt to provide support. Please contact datenschutz@sata.com

Additional information

Information about copyright and art copyright

If you would like to publish pictures, texts, plans, videos, music and similar on our website, please be aware that you may be assigning
all rights of use to the network, which may ultimately lead to legal consequences for you if you are not the author or owner of the rights.

17. Data security and data protection, communication by email

All technical and organisational measures are implemented to ensure that your personal data is saved in such a way that they cannot
be accessed by third parties. We cannot guarantee that any data communicated by e-mail are fully protected. We would therefore
recommend using the postal services when sending information that requires a high degree of confidentiality.

18. Mobile apps from SATA (e.g. Loyalty-App, SATA-App)

We also offer part of our services for mobile end devices via the SATA apps. All integrated data processing procedures, i.e. the collection,
storage and processing of data, are in line with the procedures and systems set out in the privacy policy.

Our apps also require permissions to make certain features available. These encompass the following in particular:
Camera: Our apps require access to the camera for the user to be able to use the barcode scanner function. The camera is only
used to scan barcodes.

Internal device memory: Our apps require access to the internal device memory to be able to store app content temporarily or to
change and delete it. We do not collect any data from the internal memory of your device.

Network and wi-fi: Our apps require access to your telecommunications connection, your WiFi/WLan and your network for you to be
able to receive data from our apps and our website and to regularly update your content.

19. Links to other providers

Our website also contains links to the online presences of other companies. These are clearly labelled. Where we provide links to
websites of other providers, we have no influence on their content. We can therefore not assume any guarantee or liability for such
content. It is always the respective provider or operator of the website who is responsible for their content.
The linked websites were checked for potential and obvious violations of the law at the time we included the link. At the time we
included the link, there was no unlawful content. However, without concrete evidence of legal violations, we cannot be reasonably expected
to check content on a permanent basis. Should we become aware of legal violations, such links will be removed immediately.
20. Scope, validity and updates of the privacy policy
By using our services, you agree to your data being used as described above. The currently valid privacy policy was updated on 06
February 2024.
It may be necessary to amend this privacy policy so that it reflects the further development of our website or the implementation
of new technologies. SATA GmbH & Co. KG reserves the right to amend the privacy policy at any time with effect for the future. The
privacy policy as amended can be accessed on our website at any time under data protection policy. We advise you to familiarise
yourself with the current privacy policy.

 

***************
Version: 12.06.2024