STIHL Digital Platform Privacy Policy
As at: 18.10.2022
Market: Malta
We are pleased to inform you about the processing of your personal data in this Privacy Policy. Below,
you will find information on how we process your personal data, the reasons why we process your
personal data, and the data subject rights you have in this regard.
If you would like further information not contained in this Privacy Policy, you can contact us and our Data
Protection Officer at any time via the contact details stated in section 2 of this Privacy Policy.
1 PRIVACY POLICY SCOPE
In this Privacy Policy, we will inform you about the processing of your personal data in
connection with the STIHL Digital Platform and the applications and services offered on the
STIHL Digital Platform ("Solutions"). You can access our Solutions via the STIHL Digital
Platform. To use the STIHL Digital Platform and Solutions, you first need to register and create
a user account ("STIHL Account").
In order for you to obtain relevant information quickly and clearly, we have set this Privacy Policy
out into individual chapters. We will inform you about the processing of your personal data (and
in addition to the relevant processing as set out below) in connection with the STIHL Digital
Platform and the Solutions as follows:
• STIHL Digital Platform: For information about theprocessingassociated with the access
and usage of the STIHL Digital Platform, please refer to section 4 of this Privacy Policy
• STIHL Account: For information about the processing associated with your STIHL
account, please refer to section 5 of this Privacy Policy.
In this Privacy Policy, we inform you about the processing of your personal data in line with the
requirements of the European General Data Protection Regulation ("GDPR", Regulation (EU)
2016/679 of the European Parliament and of the Council)
We will inform you about the processing of your personal data relating to the web addresses
(Uniform Resource Locator, "URL") you access. Should you access the STIHL Digital Platform
or the Solutions via a URL that is intended to serve a different country and its legal requirements
(i.e. you, as an example, instead of accessing the STIHL URL ending in “co.uk”, access a STIHL
URL ending in “.de”) may end up not being informed in accordance with applicable local legal
requirements. For data protection reasons, we do not determine your place of residence
("localisation") to determine the law applicable to you.
2 CONTROLLER AND DATA PROTECTION OFFICER
2.1 Controller
The Controller under data protection law decides on the purposes and means of processing
your personal data and ensures compliance with the data protection regulations. If multiple
controllers decide together the purposes and means of processing, these controllers are jointly
responsible for the processing, which is referred to joint controllership.
The following joint controllers process your personal data in connection with the STIHL Digital
Platform and the Solutions:
STIHL direct GmbH ("STIHL direct")
Postal address: Badstr. 115, 71336 Waiblingen, Germany
Email: info@stihl.de
District Court of Stuttgart, HRB 773503, VAT ID No. DE329143527
and
ANDREAS STIHL AG & Co. KG ("ANDREAS STIHL")
Postal address: Badstr. 115, 71336 Waiblingen, Germany
Email: info@stihl.de
Limited partnership: District Court of Stuttgart, HRA 260269
STIHL Aktiengesellschaft: District Court of Stuttgart, HRB 263722
VAT ID No. DE147330096
(together "we", "us").
We have an agreement in place with one another relating to our joint processing of your personal
data.
We may share your personal data with companies who are part the STIHL Group, and
companies outside the STIHL Group. These companies may process your personal data being
a separate and independent controller (meaning processing the personal data for their own
means and purposes) or as a data processor.
2.2 Data Protection Officer
STIHL direct and ANDREAS STIHL have a joint Data Protection Officer. You can reach the Data
Protection Officer by post at the addresses specified above for the controllers, addressed to "zu
Hd. Abteilung Datenschutz" or email to privacy_dpo@stihl.com.
3 GENERAL INFORMATION ON THE PROCESSING OF YOUR PERSONAL
DATA
3.1 Processing of your personal data
When we use the term “personal data” in this Privacy Policy, we mean all information that relates
to you.
Personal data includes, for example, your name, email address or postal address. Your personal
data also includes all data that is linked or relates to you, such as data that will be processed
when you use the Solutions. Data that does not relate to you we shall refer to as non-personal
or anonymous data. The data protection regulations and this Privacy Policy do not apply to such
data.
For example, by processing your personal data, we mean its collection, storage or erasure.
3.2 Legal basis for processing (overview)
We process your personal data only if we can base the processing on a legal basis or if such is
lawful in accordance with the applicable data protection regulations, i.e. that the processing is
permissible within the scope of the law. In the context of the GDPR, we base the processing of
your personal data for the most part on the following legal bases:
• The processing of your personal data is necessary for the fulfilment of a contract with
you or for the implementation of pre-contractual measures that take place at your
request (Article 6 (1) (b) GDPR).
• You have given us your clear consent to the processing of your personal data for one
or more specific purposes (Article 6 (1) (a) GDPR).
• The processing of your personal data is necessary to fulfil a legal obligation (Article 6
(1) (c) GDPR).
• The processing is necessary for the purposes of the legitimate interests pursued by us
or by a third party, except where such interests are overridden by the interests or
fundamental rights and freedoms of you which require protection of your personal data
(Article 6 (1) (f) GDPR).
Further information on the processing we undertake and the relevant lawful basis on which we
process your personal data, can be found below in this Privacy Policy.
3.3 Personal data we process
We process the personal data that you provide to us, that we collect (automatically), and that
we receive from third parties.
You are not obligated to provide us with your personal data. However, the processing of certain
personal data may be necessary to enable us to offer you the STIHL Digital Platform and the
Solutions.
Personal data you provide to us
We process the personal data you provide to us. For example, when you call or contact us and
provide us with certain personal data in this way. You can provide us with further personal data
when you select certain settings or configure a Solution according to your needs. We collect
and process this data to enable you to use the STIHL Digital Platform and Solutions. If you do
not provide us with certain information, the use or functionality of the STIHL Digital Business
Platform and Solutions may in part stop or be impaired.
Personal data we collect
We collect certain personal data automatically and process it when you use the STIHL Digital
Platform and the Solutions. This includes, for example, data such as your IP address, certain
login data and data that will be processed so that we can technically provide you with the STIHL
Digital Platform and the Solutions.
Personal data we receive from third parties
In some cases, we receive your personal data from indirect sources – i.e. not directly from you.
This may be the case, for example, if personal data about you is provided to us by third parties.
We work with companies that provide services to us and who in turn provide us with personal
data about you. These include, for example, payment service providers or providers of “app
stores” through which you can purchase our Solutions.
4 General processing - STIHL Digital Platform
4.1 Visiting the STIHL Digital Platform website
When accessing our website, the browser used on your device automatically sends information
to the server of our website and temporarily saves it in a ‘log file’.
If you would like to be informed about the cookies used by us on our website, you can find more
information here (https://app.stihl.com/en-mt/legal/cookie-notice).
Categories of personal data
The following information will be processed when the website is accessed:
• The IP address of the requesting Internet-enabled device;
• The date and time, and time of access;
• The name and URL of the retrieved file;
• The website/application from which access was made (referrer URL); and
• The browser you are using and, if applicable, the operating system of your Internetenabled computer and the name of your access provider.
Purpose
The processing of your personal data serves the following purpose(s):
• ensuring a smooth connection;
• ensuring a comfortable use of our website/application; and
• evaluating system security and stability.
Legal basis
The legal bases we rely on for the processing of your personal data are as follows:
• The website is accessed during the initiation or execution of a contract.
We process your personal data based on Article 6 (1) (b) GDPR.
• The processing of your personal data is necessary to enable you to access the website
and to ensure the performance, consistent functionality and security of our website and
systems.
We process your personal data based on Article 6 (1) (f) GDPR.
It is in our legitimate interest to ensure the performance, consistent functionality and
security of our website and systems.
4.2 Support and Communication
If you have any questions or if you cannot use STIHL Digital Platform and the Solutions as we
have described, you may contact us at any time by email, post, telephone, via contact forms or
by other means. We shall usually respond to you through the medium through which you
initiated contact.
In certain cases, we shall contact you independently, in particular to provide you with important
information about the STIHL Digital Platform and the Solutions. This is usually done by email.
Should you subscribe to the STIHL Group's newsletter, then we shall provide you with further
information regarding the processing of your personal data in relation to this subscription.
Categories of personal data
The following personal data will be processed when communicating with you:
• your contact details such as telephone number or email address;
• any personal data as part of communicating with you, including, where applicable,
telephone conversations with you;
• data relating to your request or concerns, such as the subject of your request or our
communication with you; and
• the data necessary to clarify your request.
Purpose
The processing of your personal data serves the following purpose(s):
• communicating with you when you have raised questions with us about the STIHL
Digital Platform or the Solutions, with a request for support or with other concerns;
• handling and responding to your enquiries and concerns;
• communicating with you outside of enquiries and concerns, for example, for information
purposes or for the fulfilment of legal or contractual obligations;
• should we record telephone calls, this is done for quality assurance and training
purposes; and
• improving our support.
Legal basis
When we communicate with you, we rely upon different legal bases, depending on the
background of the communication. The following shall apply:
• The communication with you and our support and performances within the scope of the
support are required to fulfil the contract for STIHL Digital Platform or the Solutions or
to conclude a contract for the use of STIHL Digital Platform or Solutions.
We base the processing on the legal basis of Article 6 (1) (b) GDPR.
• Communication with you is necessary to ensure the security and functionality of the
STIHL Digital Platform or Solutions. This also means that we will further develop the
STIHL Digital Platform or Solutions based on your feedback and experience. If
necessary, we will ask for your opinion and assessment of our offers and services.
We base the processing on the legal basis of Article 6 (1) (f) GDPR.
It is in our legitimate interest to further develop our offers and services for you and to
improve your usage experience of the STIHL Digital Platform and Solutions.
• We provide you with certain support services outside of an existing contractual
relationship.
We base the processing in connection with our support, which we provide to you outside
of an existing contractual relationship, on the legal basis of Article 6 (1) (f) GDPR. We
have a legitimate interest in assisting you with questions about our offers and services
and ensuring the satisfaction of our (former and future) customers.
• For certain processing of your personal data, we will obtain your consent in accordance
with Article 6 (1) (a) GDPR, to the extent this is necessary.
This applies in particular to the recording of telephone calls.
4.3 Product development and statistical analysis
We process certain personal data in order to improve and further develop the STIHL Digital
Platform, the Solutions and other offers and services (or our support). In particular, this relates
to data on your use of the STIHL Digital Platform and the Solutions as well as data related to,
among other things, the properties, security and quality of our offerings and services.
As far as possible, the data will be pseudonymised or anonymised prior to processing for product
development and statistical evaluation. If the data is anonymised, it is no longer personal data.
Categories of personal data
The following information is processed in the context of product development and statistical
analysis:
• data on the use of STIHL Digital Platform and Solutions;
• data on the properties, security and quality of the STIHL Digital Platform and Solutions;
and
• other information we have, for example, from support requests received from you.
Purpose
The processing of your personal data serves the following purpose or purposes:
• improvement and further development of the STIHL Digital Platform and Solutions;
• product development, including artificial intelligence (machine learning);
• market research; and
• ensuring the security and quality of the STIHL Digital Platform and Solutions.
Legal basis
We base the processing of your data on the following legal basis:
• The processing is necessary so that we can improve and develop our products.
We base the processing on the legal basis of Article 6 (1) (f) GDPR.
We have a legitimate interest in the improvement and further development of the STIHL
Digital Platform, the Solutions and other offers and services offered by us and the STIHL
Group as well as in guaranteeing the security and quality of STIHL Digital Platform and
Solutions.
5 Your STIHL Account on the STIHL Digital Platform
5.1 Register your STIHL Account
The registration of a STIHL Account is necessary for you to use the STIHL Digital Platform, the
Solutions and other offerings and services of the STIHL Group. The STIHL Account is your user
account with which you log in after registration with the STIHL Digital Platform, the Solutions
and other offers and services of the STIHL Group.
If the information provided by you during registration changes, you can change such information
at any time on the STIHL Digital Platform, if this is provided for.
As part of the registration process, we will inform you which information is required for
registration and which is voluntary.
Categories of personal data
The following information is processed when registering a STIHL Account:
• first name, surname, title, email address, set password, date of birth;
• contact and address data;
• your country and language;
• date and time of registration; and
• the version of the Terms of Use that you accept and the date and time of your consent.
Purpose
The processing of your personal data serves the following purpose or purposes:
• Setting up and providing a STIHL Account as a user account to use the STIHL Digital
Platform, the Solutions and other offerings and services of the STIHL Group.
Legal basis
We base the processing of your data on the following legal basis:
• The processing of your personal data is necessary for setting up your STIHL Account
and making it permanently available to you as your user account for the STIHL Digital
Platform, Solutions and other offerings and services of the STIHL Group.
We base the processing on the legal basis of Article 6 (1) (b) GDPR.
• The processing of your personal data, which is not necessary for setting up your STIHL
Account and of which you voluntarily inform us, yet is required, for example, so that we
can improve your experience with STIHL.
We base the processing on the legal basis of Article 6 (1) (f) GDPR.
It is in our legitimate interest to improve your usage experience of the STIHL Digital
Platform and Solutions and, for example, to congratulate you as a customer on your
birthday.
5.2 Logging in with your STIHL Account with the STIHL Digital Platform and the Solutions
You use your STIHL Account to log into the STIHL Digital Platform, the Solutions and other
offerings and services of the STIHL Group.
Categories of personal data
The following information will be processed when logging in with the STIHL Account:
• Your STIHL Account;
• The password you have set for your STIHL Account.
Purpose
The processing of your personal data serves the following purpose or purposes:
• logging in and authentication with the STIHL Digital Platform, Solutions and other
offerings and services of the STIHL Group;
• access to the data stored by you with the STIHL Digital Platform, Solutions and other
offerings and services of the STIHL Group; and
• protecting your account and data from unauthorised access.
Legal basis
We base the processing of your personal data on the following legal basis:
• The processing of your personal data is necessary for enabling you to log into the STIHL
Digital Platform, the Solutions and other offerings and services of the STIHL Group.
We base the processing on the legal basis of Article 6 (1) (b) GDPR.
5.3 Invitation to register a STIHL Account
You can be invited by existing users of STIHL Digital Platform or Solutions to the STIHL Digital
Platform and Solutions. If you are invited, you will receive an email from us with a link to register
a STIHL Account. If you decide to create a STIHL Account, the information the inviting user
provided about you may already be pre-populated in certain sections of account registration.
If you do not create a STIHL Account, we will delete the data about you, provided to us by the
inviting user.
Categories of personal data
The following information shall be processed in connection with the invitation:
• the first name, surname, title, email address provided by the inviting user;
• the country and language related to the inviting user; and
• date and time of invitation.
Purpose
The processing of your personal data serves the following purpose or purposes:
• The opportunity to invite you to the STIHL Digital Platform and Solutions.
• You can be invited to the STIHL Digital Platform and Solutions, among other things, so
that you can use certain functions linked to other users after you have created a STIHL
Account, for example within the framework of the Solutions. For example, you can
become a member of organisations or teams within the framework of Solutions.
Legal basis
We base the processing of your personal data on the following legal basis:
• The processing of your personal data is necessary to assist you in creating a STIHL
account, for example when a dealer sends you an invitation as part of the setup process
for a STIHL product.
We base the processing on the legal basis of Article 6 (1) (b) GDPR.
• The processing of your personal data is necessary in order to be able to invite you to
the STIHL Digital Platform or the Solutions. This is a feature that we offer existing users
so that, for example, you can become a member of an organisation of the existing user
if you want to.
We base the processing on the legal basis of Article 6 (1) (f) GDPR.
It is in our legitimate interest to be able to offer this feature to our existing users and it
is in the legitimate interest of our users to be able to invite you, so that, for example,
you can become a member of the user's organisation.
6 STORAGE PERIOD
As long as you use the STIHL Digital Platform and the Solutions or until you delete your STIHL
Account, we will process your personal data as it is necessary to provide you with the STIHL
Digital Platform and the Solutions you want. The storage period for your personal data depends
in particular on which of our Solutions and which of the features offered by the Solutions you
use.
In addition, the storage period depends on the category of personal data processed and the
purpose of the processing. Finally, we take into account legal retention periods, which may
obligate us to keep your data for a certain period of time. Accordingly, storage may take place
if this is provided for by the European or national legislator in Union regulations, laws or other
provisions to which we are subject.
In the event of a legal dispute, we will keep the personal data we need for our legal defence
until the final conclusion of the proceedings.
For more information on the storage period, please contact us via the contact details to be found
in this Privacy Policy under section 2.
7 RECIPIENTS OF YOUR PERSONAL DATA
7.1 Recipients within the STIHL Group
We share your personal data with other STIHL Group companies in certain cases. The
processing by these STIHL companies is carried out on our behalf or subject to our own
responsibility. If the processing is carried out on our behalf, a contract has been concluded
between us and the respective STIHL company for the processing of data within the meaning
of the GDPR.
7.2 Recipients outside the STIHL Group
In addition to recipients of the STIHL Group, we share your personal data with our partners, in
relation to individual processing operations and taking into account the data protection
regulations. Our partners include service providers who process your personal data on our
behalf (as our data processors), and service providers who provide services to us that may
include processing your personal data as independent controllers. In connection with the
processing of your personal data, we use the following categories of service providers:
• IT Service Providers (Data Hosting Providers);
• Support (Customer Support); and
• Lawyers, auditors and tax advisers.
We also pass on your data to the authorities and courts, as far as we are obligated by the GDPR
or the law of the EU Member States.
8 TRANSMISSION OF YOUR PERSONAL DATA TO COUNTRIES OUTSIDE
THE EUROPEAN ECONOMIC AREA
Regardless of where your personal data are processed, the highest priority for us is that the
level of protection guaranteed by the GDPR is always ensured. If we pass on personal data to
recipients whose systems for processing your personal data or their subcontractors are located
outside the European Economic Area, or if we transfer personal data to recipients outside the
European Economic Area, we comply with the requirements of Chapter V of the GDPR.
You can ask us for an overview of the recipients in countries outside the European Economic
Area and information on the measures we have taken to ensure the level of protection of the
GDPR at any time via the contact details specified under section 2 in this Privacy Policy.
9 YOUR RIGHTS AND ASSERTING THEM
If you wish to assert your rights as specified below, you can contact us at any time and without
any required form via the communication channels specified in this Privacy Policy. By email and
on the other communication channels, you can reach STIHL direct and the Data Protection
Officer of STIHL direct via the contact details specified under section 2 of this Privacy Policy.
9.1 Right to information
You have the right to request confirmation as to whether or not your personal data will be
processed. When we process your personal data, you have a right to information about this
personal data and certain information required by law. For more information on your right to
information, see Art. 15 GDPR.
9.2 Right to rectification
You have the right to request the rectification of incorrect personal data concerning you without
delay. Taking into account the purposes of processing, you have the right to request the
completion of incomplete personal data. For more information on your right to rectification, see
Art. 16 GDPR.
We always strive to ensure the accuracy of your personal data. We therefore ask you to notify
us immediately of any changes to your data (such as changes in address), so that we can
ensure that your personal data is up-to-date.
9.3 Right to erasure
If the legal requirements are met, you may request us to erase your personal data immediately.
This shall be the case, in particular, where:
• your personal data will no longer be required for the purposes for which it was collected
or otherwise processed;
• the processing of your personal data is based on your consent, you revoke this consent
and we cannot base the processing on another legal basis;
• you have objected to the processing of your personal data on grounds relating to your
particular situation and there are no overriding grounds for the processing of your
personal data.
• if your personal data have been passed on to third parties and we are obligated to erase
your personal data, we will inform these third parties about the erasure, insofar as this
is required by law.
We would like to point out that your right to erasure is subject to restrictions. For example, we
may not erase any personal data that we have to keep further due to legal requirements. Data
that we need in order to assert, exercise or defend legal claims are also excluded from your
right to erasure. For more information on your right to erasure, see Art. 17 GDPR.
9.4 Right to restriction of processing
If the legal requirements are met, you may request a restriction on the processing of your
personal data. This is particularly the case where:
• the accuracy of your personal data is contested by you, or the processing of your data
will be limited for a period that allows us to verify the accuracy of your personal data;
• the processing of your personal data is not lawfully carried out and you require a
restriction on the use of your personal data instead of the erasure of your personal data;
• we no longer need your personal data for the purposes of processing, but you need
these data for the establishment, exercise or defence of legal claims;
• you have objected to the processing of your personal data on grounds relating to your
particular situation, as long as it is not clear whether our legitimate grounds for
processing outweigh your grounds.
For more information on your right to restriction of processing, see Art. 18 GDPR.
9.5 Right to data portability
You have the right to receive the personal data you have provided us and which we process for
the fulfilment of the contract, on the basis of your consent or by automated procedures, in a
structured, customary and machine-readable format. You also have the right, in the event that
the aforementioned conditions are met, that we transmit these data directly to a third party,
insofar as this is technically feasible. For more information on your right to data portability, see
Art. 20 GDPR.
9.6 Withdrawal of consent
If you have given your consent to the processing of your personal data, you can revoke it at any
time with effect for the future. The lawfulness of the processing of your data up until revocation
remains unaffected.
9.7 Right to object to data protection authorities
If you consider that the processing of your personal data violates applicable data protection
laws, you may lodge a complaint with a data protection supervisory authority, in particular the
data protection supervisory authority at your location, place of work or place of alleged
infringement.
9.8 Right to object to processing
Right to object to the processing of your personal data during processing based on
our legitimate interests
Insofar as we process data on the basis of a legitimate interest, you can object to the
processing at any time for reasons that arise from your particular situation. We will
no longer process your personal data unless we can demonstrate compelling
legitimate grounds for processing that override your interests, rights and freedoms,
or for the establishment, exercise or defence of legal claims. We assume that, in the
course of processing on the basis of a legitimate interest, we can normally prove such
compelling legitimate grounds for protection, but we examine and evaluate each
objection individually.
For more information on your right of objection, see Art. 21 GDPR
10 AMENDMENTS TO THIS PRIVACY POLICY
In this Privacy Policy, we will always keep you fully and completely informed about the
processing of your personal data in connection with the STIHL Digital Platform and the
Solutions. This requires that we update this Privacy Policy regularly, for example when we offer
new solutions on the STIHL Digital Platform. We therefore recommend that you consult this
Privacy Policy regularly.