STIHL Privacy Police

Privacy Policy of STIHL d.o.o.

With this Privacy Policy, we would like to inform you about the processing of your personal data. Below you will find, among other things, information on how and why we process your personal data and what rights you have in this regard.

SCOPE OF THE PRIVACY NOTICE

In this Privacy Notice we provide you with information about the processing of your personal data in connection with visiting and using our website.

To help you get the information that is relevant to you at a glance, we have broken down this Privacy Notice into individual sections:

1. Controller and Data Protection Officer
2. General information about the processing of your personal data
3. Visits to our website
4. Use of our website and our services
5. Advertising and user experience
6. Retention period
7. Recipients of your personal data
8. Transfer of your personal data to countries outside the territory of Serbia
5. Your rights
5.1. Overview
5.2. Right to object
6. Amendments to this privacy policy

In this Privacy Policy, we provide you with information in accordance with the requirements of the European General Data Protection Regulation ("GDPR", Regulation (EU) 2016/679 of the European Parliament and of the Council). We also comply with the requirements of other national data protection laws relating to the processing of your personal data, such as the Law on Personal Data Protection of the Republic of Serbia, Official Gazette of the Republic of Serbia, No. 87/2018 (the "Act").

1 CONTROLLER AND PERSONAL DATA PROTECTION OFFICER

1.1 OPERATOR

The controller under the regulations on the protection of personal data will determine the purposes and means of the processing of your personal data and ensure compliance with the requirements of the legislation on the protection of personal data. In the event that two or more controllers jointly determine the purposes and means of the processing, these controllers will be jointly responsible for the processing, these are the so-called joint controllers.

The controller responsible for the processing of your personal data in connection with this website is:

STIHL d.o.o.
Mailing address: Prekonoška 24, Belgrade
Email: office@stihl.rs
Tax identification number: 107902347

For further information, please feel free to contact us at any time via the contact details provided above.

1.2 DATA PROTECTION OFFICER

You can contact our Data Protection Officer by sending a mail to the controller's address with the indication "for the Data Protection Officer" or by sending an email to the address dijana.peskir@stihl.rs.

2 GENERAL INFORMATION ABOUT THE PROCESSING OF YOUR PERSONAL DATA

2.1 PROCESSING OF YOUR PERSONAL DATA

When we use the term "personal data" in this Privacy Policy, we mean all information relating to you.

Examples of personal information include your name, email, and mailing address. However, your personal data includes all data that is associated with or relating to you. We refer to data that does not relate to you as "non-personal data" or "anonymous data". The Personal Data Protection Policy and this Privacy Policy do not apply to this data.

By processing your personal data, we mean, for example, the collection, storage or deletion of your data.

2.2 OVERVIEW OF THE LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA

We only process your personal data if we can base the processing on a legal basis or if it is lawful to do so under applicable data protection law, i.e. if the processing is lawful. Within the framework of the Act, most of the processing of your personal data is based on the following legal basis:

The processing of your personal data is necessary for the performance of a contract concluded with you or to take action, at your request, prior to the conclusion of a contract (Article 12 (1) (2) of the Act).
You have consented to the processing of your personal data for one or more specific purposes (Art. 12 (1) (1) of the Act).
The processing of your personal data is necessary in order to comply with our legal obligations (Article 12 (1) (3) of the Act).
Processing is necessary for the purpose of pursuing our legitimate interests as controllers or those of a third party, unless these interests are overridden by your interests or fundamental rights and freedoms that require the protection of personal data (Article 12 (1) (6) of the Act).

Further information on the legal bases on which certain processing operations are based or under which legislation on the protection of personal data processing is permitted is provided below in this Privacy Policy.

2.3 WHAT PERSONAL DATA WE COLLECT FROM YOU

We process personal data that you provide to us, that we collect (automatically) or that we receive from third parties.

In principle, you are not obliged to provide us with your personal data. However, the disclosure of certain personal data may be necessary in order to offer and provide you with access to the website and all its functions.

Personal data that you provide to us

We process the information you provide to us. For example, let's say you call us or contact us by some alternative means and provide us with certain information through those means. We collect and process this data in order to enable you to use our website. Failure to provide us with certain information may result in the loss or impaired use or full functioning of our website.

Personal data collected (automatically)

We collect and process certain data (automatically) when you use our website. This includes data such as your IP address, specific access data and data that is processed to enable the technical availability of our website.

Personal data that we receive from third parties

Sometimes we do not receive information directly from you. This may be the case, for example, if information about you is provided to us by third parties. For example, we work with companies that provide services for us and provide us with information about you.

3 VISITS TO OUR WEBSITE

When you visit our website, the browser you use on your device automatically sends information to a server on our website and temporarily stores it in a log file.

If you would like to find out more about the cookies we use on our website, click here.

Categories of personal data

The following data is processed when you visit the website:

Your IP address
Date and time of access.
Name and URL of the downloaded data sheet
The website/application from which the access was made (referrer URL)
The browser you use and, if applicable, the operating system of the device from which you access our website, as well as the name of your access provider

Purpose

Your personal data is processed for the following purposes:

Ensuring an uninterrupted connection
Ensuring the ease of use of our website
Analysis of the security and stability of the system

Legal basis

We base the processing of your personal data on the following legal bases:

The processing of your personal data is necessary for you to be able to visit the website and to ensure the performance, long-term functionality and security of our website and systems.
We process your personal data on the basis of Article 12 (1) (6) of the Act.

We have a legitimate interest in ensuring the performance, long-term functionality and security of our website and systems.

Storage period

In principle, we will only process your personal data for as long as it is necessary to achieve these purposes. For more information on the retention period, see Section 6 of this Privacy Policy.

4 USE OF OUR WEBSITE AND OUR SERVICES

4.1 CONTACT AND COMMUNICATION

If you have any questions, you can always contact us by email, mail, phone, contact form or any other means. If you contact us, we will usually respond to you using the same means of communication that you have chosen.

Categories of personal data

The following data is processed when communicating with you:

Your contact information, such as phone number or email address
Communications with you, including recordings of telephone conversations with you, if applicable
Data relating to your request or complaint, such as the subject matter of your request or our communication with you
Information Required to Resolve Your Complaint

Purpose

Your personal data is processed for the following purposes:

To communicate with you if you have contacted us with questions or other remarks
To communicate with you on matters other than requests and complaints, for example for informational purposes or to comply with legal or contractual obligations
If we record telephone conversations with you, this is done for quality assurance and training purposes
To enhance our support

These goals are collectively referred to as "support" below.

Legal basis

We base the processing of your personal data on the following legal bases:

The processing of your personal data in connection with our support is necessary for the performance of a contract concluded with you or to take steps at your request prior to entering into a contract.
We process your personal data on the basis of Article 12 (1) (2) of the Act.
We provide you with certain support services that are not part of your existing contract.
We process your personal data on the basis of Article 12 (1) (6) of the Act.
We have a legitimate interest in assisting you in case of questions about our offers and services, as well as in ensuring the satisfaction of our (current and future) users.
For certain processing of your personal data, we will obtain your consent where necessary in accordance with Article 12 (1) (1) of the Act.

This is especially true for recording telephone conversations.

Storage period

In principle, we will only process your personal data for as long as it is necessary to achieve these purposes. For more information on the retention period, see Section 6 of this Privacy Policy.

5 ADVERTISING AND USER EXPERIENCE

5.1 COOKIES AND SIMILAR TECHNOLOGIES

We use technologies on our website that are intended to make the website easier to use, to make it more user-friendly and to provide various functions. Such technologies include, for example, cookies, pixels and scripts. This section provides information about your personal data in this context.

In our Cookie Policy We explain which cookies and similar technologies we use on our website, for what purposes and how you can manage these cookies.

5.2 PROVIDING, DEVELOPING AND IMPROVING OUR WEBSITE

(a) Google Analytics

On our website, we use the analysis tool Google Analytics. Google Analytics is provided by Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google", together with other Google companies of Alphabet Inc. "Google").

We use Google Analytics with the extension "IP address anonymization". This means that your IP address will be shortened before it is sent to Google in the United States, so that Google does not receive your full IP address from us.

Categories of personal data

The following data is processed in connection with the use of Google Analytics:

Your IP address
A unique user ID assigned by the search engine
User's click patterns on the website
Subpages that the user accesses
Browser Type, URL, Screen Resolution
Timestamp

Purpose

We use Google Analytics to analyze your use of the website, to obtain reports on website activity and to use other Google services related to the use of our website and other activities on the Internet.

This will allow us to constantly improve our website, its accessibility to users and our offer, adapting them to your needs and interests.

Legal basis

We base the processing of your personal data on the following legal bases:

Your personal data is processed on the basis of your consent that you have given us in the Cookie Policy.
We process your personal data on the basis of Article 12 (1) (1) of the Act.
The use of Google Analytics requires the setting of cookies. For this purpose, we will obtain your consent in accordance with Article 12 (1) (1) of the Act in the Privacy Preference Center. For more information about our cookies, see our Cookie Policy.

Storage period

In principle, we will only process your personal data for as long as it is necessary to achieve these purposes. For more information on the retention period, see Section 6 of this Privacy Policy.

Transfer of your data to countries outside the territory of Serbia

In connection with the use of Google Analytics, personal data is transferred to countries outside the European Economic Area ("EEA"). For more information, see Section 8 of this Privacy Policy.

Privacy Policy

Here you can find Google Ltd.'s Privacy Policy for Google Analytics:
https://policies.google.com/privacy?hl=rs

(b) Google Optimize

Our website uses the "Google Optimize" service from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). The service enables us to improve the appeal, content and functionality of our website by making available new functions and content to a certain portion of our users and statistically analyzing changes in website use. Google Optimize is a sub-service of Google Analytics (see Google Analytics, section a directly above).

Cookies are set when using the service. The information on your use of our website generated by doing so is generally transferred to and stored on a server of Google in the United States (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). We use Google Optimize with IP anonymization activated, meaning that your IP address is truncated by Google while still in the EU/EEA. It is only in exceptional cases that the full IP address is sent to a Google server located in the US and truncated there. Google will use this information for the purpose of evaluating your use of our website in order to compile reports on the optimization test and associated website activity for us and to provide other services to us relating to the use of the website and the Internet.

The legal basis for the data processing is your consent pursuant to Articles 6(1)(a) and 49(1)(a) GDPR. You can change this consent at any time with effect for the future by changing your settings in the Consent Manager.

(c) YouTube

On our website, we use video content via YouTube. YouTube is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google Ltd", together with other companies of Alphabet Inc. "Google").

Categories of personal data

The following data is processed in connection with the use of YouTube:

Your IP address
Information about your device
Search engine
Operating system
Information about the video content you've viewed

Purpose

We provide links to video content via YouTube to inform you about our products and offers.

Legal basis

We base the processing of your personal data on the following legal bases:

The video content is displayed as a thumbnail. Google will only process your data if you have given your consent to the processing of your data ("two-click solution").
We process your personal data on the basis of Article 12 (1) (1) of the Act.
The use of YouTube requires the setting of cookies. For this purpose, we will obtain your consent in accordance with Article 12 (1) (1) of the Law in the cookie notice. For more information about our cookies, see our Cookie Policy.

Storage period

In principle, we will only process your personal data for as long as it is necessary to achieve these purposes. For more information on the retention period, see Section 6 of this Privacy Policy.

Transfer of your data to countries outside the territory of Serbia

In connection with the use of YouTube, personal data is transferred to countries outside the territory of Serbia and the EEA. For more information, see Section 8 of this Privacy Policy.

Privacy Policy

Here you can find Google's privacy policy for the processing of personal data in connection with the YouTube platform:
https://policies.google.com/privacy?hl=rs

(d) Mouseflow ApS web analysis tool

We use Mouseflow, a web analysis tool offered by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, on our website. The tool records individual visits that are selected at random and also transfers the visitor's anonymized IP address to the provider of this tool. The tool allows us to prepare a record of mouse movements and mouse clicks. These can be played back on a random basis as what are known as session replays and can be analyzed in heat maps so that we can identify potential improvements for this website. Mouseflow can also be used to conduct surveys that are designed to measure visitor satisfaction levels. The surveys performed and participation in them are also recorded in a cookie created by the tool.

This tool is used exclusively with your consent (Article 6(1)(a) GDPR). You can revoke your consent at any time as described above by changing your cookie settings.

You can find further information on data protection measures taken by the provider and on the use of Mouseflow in the provider's Privacy Statement: https://mouseflow.com/legal/

5.3 Advertising and profiling (tracking)

(a) Oracle Eloqua

We use Oracle Eloqua. Oracle Eloqua is provided by Oracle Deutschland B.V. & Co. KG, Riesstrasse 25, 80992 Munich ("Oracle").

Categories of personal data

The following information is processed in connection with the use of Oracle Eloqua:

Information about whether you open our email
Information about which links you click on

Purpose

We use Oracle Eloqua to personalise our emails and to determine whether our emails, particularly our newsletters, are opened and which links in our emails you click on. We use this information to improve our emails and the offers and services we provide. The aim is to tailor our website and services and offers, especially our emails, to suit your needs and interests.

Legal basis

We base the processing of your personal data on the following legal bases:

Your personal data is processed on the basis of the consent you have given us in the cookie notice.
We process your personal data on the basis of Article 12 (1) (1) of the Act.
The use of Oracle Eloqua requires the setting of cookies. For this purpose, we will obtain your consent in accordance with Article 12 (1) (1) of the Law in the cookie notice. For more information about our cookies, see our Cookie Policy.

Storage period

In principle, we will only process your personal data for as long as it is necessary to achieve these purposes. For more information about the retention period, see Section 6 of this Privacy Policy

Transfer of your data to countries outside the territory of Serbia

In connection with the use of Oracle Eloqua, personal data is transferred to countries outside the territory of Serbia and the EEA. For more information, see Section 8 of this Privacy Policy.

Privacy Policy

Here you can find Oracle's Privacy Policy for the processing of personal data in relation to Oracle Eloqua:
https://www.oracle.com/rs/legal/privacy/

(b) Google Ads

On our website, we use Google Google Ads. Google ads are provided by Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").

Categories of personal data

The following data is processed in connection with the use of Google ads:

Your IP address
Information about your device
Search engine
Operating system

Purpose

We use Google ads to carry out ad campaigns based on your searches if you have visited our website before. The Services allow us to combine our advertisements with certain keywords or, if you have already visited our website, for example, to advertise the services you have viewed on our website. We may display interest-based ads on other websites within the Google search engine and the Display Network. Display Network) (as a "Google ad", as part of the Google search engine or on other Google partner websites).

Legal basis

We base the processing of your personal data on the following legal bases:

Your personal data is processed on the basis of the consent you have given us in the Privacy Preference Center.
We process your personal data on the basis of Article 12 (1) (1) of the Act.
The use of Google ads requires the setting of cookies. For this purpose, we will obtain your consent in accordance with Article 12 (1) (1) of the Act in the Privacy Preference Center. For more information about our cookies, see our Cookie Policy.

Storage period

In principle, we will only process your personal data for as long as it is necessary to achieve these purposes. For more information on the retention period, see Section 6 of this Privacy Policy.

Transfer of your data to countries outside the territory of Serbia

In connection with the use of Google ads, personal data is transferred to countries outside the territory of Serbia and the EEA. For more information, see Section 8 of this Privacy Policy.

Privacy Policy

Here you can find Google's privacy policy for the processing of personal data in connection with Google ads:
https://policies.google.com/privacy?hl=rs

(c) Microsoft Advertising

On our website, we use Microsoft advertising. Microsoft Advertising). The Microsoft Advertising Service is provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft").

Categories of personal data

The following data is processed in connection with the use of Microsoft advertising:

Your IP address
Information about your device
Search engine
Operating system

Purpose

We use Google ads to carry out ad campaigns for you, if you have previously visited our website, based on your searches. The Services allow us to combine our advertisements with certain keywords or, if you have already visited our website, for example, to advertise the services you have viewed on our website. This allows us to display interest-based ads on other websites within the Microsoft Search Network.

Legal basis

We base the processing of your personal data on the following legal bases:

Your personal data is processed on the basis of the consent you have given us in the Privacy Preference Center.
We process your personal data on the basis of Article 12 (1) (1) of the Act.
The use of Microsoft ads requires the setting of cookies. For this purpose, we will obtain your consent in accordance with Article 12 (1) (1) of the Act in the Privacy Preference Center. For more information about our cookies, see our Cookie Policy.

Storage period

In principle, we will only process your personal data for as long as it is necessary to achieve these purposes. For more information on the retention period, see Section 6 of this Privacy Policy.

Transfer of your data to countries outside the territory of Serbia

In connection with the use of Microsoft advertising, personal data is transferred to countries outside the territory of Serbia and the EEA. For more information, see Section 8 of this Privacy Policy.

Privacy Policy

You can find Microsoft's Privacy Policy for the processing of personal data in connection with Microsoft ads here:
https://about.ads.microsoft.com/en-us/policies/legal-privacy-and-security

5.4 SOCIAL NETWORKS

On our website we use pixels from social networks. The pixels are activated and your data are processed by social networks only after you have consented to the processing of personal data by social networks in the Privacy Preference Centre.

If you are registered as a user on a social network whose pixels we use, your visit to our website can be linked to your user account on that social network. We point out that social networks can then link the data collected about you via the pixels used on our website to other personal data from you even if you are not a user of the social network.

Please also note that social network providers may also process the personal data processed via the pixel for their own purposes. In addition, we may be jointly responsible with social network providers for certain processing activities.

In the case of joint controllership, we shall conclude an agreement with the social network provider on the processing of personal data under joint controllership.

Please see the Privacy Policies of the social networks, which we will indicate below.

Provider

ANDREAS STIHL AG & Co. KG
Badstraße 115
D-71336 Waiblingen

Telefon: +49 7151 26 -0
Email: info@stihl.de

Limited partnership with registered office in Weiblingen, HRA 260269, Stuttgart District Court

Partners with personal liability: Hans Peter Stihl and STIHL Aktiengesellschaft with registered office in Weiblingen, HRB 263772, Stuttgart District Court

The Executive Board of STIHL AG has the right to represent:

Michael Traub, Chairman of the Executive Board, Member of the Executive Committee for Marketing and Sales
Ingrid Jägerin, Member of the Executive Committee for Finance and IT
Anka Kleinschmit, Member of the Executive Committee for Research and Development
Dr. Michael Prochaska, Member of the Executive Board for Human Resources and Legal Affairs
Martin Schwarz, Member of the Executive Board for Production and Materials

Chairman of the Supervisory Board of STIHL AG: Dr. Nicholas Stihl
VAT identification number: DE 147330096

Privacy Policy

The following data protection information provides you with an overview of the type and scope of the processing of so-called personal data by STIHL. Personal data is information that can be directly or indirectly linked to you as a person.

Our social media channels are managed by:

ANDREAS STIHL AG & Co. KG
Badstraße 115
D-71336 Waiblingen

STIHL's Data Protection Officer can be contacted at the above address, for the Data Protection Department, or at datenschutz@stihl.de.

We will revise this privacy policy in the event of changes to this website or in other situations that make it necessary. The current version can always be found on this website. Therefore, you should visit this website regularly to be informed about the current status of the Privacy Policy.

(a) Facebook

When you visit our fan page, your profile information, as well as your visit information, will be processed by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, Ireland (hereinafter "Facebook Ireland"). It is a subsidiary of Meta Platforms Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. Facebook Ireland is responsible for the operation of the network in the EU. When you visit our fan page, your personal data will also be processed by Facebook Ireland for its own purposes, and the scope of the data processed depends on whether you have a Facebook account or not, and whether you are logged in or not; At the very least, your IP address will be processed. However, we are not completely transparent about what personal data Facebook Ireland processes and for what purposes, so we expressly note that you use Facebook Ireland at your own risk. All further information about the cookies used, other technologies, the purposes of processing, the storage period and your rights can be found in the Privacy Policies na Facebook Ireland.

When you visit our fan page, we process in particular information about user interactions (e.g. likes and comments), public profile information, demographic and statistical data, as well as data transmitted to us in the context of messages and comments.

According to the European Court of Justice (ECJ), we are jointly responsible for the processing of your personal data as the operator of the Facebook Ireland fan page. In particular, joint responsibility relates to the use of the "Facebook Insights" function, more specifically to the collection, storage and further processing of Insights data. Facebook Ireland is responsible for the data collection, STIHL only receives anonymized evaluations of the Insights data. STIHL is responsible for the operation of the Facebook fan page. Our company does not make any decisions about the processing of Insights data.

The use of your personal data for marketing purposes is a particular priority for Facebook. We use the statistical function to find out more information about visitors to our fan page. The use of this function allows us to tailor our content to a respectable target group. In this way, we also use demographic data about the age and origin of the users, for example, although no personal reference is possible for us here.

The parties have concluded a contract of joint liability.https://www.facebook.com/legal/terms/page_controller_addendum). For the processing of Insights data, it has been agreed that Facebook Ireland undertakes to protect the rights of the data subject and the necessary information obligations in accordance with Articles 13 and 14 of the GDPR. Both Facebook Ireland and STIHL can rely on data protection rights. We will forward all requests from the data subject relating to the processing for which Facebook Ireland is responsible. You can file a complaint on Facebook here.

The processing of personal data of visitors to our Facebook fan page is carried out on the basis of our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our legitimate interest is to ensure communication with our customers and to inform them about news related to our products.

Certain processing, such as correspondence with the customer, is managed by companies in the STIHL Group. For this reason, data is regularly transferred within the group of companies. As a rule, the transfer takes place on the basis of an order processing contract. In other cases, for example for the analysis of statistical aggregated data for market research purposes, Article 6 (1) (f) GDPR constitutes the legal basis for the transfer, whereby our legitimate interest lies in the efficient design of our processes and offers.

Otherwise, the data will only be transferred if this is necessary for the fulfilment of the above-mentioned purpose, for example in the context of the management of our channel by a duly commissioned agency.

We would like to point out that the data processed when using social platforms and networks may, under certain conditions, be processed outside the European Economic Area. In these cases, we guarantee that an adequate level of data protection comparable to EU standards is established at the recipient's location before the transfer of your personal data. This can be achieved, for example, through contracts according to EU standards or binding corporate rules or special conventions to which the company adheres. To the extent that you access the Facebook Pages and interact with the Facebook Apps, Meta Platforms Ireland Limited has access to your data. It is also possible that Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA has access to your data. Meta Platforms, Inc. is located in a third country. The following agreement has been entered into between Meta Platforms Ireland Limited and us: https://www.facebook.com/legal/EU_data_transfer_addendum.

In order to achieve an adequate level of data protection, Meta Platforms Inc. and Meta Platforms Ireland Limited have also reached an agreement on the European Commission's Standard Contractual Clauses: https://www.facebook.com/legal/EU_data_transfer_addendum. Meta Platforms, Inc. ("Meta") has also certified its participation in the EU-U.S. data privacy framework with the U.S. Department of Commerce.

(b) Instagram

When you visit the Platform, your profile information, as well as your visit information, will be processed by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin, Ireland (hereinafter referred to as "Facebook Ireland"). This company is part of the American parent company Meta Platforms Inc., Willow Road 1601, Palo Alto, Menlo Park, CA 94025, USA. Facebook Ireland also processes your personal data regardless of whether you have an Instagram account or not, whether you are logged in or not, and at least your IP address is processed. However, we are not completely transparent about what personal data Facebook Ireland processes and for what purposes, so we expressly note that you use Facebook Ireland at your own risk. All further information about the cookies used, other technologies, the purposes of processing, the storage period and your rights can be found on Instagram Privacy Policies.

We process the data of visitors to our profile, in particular information about user interactions (e.g. likes and comments), public profile information, demographic and statistical data, as well as data transmitted to us in the context of messages and comments. You can object to the processing of data on Instagram here.

We use the statistical function to find out more information about our profile visitors. Demographic and statistical data in the context of so-called "insight" data help us to tailor our content to the respective target group. For us, this is aggregated data, personal reference is not possible.

The processing of personal data of visitors to our Instagram account is carried out on the basis of our legitimate interest in accordance with Article 6 (1) (f) of the GDPR. Our legitimate interest is to ensure communication with our customers and to inform them about news related to our products.

We would like to point out that the data processed when using social platforms and networks may, under certain conditions, be processed outside the European Economic Area. In these cases, we guarantee that an adequate level of data protection comparable to EU standards is established at the recipient's location before the transfer of your personal data. This can be achieved, for example, through contracts according to EU standards or binding corporate rules or special conventions to which the company adheres. To the extent that you access the Facebook Pages and interact with the Facebook Apps, Meta Platforms Ireland Limited has access to your data. It is also possible that Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025, USA has access to your data. Meta Platforms, Inc. is located in a third country. Meta Platforms Ireland Limited and we have contracted a Facebook add-on for the transfer of European data: https://www.facebook.com/legal/EU_data_transfer_addendum.

In order to achieve an adequate level of data protection, Meta Platforms Inc. and Meta Platforms Ireland Limited have also reached an agreement on the European Commission's Standard Contractual Clauses. Meta Platforms, Inc. ("Meta") has also certified its participation in the EU-U.S. data privacy framework with the U.S. Department of Commerce. This certification is related to the processing of personal data.

(c) LinkedIn

When you visit the Platform, your profile information, as well as your visit information, will be processed by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter referred to as "LinkedIn"). On this occasion, your personal data will be processed, regardless of whether you have a LinkedIn account or not, and whether you are logged in or not. However, we are not completely transparent about what personal data LinkedIn processes and for what purposes, so we expressly note that you use LinkedIn at your own risk. Any further information about the cookies used, other technologies, the purposes of processing, the storage period and your rights can be found at Privacy Policies LinkedIn-a.

We process the data of visitors to our profile, in particular information about user interactions (e.g. likes, reactions, shares and comments), public profile information (e.g. position, employer), statistical data, as well as data transmitted to us in the context of messages and comments.

The use of your personal data for marketing purposes is a particular priority for LinkedIn. We only use the statistical function to obtain information about our profile and how users interact with it. For example, this data provides us with information about visits to our profile, demographic information about followers and visitors, or information about the performance of updates. However, all this data is purely statistical for us, it is not possible to provide it to individuals.

The processing of personal data of visitors to our LinkedIn profile is carried out on the basis of our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our legitimate interest is to ensure communication with our customers, to represent our company as an employer and to keep you informed of news from our company.

You can object to the processing of data by LinkedIn here.

STIHL is jointly responsible with the platform operator for the data you provide as a platform user and has entered into a corresponding contract with the platform: https://legal.linkedin.com/pages-joint-controller-addendum.

We would like to point out that the data processed when using social platforms and networks may, under certain conditions, be processed outside the European Economic Area. In these cases, we guarantee that an adequate level of data protection comparable to EU standards is established at the recipient's location before the transfer of your personal data. This can be achieved, for example, through contracts according to EU standards or binding corporate rules or special conventions to which the company adheres. According to LinkedIn, the data is shared in the context of archiving communications with third parties for the provision of services, LinkedIn-affiliated companies, corporate transactions, for legal disclosure, whereby more information can be found at https://de.linkedin.com/legal/privacy-policy?#share . To the extent that the data is processed outside the EU in unsafe third countries, LinkedIn's current standard contractual clauses of the European Commission are used, see also https://www.linkedin.com/help/linkedin/answer/a1343190?trk=microsites-frontend_legal_privacy-policy&lang=en-us&intendedLocale=en. For more information on the Data Privacy Framework, see https://www.linkedin.com/help/linkedin/answer/a1343190?trk=microsites-frontend_legal_privacy-policy&lang=en-us&intendedLocale=en.

(d) YouTube

When you visit the Platform, your profile information, as well as your visit information, will be processed by Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google"). It is a subsidiary of Google Inc., 1600 Amphitheatre Parkway in Mountain View, California 94043, USA. The data is also processed if you do not have a Google account or are not logged in with the same, at least an IP address. However, we are not completely transparent about what personal data YouTube processes and for what purposes, so we expressly note that you use YouTube at your own risk. Any further information about the cookies used, other technologies, the purposes of processing, the storage period and your rights can be found on Google Privacy Policies.

We process the data of visitors to our account, in particular information about user interactions (e.g. likes and comments), username, as well as demographic and statistical data.

The use of your personal data for marketing purposes is a particular priority for Google. We use the statistics function to find out more information about our viewers. We gain insight into the performance of our videos and demographic data about our viewers. For us, this is purely statistical data, personal reference is not possible.

The processing of personal data of visitors to our YouTube account is carried out on the basis of our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our legitimate interest is to ensure communication with our customers, to present our company to the outside world and to promote our product range.

You can object to the processing of your data by Google here.

6 STORAGE PERIOD

We will only keep your data for as long as it is necessary to provide our services, in particular our website, or for as long as we have a legitimate interest in keeping your data. The retention period of your personal data depends primarily on the category of personal data being processed and the purpose of the processing. For the storage of your data, your consent to its storage is also taken into account.

We also comply with statutory retention periods, which may oblige us to store your data for a certain period of time. Your data will therefore be stored if required by applicable regulations, laws or other provisions that we are obliged to comply with. Appropriate requirements are also to be found in particular in commercial and tax legislation, or arise from ordinary statutory limitation periods.

In the event of a legal dispute, we will store the personal data we need for our legal defense until the final conclusion of the proceedings.

For further information about the retention period, please contact us using the contact details provided in Section 1 of this Privacy Policy.

7 RECIPIENTS OF YOUR PERSONAL DATA

7.1 RECIPIENTS WITHIN THE STIHL GROUP

In certain situations, we share your personal data with other companies in the STIHL Group. These STIHL companies regularly carry out processing on our behalf. The processing of your personal data may also be carried out in such a way that the sole controller is the STIHL company that receives your data, or in such a way that this company is a joint controller with us.

If we share your personal data with other controllers, we will in principle only do so if this is necessary for the performance of a contract concluded with you, if we or a third party have a legitimate interest in doing so or if you have given your consent to do so.

The processing of your personal data by another STIHL company on our behalf is carried out on the basis of a data processing agreement on behalf of the controller within the meaning of the Act and the GDPR.

In the case of the existence of joint controllers, we will conclude an agreement between joint controllers to regulate the processing. This agreement will regulate, among other things, the obligations of the joint controllers in relation to compliance with the requirements of the Act and the GDPR. We will be happy to share with you the basic elements of this agreement upon your request. For this purpose, please contact us using the contact details in section 1 of this Privacy Policy.

7.2 RECIPIENTS OUTSIDE THE STIHL GROUP (THIRD PARTIES)

In addition to recipients within the STIHL Group, we also share your personal data with third parties, in connection with individual processing operations and in compliance with data protection requirements. These third parties include service providers who process your personal data on our behalf, as well as service providers who provide us with services related to the processing of your personal data. The processing of your personal data may also be carried out in such a way that the third parties receiving your data are the sole controllers, or in such a way that they are joint controllers with us.

If we share your personal data with other controllers, we will in principle only do so if this is necessary for the performance of a contract with you, if we or a third party have a legitimate interest in doing so, or if you have given your consent to do so.

In connection with the processing of your personal data, we use the following categories of service providers:

IT Service Providers (Data Hosting Service Providers)
Support (customer support)
Lawyers, accountants and tax advisors
Providers of advertising applications or applications to improve the user experience

We will also forward your data to authorities and courts in cases where we are obliged to do so by law, GDPR or the laws of EU member states.

The processing of your personal data by third parties on our behalf is carried out on the basis of a data processing agreement on behalf of the controller, within the meaning of the Act and the GDPR.

In the case of the existence of joint controllers, we will conclude an agreement between joint controllers to regulate the processing. We will be happy to share with you the basic elements of this agreement upon your request. For this purpose, please contact us using the contact details in the specified section 1 of this Privacy Policy.

8 TRANSFER OF YOUR PERSONAL DATA TO COUNTRIES OUTSIDE THE TERRITORY OF THE REPUBLIC OF SERBIA

Regardless of where your personal data is processed, our top priority is to always ensure the level of protection guaranteed by the law and the GDPR

In cases where we transfer personal data to recipients outside the territory of the Republic of Serbia, we act in accordance with the requirements of Chapter V of the Law and the GDPR. In cases where we cooperate with third parties or use service providers who may transfer your personal data to countries outside the territory of the Republic of Serbia, we will oblige these third parties or service providers to comply with the requirements of Chapter V of the Law.

Please note that not all countries outside the territory of Serbia provide a level of data protection that the Government of Serbia has determined to be adequate (the so-called "adequacy decision"). A list of countries in which an adequate level of protection of personal data is considered to be ensured can be found at the following link: Adequacy decisions (poverenik.rs).

Where an adequacy decision has not been taken, we endeavour to comply with all relevant conditions and take all necessary measures to provide appropriate safeguards in relation to the processing of your personal data and to ensure an adequate level of protection, including, for example, concluding standard contractual clauses adopted by the Commissioner for Information of Public Importance and Personal Data Protection of the Republic of Serbia. If necessary, in addition to concluding standard contractual clauses, we will take additional measures to protect your personal data.

You can always request an overview of recipients in countries outside the territory of the Republic of Serbia and information about the measures we have taken to ensure the level of protection in accordance with the Law and the GDPR through the contact details provided in section 1 of this Privacy Policy.

9 YOUR RIGHTS AND EXERCISING YOUR RIGHTS

If you wish to exercise your rights listed below, you can contact us informally at any time through the means of communication specified in this Privacy Policy. You can contact us, as well as our Data Protection Officer, by email and other means of communication using the contact details provided in Section 1 of this Privacy Policy.

9.1 RIGHT OF ACCESS

You have the right to obtain information about whether personal data relating to you is being processed. If we process personal data relating to you, you have the right of access to personal data and certain information prescribed by law. For more information on your right of access, see Article 26 of the Law.

9.2 RIGHT TO RECTIFICATION

You have the right to have inaccurate personal data relating to you rectified without undue delay. Depending on the purpose of the processing, you have the right to have incomplete personal data completed. For more information on your right to rectification, see Article 29 of the Law.

We always strive to ensure the accuracy of your personal data. In this regard, please inform us of any changes to your data (such as changes of address) without undue delay, in order to ensure that your personal data is up to date.

9.3 RIGHT TO ERASURE

If legal requirements are met, you have the right to have your personal data erased without undue delay. This is especially the case when:

your personal data is no longer necessary for the purpose for which it was collected or otherwise processed;
the processing of your personal data is based on consent and you revoke this consent, whereby there is no other basis for the processing;
object to the processing of your personal data for reasons relating to the particular situation in which you find yourself, and there is no overriding basis for the processing of your personal data;
If your personal data has been transferred to third parties and we have an obligation to delete it, we will inform those third parties of the obligation to delete it, if required by law.

Please note that your right to erasure is subject to restrictions. For example, we are not authorized to delete personal data in respect of which we are legally obliged to keep it further. You also cannot exercise the right to erasure with regard to the data that we need to establish, exercise or defend legal claims. For more information on your right to erasure, see Article 30 of the Act.

9.4 RIGHT TO RESTRICTION OF PROCESSING

If the legal requirements are met, you have the right to restrict the processing of your personal data. This is especially the case when:

Dispute the accuracy of your personal data. The processing of your data will be limited for a period that allows us to verify the accuracy of your personal data;
the processing of your personal data is unlawful, and instead of erasure, you request the restriction of the use of your personal data;
we no longer need your personal data to achieve the purpose of the processing, but you need them in order to establish, exercise or defend a legal claim;
You have objected to the processing of your personal data for reasons relating to the particular situation in which you find yourself, and an assessment is underway as to whether our legitimate interest in processing outweighs your interests.

For more information about your right to restriction of processing, see Article 31 of the Law.

9.5 RIGHT TO DATA PORTABILITY

You have the right to receive the personal data that you have provided to us and that we process for the performance of a contract, on the basis of your consent or by automated means, in a structured, commonly used and electronically readable format. You also have the right, if the above conditions are met, to request that we transmit this data directly to a third party, where technically feasible. For more information about your right to data portability, see Article 20 of the Law.

9.6 REVOCATION OF CONSENT

If you have consented to the processing of your personal data, you can revoke your consent to further processing at any time. The revocation of consent does not affect the permissibility of the processing that was carried out on the basis of consent before the revocation.

9.7 RIGHT TO LODGE COMPLAINTS WITH THE COMPETENT AUTHORITIES FOR THE PROTECTION OF PERSONAL DATA

If you believe that the processing of your personal data is contrary to the applicable data protection laws, you have the right to lodge a complaint with the competent data protection authority, in particular the competent data protection authority of your habitual residence, place of work or place of the alleged violation of the law. In Serbia, it is the Commissioner for Information of Public Importance and Personal Data Protection (https://www.poverenik.rs/en/).

9.8 RIGHT TO OBJECT TO PROCESSING

The right to object to the processing of your personal data in cases where the basis for the processing is a legitimate interest

In cases where we process data on the basis of a legitimate interest, you can object to the processing at any time, for reasons relating to the particular situation in which you find yourself. We will then no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims. We assume that, when processing is carried out on the basis of a legitimate interest, we will generally be able to present such compelling legitimate reasons, but we will consider and assess each objection on a case-by-case basis.

For more information on your right to object, see Article 37 of the Law.

10 CHANGES TO THIS PRIVACY POLICY

In this Privacy Policy, we always provide you with up-to-date, complete and, in principle, final information on the processing of your personal data in connection with our website. This requires regular updates to this Privacy Policy. Therefore, we encourage you to check this Privacy Policy on a regular basis.