Data privacy
Privacy policy
We, STOFF2 GmbH, operate www.stoff2.com and collect certain data from you, when necessary. In the following privacy policy, you will be informed about what we do with your data, referred to as personal data, and why we do it. We will also explain how we protect your data, when it is deleted, and what rights you have under data protection laws.
Who can I contact?
Responsible for this website is:
STOFF2 GmbH
Building H / Tegel Airport 1
13405 Berlin
You can also use these contact details to reach our data protection officer or another contact relevant to data protection. Please contact us at any time if you have specific questions about your data, its deletion or your rights.
If you would like to contact our data protection officer directly regarding a confidential matter, please use the following e-mail address:
What are my rights?
You can contact us at any time if you have questions about your rights regarding data protection or if you wish to exercise any of the following rights:
- Right to withdraw your consent in accordance with Art. 7 para. 3 GDPR (e.g. you can contact us if you wish to cancel a previously given consent to a newsletter)
- Right to access your data in accordance with Art. 15 GDPR (e.g. you can contact us if you would like to know what data we have stored about you)
- Right to correct your data in accordance with Art. 16 GDPR (e.g. you can contact us if your e-mail address has changed and we should replace your old e-mail address)
- Right to have your data deleted in accordance with Art. 17 GDPR (e.g. you can contact us if you want us to delete certain data that we have stored about you)
- Right to limit data collection in accordance with Art. 18 GDPR (e.g. you can contact us if you do not want us to delete your e-mail address, but only to send absolutely necessary e-mails)
- Right to data portability in accordance with Art. 20 GDPR (e.g. you can contact us to receive your data in a zipped format, if you want to upload it to another website)
- Right to object how your data is handled in accordance with Art. 21 GDPR (e.g. you can contact us if you do not agree with advertising or user analytics procedures as described within this privacy policy)
- Right to send complaints to the supervisory authority in accordance with Art. 77 para. 1 f GDPR (e.g. you can contact the data protection supervisory authority directly: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm)
Deletion of data and storage periods
Unless otherwise stated, we will delete your data as soon as it is no longer needed, e.g. your e-mail address, after you have unsubscribed from our newsletter. Your data will also be blocked or deleted automatically if a mandatory storage period expires. Such data may be needed for longer periods of time for legal reasons. You can request information about all personal data we have stored about you. Data protection inquiries and other legal matters may also be stored for a longer period within the scope of the legally relevant retention and statute of limitations periods.
Visit the website
If you merely wish to browse our website, we do not collect any personal data, except for the data that your browser sends us, e. g.:
- IP address (e.g. 81.91.215.example or 2a02:8109:9440:1198:bdb1:551f:example)
- Approximate location based on IP range (e.g. Berlin)
- Internet provider (e.g. Vodafone or Deutsche Telekom)
- Internet speed (e.g. 120 Mbit)
- Date and time (e.g. 11:55 on 25.05.2023)
- Last visited website (e.g. google.de)
- Browser (e.g. Chrome or Safari)
- Operating system (e.g. Mac OS)
- Hardware (e.g. Intel processor)
As a protective measure in favor of your privacy, we delete or anonymize the IP address after your visit to our website. This means that the other technical data can no longer be traced back to you and is only used for anonymous, statistical purposes to optimize our website. The purpose of the temporary storage of the data is, on the one hand, the technical necessity for establishing a connection and the correct, error-free presentation of our website. The IP address and the technical data already mentioned are necessary to display the website, to prevent display problems for visitors and to correct error messages. The legal basis is the so-called legitimate interest, which has been examined in the context of the aforementioned protective measures as well as in accordance with the European data protection requirements under Art. 6 para. 1 lit. f) GDPR.
Contact us
You have the option of contacting us via our contact form or by other means. You can provide us with the following data:
- First/last name
- Name of the company
- E-mail address
- Phone number
- Title / Function
- Individual message or request
As a protective measure, contact is established via an encrypted connection, just like the rest of the website. You may also choose other means of getting into contact with us. Your data will be deleted after you have successfully contacted us and completed your contact request. The sole purpose of the requested data is to contact you or communicate with you, which is why the data is only used for this purpose. The legal basis is the so-called legitimate interest, which has been examined to pursue the purpose and within the framework of the aforementioned protective measures as well as in accordance with the European data protection requirements from Art. 6 para. 1 lit. f) GDPR.
Applications
If you apply to us online or otherwise respond to one of our job advertisements, we collect and process the personal application data to manage the application process. Processing is primarily carried out electronically. This is particularly the case if the relevant application documents are sent to us electronically, for example by e-mail or via a web form on the website. If we conclude an employment contract, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract, the application documents will be deleted six months after notification of the rejection decision – this retention period is based on a possible burden of proof in proceedings under the General Equal Treatment Act (AGG). If consent has been given, applications may be kept for longer than six months.
We also use recruiting and application management software provided by the service provider Personio. This software helps us to place job advertisements and manage applications centrally. We have concluded an order processing contract for this purpose to ensure that the personal data of our applicants is only processed in accordance with our instructions. Further information can be found in Personio‘s privacy policy.
The legal basis for the processing is the decision on the establishment and implementation of an employment relationship pursuant to Art. 6 para. 1 lit. b), Art. 88 GDPR in conjunction with § 26 BDSG.
Cookies
Our website partially uses so-called cookies. Cookies are small text files that are usually stored in a folder in your browser. Cookies contain information about the current or last visit to the website:
- Name of the website
- Expiration date of the cookie
- Any value
If cookies do not contain an exact expiration date, they are only stored temporarily and automatically deleted as soon as you close your browser or restart your device. Cookies with an expiration date remain stored even if you close your browser or restart your device. Such cookies are only deleted on the specified date or when you delete them manually.
We use the following three types of cookies on our website:
- required cookies (we need these, e.g. to display the website correctly for you and to cache certain settings)
- functional and performance-related cookies (these help us, for example, to evaluate technical data of your visit and thus avoid error messages)
- advertising and analytics cookies (these ensure that we better understand which content is popular or how long you stay on our site)
You can configure, block and delete cookies in your browser settings. If you delete all cookies from our website, some functions of the website may not be displayed correctly. The Federal Office for Information Security provides helpful information and instructions for the most common browsers: https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html
Data Recipients
In accordance with the descriptions and purposes stated above, we share your information with the following recipients that are essential to providing our services and communicating with you:
- Google Analytics, operated by Google Ireland Ltd. with headquarters in Gordon House Barrow Street Dublin 4 Ireland. Google Analytics is used to analyze user behavior and to provide personalized advertising. The data is processed within the European Union. Further information can be found in Google’s privacy policy.
- Google Maps
On our website we use Google Maps, a map service provided by Google Ireland Limited. When using this service, information, including your IP address, may be transmitted to Google servers in the USA and stored there. This enables an interactive map display to make it easier to find our locations. You can prevent data transmission to Google by deactivating JavaScript in your browser – however, the map display will then not be available. Further information can be found in Google’s privacy policy.
- Google Fonts
Our website uses so-called web fonts provided by Google for the uniform display of fonts. When you visit our site, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. Your IP address is transmitted to Google servers, possibly also in the USA. If your browser does not support web fonts, a standard font will be used by your computer. Further information can be found in Google’s privacy policy.
- YouTube, operated by YouTube LLC (Google Ireland Limited), headquartered at Gordon House, Barrow Street, Dublin 4, Ireland. The YouTube application allows users to upload, view, share and comment on a variety of user-generated and professionally created videos on various topics and categories. The data is processed within the European Union. Further information can be found in Google’s privacy policy.
- Matomo,
operated by ePrivacy Holding GmbH, headquartered at Große Bleichen 21, 20354 Hamburg, Germany. Matomo is an open source web analytics platform that helps companies track, analyze and optimize the performance and user experience of their websites. The data is processed within the European Union. Further information can be found in Matomo’s privacy policy.
- HubSpot,
operated by HubSpot Inc. (HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland). HubSpot is a customer relationship management platform (CRM tool) for managing and maintaining customer and prospect data as well as internally documenting communication histories. Additionally, HubSpot enables the efficient management and sending of emails. The processing of personal data is carried out for the purpose of customer communication, tracking inquiries, and internal documentation to ensure efficient and transparent customer support. This may include the storage and management of contact information, documentation of conversation histories and interactions, as well as the sending and management of emails. Depending on your location, the data is stored either in the European Union or the USA. For more information, please refer to HubSpot’s privacy policy.
We only share data that is necessary for the performance of the mutual contract or if you have given us your consent, for example in the context of our cookie banner. If there is no contract yet, we share the data in certain cases within the scope of legitimate interests. This is the case, for example, if you only wish to visit our website or contact us. When you visit our website, it is in both parties’ interests to provide access to the offer and to communicate with each other.
We have also concluded data processing agreements with all external recipients in order to comply with European legal requirements. Depending on your location, some of the above service providers – if specified – will also transfer your data to the United States. There is currently an adequacy decision between the EU and the USA. This confirms for organizations certified within the scope of the EU-U.S. Data Privacy Framework that the U.S. ensures an adequate level of protection for personal data. Additional contracts for order processing, known as standard contractual clauses, are also concluded. In addition, we review each service provider together with our data protection officer and ensure that additional security measures are available, such as strong data encryption.
Status of the privacy policy: January 2025