Design and full service agency
Partner for consulting, content and communication

Managing Director Carsten Stodt
Schanzenstraße 38
Gebäude 81
51063 Cologne, Germany

Cologne commercial register
HRB no. 32404
VAT no.: DE812863564

info@stodt.de
Telephone: +49 221 222514-30

§ 1 Information about collection of personal data

(1) We inform you below about the collection of personal data with the use of our website. Personal data is all data that refers to you personally, for example name, address, e-mail addresses or user behaviour.

(2) The controller as defined by Art. 4 (7) General Data Protection Regulation (GDPR) is:

stodt GmbH, hereinafter referred to as: „stodt“, Schanzenstr. 38, Gebäude 81, 51063 Cologne, Telephone: +49 221 222514-30, E-mail: info@stodt.de, website: www.stodt.de (see our legal information).

You can contact our Data Protection Officer at datenschutz süd GmbH, Wörthstr. 15, 97082 Würzburg, website: www.datenschutz-nord-gruppe.de, E-mail: office@datenschutz-sued.de

(3) When you make contact with us by e-mail or via the contact form, the data you provide (for example an e-mail address, name or telephone number) will be stored by us in order to answer your questions. The legal basis for the processing of your data that you provide when you send the contact form or by e-mail is Art. 6 (1) f GDPR; insofar as contact is directed towards the sending of offers or the conclusion of a contract, the legal basis is Art. 6 (1) b GDPR. The justified interest in data processing is the processing of the contact. We erase the data that arises in this connection when storage is no longer required, or we restrict the processing if statutory preservation duties apply. There is no disclosure of this personal data to third parties.

(4) If we intend to use third party service providers for individual functions of our service or if we wish to use your data for promotional purposes, we will inform you in detail about the relevant procedures as explained below. In this process we also state the established criteria for the duration of storage.

(5) If and to the extent to which links to other websites and apps are created as part of the internet service, no data will be forwarded by us to the linked websites or apps when the link is used.

(6) Personal data shall only be transferred to state institutions and authorities with the right to receive such information within the context of the relevant legislation, or if we are obliged to do so as the result of a court ruling.

§ 2 Collection of data when our website is visited

(1) When the website is visited only for the purpose of obtaining information, i.e. if you do not register or provide us with information in any other way, we will only collect personal data that your browser transmits to our server. When you view our website, we collect the following data which we require for technical purposes to present our website to you and to guarantee stability and security (the legal basis is Art. 6 (1) s. 1 f GDPR):

• IP address
• Date and time of the enquiry
• Time zone difference relative to Greenwich Mean Time (GMT)
• Content of the requirement (specific page)
• Access status/HTTP status code
• Transferred data volume
• Website from which the requirement comes [referrer URL]
• The browser used
• Operating system and its user interface
• Language and version of the browser software

(2) In addition to the above-mentioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are assigned to and stored on the browser on your hard drive whereby certain information is transferred to the party that places the cookies (in this case us). Cookies cannot run programs or transfer viruses to your computer. They help to make the website more user-friendly and effective overall.

(3) Use of cookies:

a) This website uses the following types of cookies, the scope and function of which is explained below:

stodt uses the following cookies:
ASP.NET_SessionId, value uv10ui5deayss1drwxrdepiz, path /, httpOnly true
- Transient cookies (b)

b) Transient cookies are deleted automatically when you close the browser. They include in particular the following session cookies. They store a session ID which allow various enquiries from your browser to be assigned to the common session. This allows your computer to be recognised again when you return to our website. Session cookies are deleted when you log out or close your browser.

You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We draw your attention to the fact that you may then not be able to use all the functions on this website.

§ 3 Subscription for our newsletter

(2) In order to receive our newsletter you need to have a valid e-mail address and you must register for the newsletter. At the time of registration we record the e-mail address as well as your first name, last name and company name in order to personalise the newsletter. Registration takes place after the double opt-in process. Therefore, when you initially register you receive a confirmation via the e-mail address you have provided. This confirmation e-mail serves to ascertain whether the owner of the e-mail address has authorised receipt of the newsletter. You are only included in the mailing list for the newsletter when you activate the link contained in the confirmation e-mail. Furthermore, when you register for the newsletter the IP address of the computer system used by the subscriber at the time of registration as well as the date and time of registration and activation are stored. Collection of this data is necessary in order to trace (possible) misuse of the e-mail address of a person affected at a subsequent time and thus provides legal protection for the controller.

(3) Personal data collected when you register for the newsletter is only used for dispatch of our newsletter by means of CleverReach and to make contact, if necessary, in direct connection with a change to the newsletter subscription. The legal basis for data processing after registering for the newsletter is Art. 6 (1) a GDPR. There will be no disclosure to third parties of personal data collected in the context of the newsletter subscription, apart from (4). You may cancel your subscription to our newsletter at any time; you may also at any time revoke your consent for storage of personal data granted when you registered for the newsletter. Every newsletter includes a corresponding link for this purpose. You also have the option at any time to use the above contact data to inform us that you wish to revoke consent/unsubscribe.

(4) This website uses CleverReach to dispatch newsletters. The provider is CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede. CleverReach is a service which can organise and analyse the dispatch of newsletters. The data you enter for the purpose of obtaining the newsletter (for example an e-mail address) is stored on the servers of CleverReach in Germany or Ireland.

(5) Our newsletters sent with the help of CleverReach allow us to analyse the behaviour of newsletter recipients. This makes it possible, amongst other things, to analyse how many recipients have opened the newsletter communication and how often which link has been clicked in the newsletter. With the help of conversion tracking it is also possible to analyse whether a pre-defined action (for example the purchase of a product on our website) has taken place after the link in the newsletter was clicked. You can obtain further information about data analysis by the CleverReach newsletter at: https://www.cleverreach.com/en/features/reporting-tracking/. The data processing takes place on the basis of your consent (Art. 6 (1) a GDPR). You may revoke this consent at any time by unsubscribing from the newsletter. The legality of data processing operations that have already taken place remains unaffected by the revocation. If you do not want any analysis by CleverReach, you must cancel the newsletter. If you decide to do this, your data that has been stored by us for the purpose of sending the newsletter will be erased from our servers and from the servers of CleverReach. Data stored for other purposes (e.g. e-mail addresses for the member area) remains unaffected. You will find further details in the data protection regulations of CleverReach here.

§ 4 Data protection for applications and during the application procedure

stodt collects and processes personal data relating to applicants in order to deal with the application process. The legal basis for the processing of your application is Art. 6 (1) f GDPR for the safeguarding of justified interests and for carrying out the application process. The processing can also take place by electronic means. This is the case in particular when applicants send the relevant documents to stodt by electronic means, e.g. by e-mail or via the application form. All data that you provide in this way is stored for the duration of the application process. If stodt concludes an employment contract with such a person, the data transferred will be stored for the purpose of managing the employment relationship in compliance with the legal regulations. The legal basis is then Art. 6 (1) b GDPR. If stodt does not conclude any employment contract, the application documents will be deleted automatically two months after the notification of the decision of refusal provided a deletion is not in conflict with any other justified interests of stodt. Another justified interest in this sense is, for example, a burden of proof in proceedings based on the Allgemeines Gleichbehandlungsgesetz (General Equal Treatment Act).

§ 5 Rights of affected parties

You have the right:

• In accordance with Art. 15 GDPR to demand information about your personal data that is processed by us.
• In accordance with Art. 16 GDPR to demand immediate correction of incorrect personal data or completion of your personal data stored with us.
• In accordance with Art. 17 GDPR to demand deletion of your personal data stored with us.
• In accordance with Art. 18 GDPR to demand restriction of the processing of your personal data insofar as you dispute the correctness of the data, the processing is unlawful, you refuse to allow deletion of it and we no longer require it but you require it for assertion, exercise or defence of legal claims or you have lodged an objection against the processing in accordance with Art. 21 GDPR.
• In accordance with Art. 20 GDPR to demand to receive your personal data that you have provided to us in a structured, common, machine-readable format or have it transferred to another controller.
• In accordance with Art. 7 (3) GDPR to revoke at any time the consent you previously granted. This means that we can no longer continue in the future the data processing that was based on this consent.
• In accordance with Art. 77 GDPR to lodge a complaint with a regulatory authority. For this purpose you can normally contact the regulatory authority that has jurisdiction for your residence, your place of work or our legal office.

§ 6 Right of objection

Insofar as your personal data is processed on the basis of justified interests in accordance with Art. 6 (1) s. 1 f GDPR, you have the right in accordance with Art. 21 GDPR to lodge an objection to the processing of your personal data insofar as there are grounds arising from your particular situation or if the objection is against direct advertising. In the latter case you have a general right of objection which we will act upon without the need to specify a particular situation.

If you wish to make use of your right of revocation or right of objection, you only need to send an e-mail to info@stodt.de.

§ 7 Data security

During a website visit we deploy the widely used SSL procedure (secure socket layer) in conjunction with the highest level of encryption supported by your browser. This is usually a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit-v3 technology instead. Whether an individual page on our website is provided with encryption is shown by the closed depiction of the lock or key icon in the status bar of your browser.

We also take suitable technical and organisational measures to protect your data against accidental or intentional manipulation, full or partial loss, destruction or unauthorised access by third parties. Our security measures are upgraded continuously in line with technological developments.

§ 8 Updating and amending this data protection statement

This data protection statement is up-to-date. Its current status is March 2023.

On account of the further development of our website and the services provided by it or new statutory or regulatory provisions it may be necessary to amend this data protection statement. You can view and print out the current data protection statement at any time from the website, within the apps and here.

When you visit our social media pages, it may be necessary to process data relating to you. We would therefore like to inform you in accordance with Article 13 of the General Data Protection Regulation (GDPR) about the handling of your data and your rights regarding this.

Responsibility

We, stodt GmbH, operate the following social media pages:

• XING: https://www.xing.com/pages/stodtgmbh
• LinkedIn: https://de.linkedin.com/company/stodt-gmbh
• YouTube: https://www.youtube.com/@stodtKoeln
• Instagram: https://www.instagram.com/stodtgmbh/

Our contact details are listed in the Legal Information section.

Data processing by us

Public relations

The data you enter on our social media pages – e.g. user names, comments, videos, images, likes, public messages, etc. – is published by the social media platform and is never processed by us for other purposes. We only reserve the right to delete content if this is deemed necessary. We may share your content on our page if this is a function of the social media platform, and communicate with you via the social media platform.

If you send us an inquiry on the social media platform, depending on the content, we may refer it to another, secure communication channel where confidentiality is guaranteed. For example, you have the option to send us your inquiries at any time to the postal or e-mail-address listed in the “Legal Information” section. It is your responsibility to choose the appropriate communication channel.

The legal basis for the specific processing of your data is Article 6 (1) (f) GDPR. The data processing is based on the legitimate interest of carrying out public relations for our company and communicating with you.

Shared responsibility for data processing

For some processing activities, responsibility is shared between us and the respective operator of the social media platform.

• XING: https://privacy.xing.com/
• LinkedIn: https://www.linkedin.com/static?key=privacy_policy
• LinkedIn: https://legal.linkedin.com/pages-joint-controller-addendum
• YouTube: https://www.youtube.com/privacy
• Instagram: https://www.instagram.com/legal/privacy/

The following section outlines the main aspects of shared responsibility.

Statistics (Insights)

The relevant social media platforms regularly create statistics (insights) on the basis of usage data containing information about your interactions with our social media page. We cannot influence or prevent the generation and provision of these statistics.

However, we do not make any use of optional statistics from the social media platform.

We process the specified information (statistics) in accordance with Article 6 (1) (f) GDPR in the legitimate interest of validating the use of our social media pages and improving our content with a focus on specific target groups.

Targeted advertising

We do not use any target group definitions based on location data. We never share personal data with the operator of the social media platform when defining target groups.

Data processing by the operator of the social media platform

The operator of the social media platform uses web tracking methods. Web tracking can also take place irrespective of whether you are logged in to or registered with the social media platform.

Please be aware therefore that we cannot prevent the operator of the social media platform from using and evaluating your profile and behavioural data for their own purposes. We have no influence over the processing of your data by the operator of the social media platform. Please keep this in mind when using the social media platform.

For more information about data processing by the operator of the social media platform, configuration options for protecting your privacy, as well as other options for raising objections, please refer to the operator's privacy statement.

Length of storage

We delete your personal data as soon as it is no longer required for the above-mentioned processing purposes and assuming there are no retention requirements that may prevent us from doing so.

Your rights as a user

If certain requirements are met, you as a user are entitled to assert the following rights against us as well as against the operator of the social media platform:

1. Right to access (Article 15 GDPR)

You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have the right to access this personal data and you have the right to access the information listed in Article 15 GDPR.

2. Right to rectification and erasure (Article 16 and 17 GDPR)

You have the right to request that inaccurate personal data concerning you be corrected and, if applicable, any incomplete personal data be supplemented without delay.

You have the right to request that personal data concerning you be deleted without delay provided that one of the reasons listed in Article 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued.

3. Right to restriction of processing (Article 18 GDPR)

You have the right to request that the processing of data be restricted if one of the prerequisites listed in Article 18 GDPR applies, i.e. if you have objected to its processing for the duration of an assessment of your objection.

4. Right to data portability (Article 20 GDPR)

In certain cases that are listed in detail in Article 20 GDPR, you have the right to receive personal data concerning you in a structured, standard and machine-readable format, or to request the transmission of this data to a third party.

5. Right to object (Article 21 GDPR)

If data is collected on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR, you have the right to object to its processing at any time on grounds relating to your particular situation. We will then no longer process the relevant personal data unless we can demonstrate compelling, legitimate grounds for its processing which override your interests, rights and freedoms, or its processing is required for the establishment, exercise or defence of legal claims.

If data is collected on the basis of the legitimate interest for direct marketing purposes, you have your own right of objection, which you may exercise at any time without giving reasons. Once this right has been asserted, this data will no longer be processed for direct marketing purposes.

6. Right of withdrawal

If data is processed on the basis of your consent, you are authorised under Article 7 (3) GDPR to revoke your consent to the use of your personal data at any time. Please note that such revocation only applies to the future. Processing that takes place prior to consent being revoked is not affected.

7. Right to file a complaint with a supervisory authority

In accordance with Article 77 GDPR, you have the right to file a complaint with a supervisory authority if you believe that the processing of your personal data infringes upon data protection provisions.

Contact details of our data protection officer

You are welcome to contact our external data protection officer for information about data privacy at any time using the following contact details: datenschutz süd GmbH, Wörthstraße 15, 97082 Würzburg, E-Mail: office@datenschutz-sued.de

If you decide to contact our data protection officer, please also specify the responsible authority listed in the “Legal Information” section.