Data Protection Declaration FOR WEBSITE WWW.STRATEC.COM

1. Object of this Privacy Notice

STRATEC SE and all its group companies, collectively referred to hereinafter as “STRATEC”, is delighted by your interest in our internet presence and the offerings available on our websites. Protecting your personal data (hereinafter “data”) is an absolute priority for us. In this Privacy Notice, we inform you, as the user of our online offering, about which data are collected when you visit our websites and, if applicable, use the respective offerings, such as the contact form, and about how we subsequently process or use this data. We also inform you about the accompanying technical and organizational safeguards we have introduced to protect this data.

This Privacy Notice is regularly reviewed to ensure that it is up to date and accurate and may therefore be subject to amendment. The date of the most recent update can be found in the footer of this Privacy Notice. We recommend you to visit this page regularly to ensure that you are informed of any potential updates.

2. Responsible body and data protection officer

The responsible body within the meaning of the General Data Protection Regulation (GDPR) is STRATEC, cf. our legal notice. Any questions or comments regarding this Privacy Notice, or concerning data protection in general, should be addressed to the data protection officer or the data protection organization at STRATEC. This can be reached at the following e-mail address: datenschutz@stratec.com.

3. Processing, purposes and legal basis for processing your personal data

When you draw on our online offering, STRATEC processes your data as set out below:

a) Use of websites

When you use STRATEC’s websites, due to technical reasons your browser communicates specific data to our web server. For security reasons (e.g. investigation of abuse or fraudulent actions), the information in the log files is stored for a maximum duration of seven days and subsequently deleted. Data requiring further storage for documentary purposes is excluded from deletion through to definitive clarification of the respective matter. Furthermore, terminals and browsers may automatically transfer information and data.

These involve the following data (known as server log files):

  • IP address (anonymized)
  • Date and time of inquiry
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of request (specific page)
  • Operating system and its access status / HTTP status code
  • Volume of data transferred
  • Website from which the request comes (“referrer URL”)
  • Browser, language, and version of browser software

These data and information are processed for the following purposes:

  • To enable the visit to the websites
  • To enhance and accelerate the presentation of the websites
  • To adapt the contents and information offered on the websites to target groups
  • To design the websites in line with users’ preferences.

Furthermore, these data are processed to ensure compliance with our terms of use, to assert or avert legal claims, and to defend against and prevent any fraudulent or similar actions, including any attacks on our IT infrastructure.

The legal basis for this processing is the protection of STRATEC’s legitimate interests as the operator of the website (Art. 6 (1) lit. f GDPR).

b) Newsletter and contact form

Via our website, you can register to receive a newsletter that is sent at regular intervals and reports on the Investor Relations department. Furthermore, by using a contact form you have the possibility of sending a message to us. STRATEC processes the data you input via the registration or contact form, e.g. contact information such as your first name, your surname, and your e-mail address, as well as the data forming the object of the respective message. These data are processed for the purpose of providing the information requested or our newsletter and of adapting and preparing the information we provide in accordance with the needs of specific target groups.

For newsletter registration, STRATEC uses the double opt-in procedure, i.e. we will only send the newsletter to you if you have previously confirmed your registration by clicking the link contained in a confirmation e-mail sent to you for this purpose. You may at any time cancel any newsletter of ours to which you have subscribed. To do so, you may either send an informal e-mail to info@stratec.com or deregister by clicking the link at the end of the newsletter. If you withdraw your consent, we discontinue processing of the corresponding data.

The legal basis for processing your personal data in connection with the newsletter and the contact form is your consent (Art. 6 (1) lit. a GDPR) or a legitimate interest on the part of STRATEC SE (Art. 6 (1) lit. f GDPR).

c) Applications

We also process personal data in the applicant management system integrated into our website, Details of this processing can be found in the privacy notice in that system.

d) Business partners

In cooperating with business partners, STRATEC processes the data of its contact partners at customers, suppliers and partners (“business partners”). Further details about this can be found in the relevant specific privacy notice:  https://www.stratec.com/supplier

e) Social media plugins

We have currently integrated the following social media plugins on our website: LinkedIn, XING, Instagram, and YouTube. By default, these plugins are inactive when you visit our website, meaning that no personal data are initially processed.

The relevant plugin is only activated if you click on the logo of the respective provider and thus consent to the following data being transferred to the respective provider and then correspondingly processed by the provider:

  • Address of the website on which the activated link is located
  • Date and time at which the website is called up and the link activated
  • Information about the browser and operating system used
  • IP address

If you are a member of one of the listed social networks and logged into the corresponding social network when you visit our website, the provider may be able to allocate the data collected from the website visit to your personal user account. As the plugin provider particularly performs the data collection by using cookies, should you wish such information not to be transferred to the social media provider we recommend that you log out of the respective social network before activating the social media button and that you delete all cookies via the security settings in your browser.

If you activate the link to a social plugin, your personal data may be transferred to providers in countries outside the European Economic Area that, from the perspective of the European Union (“EU”), do not guarantee “adequate protection” meeting EU standards for the processing of personal data. Please consider this before clicking on a link or activating a social plugin and thereby triggering the transfer of your data.

You can find further information about the use of your data by the social media integrated into our website in the privacy notices of the respective social media providers:

  • LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA.

Privacy notice: https://www.linkedin.com/legal/privacy-policy

  • XING: Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany; further information on privacy: http://www.xing.com/privacy
  • Instagram: Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy notice: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

  • YouTube (third-party provider of Google Inc.): Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA

Privacy notice: https://policies.google.com/privacy

f) Google Ads

We use the “Google Ads” online advertising program on our websites and, in this context, also use conversion tracking. Google’s conversion tracking is an analytical service offered by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”“). If you click on an advert placed by Google, a conversion tracking cookie with a limited validity of 30 days is deposited in your computer. This does not include any information enabling the user to be personally identified as the IP addresses are anonymized. If you visit certain pages on our website and the cookie has not yet expired, both Google and we can recognize that you clicked on the advert and were forwarded to this page. Each Google Ads customer receives a different cookie. It is therefore not possible for cookies to be tracked via the websites of Ads customers.

The information obtained with the assistance of the conversion cookie serves to compile conversion statistics. This way, we find out the total number of users who clicked on our adverts and were forwarded to a page with a conversion tracking tag. However, we do not receive any information with which we could personally identify users.

If you would prefer not to participate in tracking, you can block this use by deactivating the Google conversion tracking cookie in the user settings in your internet browser. We would nevertheless point out that, in this case, you may not be able to fully utilize all functions of this website. You will then not be included in the conversion tracking statistics. Furthermore, you can deactivate personalized adverts for you in the advertising settings at Google. Guidelines for this can be found at https://support.google.com/ads/answer/2662922?hl=de.

Furthermore, you can deactivate the use of cookies by third-party providers by calling up the deactivation page of the Network Advertising Initiative at https://www.networkadvertising.org/choices and implementing the opt-out information presented in greater detail there.

You can find further information and Google’s privacy notice at: https://www.google.de/policies/privacy.

g) Web analysis

Keeping our website up to date and making it more user friendly are important to us. This requires us to evaluate the use of our website and compile reports on activities within our website.

STRATEC deploys “Matomo”, an open source tool, on its website for web analysis purposes. If you visit our website, Matomo is initially deactivated. Only if you actively provide your consent will your user behavior be recorded on an anonymous basis. Matomo uses cookies, i.e. text files which are stored on your computer and facilitate analysis of the website use. The information generated by the cookie on your use of this website is transferred to the server of our website hosting provider Bartenbach AG (An der Fahrt 8, D-55124 Mainz) and stored there. Your IP address is immediately anonymized, meaning that you as the user remain anonymous. The information generated by the cookie on your use of this website is not transferred to third parties.

If you have provided your consent via our banner, the processing of data is performed on the basis of your consent pursuant to § 25 (1) of the German Telecommunications and Digital Services Data Protection Act (TTDSG) and Art. 6 (1) lit. a GDPR. You may withdraw your consent at any time. Please click the appropriate settings via our banner.

Further information about Matomo’s terms of use and its privacy notice can be found at: https://matomo.org/privacy/

4. Recipients and forwarding of data

If and to the extent that such transfer is required, your data will forwarded for the aforementioned purpose to:

  • Group companies of STRATEC SE,
  • Other recipients, such as service providers who process personal data in connection with performing services for STRATEC (e.g. hosting or IT maintenance and support services), or
  • Third parties in connection with fulfilling statutory obligations or for establishing, exercising, or defending rights or claims or in connection with company transactions (e.g. for court and arbitration proceedings, to criminal prosecution and supervisory authorities, to attorneys and consultants).

5. Data transfer to third countries

In some cases, we transfer personal data to a third country outside the EU. We have taken due care in each case to ensure an adequate level of protection:

In the case of Google Ads (USA), an adequate level of protection can be inferred from the adequacy decision adopted by the European Commission on the EU-U.S. Data Privacy Framework and the corresponding participation of Google LLC (Art. 45 (1) GDPR).

6. Use of cookies

We use cookies technology for our internet presence. Cookies are small text files that, when you visit our websites, are sent by our web server to your browser and stored by your browser on your computer for subsequent retrieval.

We only use session cookies (also known as temporary cookies), i.e. cookies that are exclusively cached for the duration of your use of one of our websites. These cookies serve the purpose of enabling us to continue identifying your computer during your visit to our website when you switch from one of our websites to another of our websites and to determine the end of your visit. The legal basis is provided by Art. 6 (1) lit. a) GDPR.

The cookies are deleted once you end your browser session.

You can determine whether cookies are set and retrieved by amending your browser settings. In your browser, you can, for example, fully deactivate the storage of cookies, limit this to specified websites, or configure your browser such that it automatically informs you if a cookie is to be set and requests your feedback. Due to technical reasons, however, it is necessary to allow the session cookies referred to above if you wish to benefit from the full functionality of our website.

We do not collect or store any personal data in cookies in this context. We also do not deploy any technologies to link the information produced by cookies to any user data.

7. Data security

We also deploy technical and organizational measures to protect incoming or collected personal data, particularly against accidental or intentional manipulation, loss, destruction, or attacks by unauthorized persons. Our security measures are continually enhanced in line with technological developments.

8. Your rights as user

The GDPR grants specific rights to you as the website user in connection with the processing of your personal data:

a) Right to withdraw consent and object (Art. 21 DSGVO)

If data is collected on the basis of Art. 6 (1) lit. f) GDPR (data processing to protect legitimate interests), you have the right to object, on grounds relating to your particular solution, at any time to this processing. We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims.

If you have provided us with your consent for data protection purposes, you may at any time withdraw this consent with future effect.

b) Right of access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether personal data concerning you are being processed. Where that is the case, you have the right to access the personal data and the information listed in detail in Art. 15 GDPR.

c) Right to rectification and erasure
(Art. 16 and Art. 17 GDPR):

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, if applicable, to have incomplete personal data completed.

You also have the right to obtain the erasure of personal data concerning you without undue delay if one of the individual grounds listed in Art. 17 GDDR applies, e.g. if the data are no longer required for the purposes for which they were collected.

d) Right to restriction of processing (Art. 18 GDPR)

You have the right to obtain restriction of processing where one of the conditions listed in Art. 18 GDPR is met, e.g. for the duration of any verification if you have objected to processing.

f) Right to data portability (Art. 20 GDPR)

In specific cases listed in detail in Art. 20 GDPR you have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format and to request transmission of these data to a third party.

g) Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes data protection requirements. The right to lodge a complaint may be exercised in particular in the member state of your habitual residence, your place of work, or the place of the alleged infringement.

 

Status: January 2025