Here you can download or print out our Privacy Statement.
The protection of its customers‘ data is of utmost importance for A. Sutter Fair Business. With the following
information we would like to give you an overview of the processing of your personal data and about the rights
granted to you in this respect. Which data are used and how they are processed is mainly dependent on the service
contract agreed upon with you. Thus, not all parts of this statement may be applicable in your case.
The privacy statement of A. Sutter Fair Business GmbH contains terms which are defined by Article 4 of the General
Data Protection Regulation (GDPR).
1. Who is responsible for data processing and who can I turn to?
1.1 Responsible Person
Responsible person according to GDPR is
A. Sutter Fair Business GmbH
Bottroper Str. 20
Phone: +49 (201) 8316-001
Fax: +49 (201) 8316-009
General E-Mail contact: firstname.lastname@example.org
In case you wish to contact us regarding data protection aspects, especially to assert your rights according to GDPR,
please use the following E-Mail address: email@example.com.
As soon as a person concerned contacts us via E-Mail, the personal data of the concerned person will be saved
automatically. Such data, sent to us on a voluntarily basis by a concerned person, will be saved for reasons of
processing or contacting the concerned person. There will be no passing on of these personal data to third parties.
As changes of laws or of our company processes may require adjustments of this privacy statement, we would ask
you to read this privacy statement on a regular basis and to mind the status. You may read, save, and print the
privacy statement under „Privacy Statement“ at any time.
1.2 Contact Data of the Data Protection Officer
A. Sutter Fair Business GmbH has appointed an external data protection officer, who you can also contact under the
address mentioned below, adding „Datenschutz A. Sutter Fair Business GmbH“:
Herr Simon P. Parl, Dipl.-Wjur. (FH)
arbeitgeber ruhr GmbH
Tel.: 0234 / 588 77 -38
Fax: 0234 / 588 77 -70
2. Which sources and data do we use?
We use personal data which we gather within the scope of use of our websites by i.e. customers, interested parties,
3. Why do we process your data (purpose of processing) and what is the legal basis?
We process personal data in accordance with the regulations of the European Union General Data Protection
Regulation (GDPR) and the Bundesdatenschutzgesetz (German Federal Data Protection Law):
3.1 Regarding Fulfillment of Contractual Duties (Article 6(1 lit. b) GDPR)
The processing of data may be effected within the scope of contractual duties with you as our customer or within
the scope of pre-contractual measurements. A processing within the scope of pre-contractual measurements is
effected, i.e. in case of inquiries regarding our services.
3.2 Within the Scope of Balancing of Interest (Article 6(1 lit. f) GDPR)
Processing procedures rest on this legal basis, in case the processing is necessary to protect a justified interest of our
company or a third party, unless your interests, fundamental rights, and fundamental freedoms predominate. Thus,
we process your data beyond the actual fulfillment of the contract to protect justified interests of our company or
third parties, i.e. to:
- Check and optimize processes for requirement analyses for direct customer approach
- Send advertisements or make market or opinion researches, in case you did not contradict the use of your
- Assert legal claims or defense in case of legal disputes
- Guarantee the security of our IT and of the IT operation of our company
- Insert measurements for the business management and development of services and products
3.3 Based on Your Consent (Article 6(1 lit. a) GDPR)
In case you have given us your consent to process your personal data for distinctive purposes (i.e. for marketing
purposes or to send a newsletter), the legality of this processing is based on your consent.
3.4 Based on Legal Requirements (Article 6(1 lit. C) GDPR) or on Public Interest (Article 6(1 lit. e)
Within the scope of legal requirements, we are subject to i.e. tax laws. Among others, the fulfillment of fiscal control
and reporting obligations is one of the purposes of data processing. Furthermore, we are legally bound to store data
by i.e., the regulations of the code of commercial law or the fiscal code.
3.5 Within the Scope of Creating an Employment Relationship (Article 88 DSGVO i.V.m. § 26 Abs. 1
If you apply for a job with our company, we may process your personal data.
4. What does that mean in detail, referring to the provision of this website and the
services offered therein?
4.1 Provision of the Website and Creating of Log Files
Each time our website is called up, our system automatically gathers data and information from the computer
system of the calling computer. The following data are gathered:
- Information regarding the browser type and version used
- Operating system of the user
- Internet-service-provider of the user
- IP-address of the user
- Date and time of the access
- Websites, from which the user’s system accesses our website
- Websites, which are accessed from the user’s system via our website
These data will also be saved in the log files of our system. These data will not be stored together with other
personal data of the user. Legal basis for the temporary storing of these data in the log files is Article 6(1 lit. f) GDPR.
The temporary storing of the IP-address by our system is necessary to enable the delivery of the website to the
computer of the user. Therefore, the IP-address of the user has to be stored for the time of the session. The storage
in the log files is made to guarantee the functionality of the website. Furthermore, we use these data to optimize the
website and to secure our IT-systems. The data will not be analyzed for marketing reasons in this respect.
The data will be deleted, as soon as they are no longer necessary for the purpose they have been gathered for. As far
as the gathering of data for the provision of the website is concerned, they will be deleted as soon as the respective
session has been terminated.
In case of the storage of the data in log files, this will happen in a period of 30 days at the latest. A further storage of
the data is possible. In that case, the IP-addresses of the users will be deleted or alienated, so that an allocation of
the calling client will no longer be possible.
The gathering of data for the provision of the website and the storage of the data in log files is mandatory for the
operating of the website. Thus, users have no contesting option.
4.2 Contact Form and E-Mail Contact
On our website, there is a contact form, which may be used for electronic contact. If you choose to take this option,
your data entered in the input mask will be transferred to us and saved. These data contain:
- Free text for notes
At the time of registration, the following data will be saved additionally:
- IP-address of the user
- Date and time
For us, the only purpose of processing personal data in the input mask is contacting you. All other personal data
processed during the dispatching process, only serve to prevent an abuse of the contact form and to guarantee the
security of our IT-systems.
Alternatively, a contact via the provided E-mail address is possible. In this case, the data transferred together with
your E-mail will be stored. These data will not be transferred to third parties. The data will exclusively be used for the
processing of your voluntary contact. Your consent provided, the legal basis for the processing of the data is Article
6(1 lit. a) GDPR. If the purpose of the E-Mail contact is concluding a contract, additional legal basis for the processing
is Article 6(1 lit. b) GDPR.
The data will be deleted, as soon as they are no longer necessary for the purpose of their gathering. Concerning
personal data from the input mask of the contact form and those, which are delivered by mail, this is the case when
the respective conversation with you, the user, has been terminated, i.e. when it becomes clear from the
circumstances that the respective issues have been clarified. Additional personal data gathered during the dispatch
process will be deleted after 30 days at the latest.
You have the option to withdraw your consent to process your personal data at any time. Contact us via E-mail, and
you can contradict the storage of your personal data at any time. In such a case, the conversation cannot be
continued. All personal data, which had been gathered in the scope of the contact, will be deleted.
4.3. Ways of Tracking
system via an internet browser.
Cookies contain a so-called cookie-ID. A cookie-ID is the explicit identification of the cookie. It consists of a character
string, which makes it possible to assign websites and servers to the individual internet browser where the cookie
has been stored. This enables visited websites and servers to distinguish the individual browser of the concerned
person from other internet browsers containing other cookies. A respective internet browser can be recognized and
identified via the explicit cookie-ID.
Among other things, cookies help to make our offer user-friendly, effective, and safe. With a cookie, information and
offers on our website can be optimized for the user. Cookies enable us to recognize the visitors of our website. The
purpose of this recognition is to facilitate the use of our website for the user. The user of a website with cookies, for
instance, does not have to enter his access data with each visit on the website, because this will be done by the
website and the cookie of the visitor stored in his computer system. A further example is the cookie of a shopping
cart in an online-shop.
4.3.2 Google-Analytics with Anonymizing Function
This website uses Google Analytics incl. Google Analytics ad functions. Google Maps is operated by Google Inc., 1600
Amphitheatre Parkway, Mountain View, CA 94043, USA.
This is a web analysis service of Google Inc. („Google“). Google Analytics uses so-called „cookies“, which are stored
on your computer, and which enable an analysis of your use of the website.
Google Analytics is used by us exclusively with the so-called IP-masking, an activated IP-anonymization. That means
that the IP-addresses of users are shortened by Google within the member states of the European Union or in other
states taking part in the agreement of the European Economic Area. Only in exceptional cases, i.e. if there are
technical malfunctions in Europe, the full IP-address will be transferred from Google to a server in the USA and
With the IP-anonymization method used by Google, the complete IP-address is not written on the hard drive at any
time, as the whole anonymization is effected almost immediately after receipt of the request in the working
The IP-address transferred by the user’s browser will not be merged by Google with other data.
On behalf of the operator of this website, Google will use this information to analyze your use of this website, to
accumulate reports about the website activities, and to provide further services connected with the use of the
website and the use of the internet, especially also functions for display-ads as well as Google Analytics reports
about the performance in respect of demographic features and interests for the operator of this website.
Google will transfer this information to third parties, in case this is required by law or in case third parties process
these data on behalf of Google. These will, under no circumstances, be personal data.
In Google Analytics reports about the performance according to demographic features and interests, data and user
data from third-party providers (i.e. age-groups or interest-groups) gathered by interest-related ads are used.
You may prevent the storing of cookies by respectively setting your browser-software. However, we would like to
point out that in this case you may not be able to use all functions of this website to a full extent.
Furthermore, you may prevent the gathering of the data created by the cookie and referring to your use of the
website (incl. your IP-address) by Google as well as the processing of these data by Google by downloading and
installing the browser-plugin which is available under the following link:
You can also prevent the registration by Google Analytics by clicking on the following link. An opt-out cookie will be
placed, which will prevent the future registration of your data when visiting this website:
https://www.google.de/analytics/terms/de.html and https://www.google.de/intl/de/policies/
Our websites use Google Maps for the creation of maps and route maps. Google Maps is operated by Google Inc.,
1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the functions of Google Maps it is necessary to save your IP-address. This information will generally be
transferred by Google to a server in the USA and stored there. We do not have any influence on this data transfer.
The use of Google Maps follows the interests of an attractive design of our online-offers and an easy
discoverableness of places indicated on our website. This is a justified interest according to Article 6(1 lit. f) GDPR.
You may read the privacy statement of Google Maps here:
4.4 Use of Social Media Plug-Ins
Our websites contain plug-ins of the social networks. They are exclusively operated by the respective providers.
Within the scope of our online-presentation, the plug-ins are indicated by the icon (pictogram) of the respective
provider. As per standard, there will be no data transferred to these providers when you visit our websites.
When visiting a sub-page of our website, which contains such a plug-in, your browser will only connect to the servers
of the respective providers after you have activated an icon. This will initiate a transfer of the plug-in content to your
browser which will then be included in the depicted page. Thus, the information about your visit to our websites will
be transferred to the respective provider.
Should you be logged in to your personal account with the respective provider at the same time you are visiting our
website (i.e. by a further browser-session), the provider can as well assign your visit to our website to your account.
With the plug-ins users can share links, post, or like contents in social networks such as Twitter, Facebook, or
By interacting with these plug-ins, i.e. by clicking on the respective icon or leaving a comment, this information will
be transferred to the respective provider and will be saved there.
Should you wish to prevent such a data transfer, you have to sign out from your account with the respective
provider prior to visiting our website. For the extent and purpose of the data gathering by the respective provider as
well as for the processing and use of your data, please turn to the privacy policies on the website of the providers.
4.4.1 Facebook „Like“-Button
On our websites we have integrated the plug-ins of the social network Facebook (Facebook Ireland Limited, Hanover
Reach, 5-7 Hanover Quay, Dublin 2 Ireland). You will recognize the Facebook Plug-ins by the Facebook logo or the
“Like-Button” on our website. Here you can find an overview of the Facebook plug-ins:
When you visit one of our websites which contains such a plug-in, your browser will establish a direct link to
Facebook’s servers. The content of the plug-in will be transferred by Facebook directly to your browser, which will
include it in the website. Thus, Facebook will get the information that you have called up the respective page of our
internet representation. If you are logged in with Facebook, they can assign your visit to your Facebook-account. If
you interact with plug-ins, i.e. click the “Like”-Button or leave a comment, the respective information will be
transferred from your browser directly to Facebook and saved there.
On our website we use buttons of the social network Twitter, operated by Twitter Inc., 795 Folsom St., Suite 600, San
Francisco, CA 94107, USA. The bookmarks are indicated by the Twitter logo (stylized blue bird). By clicking on the
logo, it is possible to share an article or a page of this offer on Twitter or to follow the provider on Twitter. When a
user calls up a website of this internet presentation, which contains such a button, his browser will establish a direct
link with the servers of Twitter. The content of the Twitter-button will then be directly transmitted to the browser of
the user. We have no influence on the handling of the data gathered by Twitter with this plug-in. If you are logged in
with Twitter, Twitter can assign your visit to your Twitter-account. For information on the purpose and extent of the
data-gathering as well as the further processing and use of the data by Twitter, and your respective rights and
setting options for the protection of your privacy, please turn to the privacy statement of Twitter
If you do not want Twitter to gather your personal data via our internet presentation, you have to log out of your
Twitter account prior to visiting our website. If applicable, you also have to delete cookies set by Twitter on your PC.
4.4.3 Googles „+1“-Button
On our website we use the „+1“-button of the social network „Google+“, operated by Google Inc., 1600
Amphitheatre Parkway, Mountain View, CA 94043, USA. The button is indicated by the characters „+1“.
When you visit one of our websites containing such a button, your browser will establish a direct link to the servers
of Google. The content of the „+1“-button will be transmitted by Google directly to your browser and integrated in
the website afterwards. Thus, we do not have any influence on the extent of the data gathered by Google with this
button. If you are a member of „Google+“ and you do not want Google to merge the data gathered via our internet
representation with your member-data, you have to log out of „Google+“ prior to visiting our website.
For further information regarding the purpose and extent of the data-gathering, the processing and use of the data
by Google, as well as your respective rights and setting options for the protection of your privacy, please turn to the
privacy statement of Google http://www.google.com/intl/de/policies.
On our website we use plug-ins of Youtube.de/Youtube.com, operated by YouTube, LLC, Cherry Ave., USA,
represented by Google Inc.. When you call up websites of our internet representation with such a plug-in, a link with
the YouTube-servers will be established, depicting the plug-in on the website by informing your browser. Thus, the
YouTube-server will be informed, which of our websites you have visited. If you are logged in as member of
YouTube, YouTube will assign this information to your personal user-account. When using these plug-ins, i.e. when
clicking the start-button of a video or sending a comment, this information will be assigned to your YouTubeaccount.
You can only prevent this by logging out of your account prior to using the plug-in. For further information
regarding the gathering and use of the data by the platform or the plug-ins respectively, please turn to the privacy
statement of Google: https://www.google.de/intl/de/policies/privacy
4.4.5 XING Share-Button
On our website we use the XING share-button (Xing AG, Gänsemarkt 6, 20354 Hamburg). During the process of
establishing this website, a short-term link to servers of XING AG („XING“) will be made via your browser rendering
the „XING share-button“ functions (especially the calculation/display of the counter status). XING does not save any
personal data concerning your call-up of this website. In particular, XING does not save any IP-addresses. Moreover,
For the respective current privacy statement regarding the „XING share-button“ and additional information,
please turn to: https://www.xing.com/app/share?op=data_protection
4.4.6 LinkedIn Recommend-Button
On this website, plug-ins of the social network LinkedIn, operated by LinkedIn Corporation, 2029 Stierlin Court,
Mountain View, CA 94043, USA (in the following called „LinkedIn“) are integrated. LinkedIn plug-ins on this website
are recognizable for the LinkedIn logo or the „share-button“ („recommend“). When you visit this website, the plug-in
will establish a direct link between your browser and the LinkedIn-server. Thus, LinkedIn receives the information
that you have visited this website with your IP-address. If you click the LinkedIn-„share-button“, while you are logged
in with your LinkedIn-account, you can link the contents of this website with your LinkedIn-profile. Thus, LinkedIn
can assign your visit to this website to your user-account.
If you are member of LinkedIn and you do not wish LinkedIn to merge the data gathered via our internet
representation with your stored member-data, you have to log out of LinkedIn prior to your visit of our website.
For further information regarding the gathering and use of data by the platform or the plug-ins respectively, please
turn to the privacy statement of LinkedIn: http://de.linkedin.com/legal/privacy-policy
5. Which data do we process when you apply for a job?
A. Sutter Fair Business GmbH gathers and processes personal data of applicants for the purpose of conducting an
application process. Applicants contact our company via a special E-mail address indicated on our website, which is
only accessible for employees dealing with personnel issues.
Within the scope of the applicant management, we process data provided to us for the purpose of initiating an
employment relationship according to Article 88 GDPR i.V.m. § 26 Abs. 1 BDSG (German Law). Alternatively, work
agreements according to Article 88 GDPR i.V.m. § 26 Abs. 4 BDSG (German Law) as well as consents (i.e. for photos)
according to Article 88 GDPR i.V.m. § 26 Abs. 2 BDSG (German Law) apply.
Should special categories of personal data (i.e. severe disability) be processed, Article 88 GDPR i.V.m. § 26 Abs. 3
BDSG (German Law) applies. Furthermore, the processing of health data may become necessary for the judgement
of your working ability, according to Article 9(2 h) i.V.m. § 22 Abs. 1 b) BDSG (German Law).
We process and save your personal data for as long as it will be necessary for the fulfillment of the purpose of the
data-gathering, or contractual or legal duties, i.e.:
- In case we conclude an employment contract with the applicant following the application process, we will
save the provided data for the purpose of conducting the employment relationship under observance of the
- In case we do not conclude an employment contract with the applicant, the application documents will
automatically be deleted three months after the announcement of the rejection, unless there are no
conflicting justified interests of A. Sutter Fair Business GmbH. A justified interest is i.e. the burden of proof in
a proceeding according to the Allgemeinen Gleichbehandlungsgesetz (AGG) (General Equal Treatment Act).
If you want us to save your application in our „applicants pool“ for a period exceeding three months, you have to
make a prior written request, in which you also give us your permission to do so.
You are, of course, at liberty to withdraw your application at any time. In this case, your data will be deleted, unless
they are necessary for the fulfillment of the purpose of their gathering. An E-mail to us, stating your withdrawal, will
be sufficient. The revocation of any given permissions is possible at any time.
6. Which data do we process when you visit our online-shop or place an order there?
We use the data provided by you for the purpose of ordering goods or services without your explicit consent
exclusively for the fulfillment and processing of your order. With the complete settlement of the contract and
compensation in full, your data will be locked for further use and deleted after expiry of the legal retention period,
unless you have explicitly approved the further use of your data.
Your data will be transferred to our subcontractors, i.e. to the delivery company commissioned to deliver your
goods, as far as a delivery is necessary and cannot be conducted online, or to print shops. For the processing of
payments we will transfer your payment data to the payment provider commissioned with the payment, i.e. in case
of payments by credit card to the credit card provider. In case you fail to pay open invoices despite repeated
reminders from our side, we will transfer the necessary data to a collection agency for collection. These companies
may use your data only for the purpose of fulfillment of the order and not for any other purposes. Legal basis for the
transfer of the data in connection with online- orders is Article 6(1 lit. b) GDPR.
When you order goods or services on our website and leave your E-mail address, this can be used by us for sending a
follow-up newsletter. In such a case, the newsletter will only contain direct advertisements for our own goods or
services, which may be of interest for you as they resemble those, you have already ordered.
In connection with the data processing for the sending of newsletters, there will be no data-transfer to third parties.
The data will exclusively be used for the dispatch of the newsletters.
Legal basis for the sending of the newsletter following the purchase of goods or the ordering of services is § 7(3)
UWG (German Law).
Your data will be deleted as soon as they are no longer necessary for the fulfillment of the purpose of their
gathering. Thus, your E-mail address will be saved as long as your subscription of the newsletter is active.
You can cancel the receipt of the newsletter at any time. There is a link in each newsletter for that purpose.
Our shop-websites contain plug-ins of the following payment-providers:
On our website we offer, among others, payments with the services of Concardis, operated by Concardis GmbH,
Helfmann-Park 7, 65760 Eschborn, Germany (in the following called “Concardis”).
If you choose payment via Concardis, the payment data you enter will be transferred to Concardis. You can read the
privacy statement of Concardis here:
The transfer of your data to Concardis is made on the legal basis of Article 6(1 lit. a) GDPR (Consent) and Article 6(1
lit. b) GDPR (Processing to fulfill a contract). You have the option to withdraw your approval at any time. A
withdrawal does not affect the effectiveness of data processing procedures in the past.
On our website we offer, among others, payments via PayPal, operated by PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-
24 Boulevard Royal, L-2449 Luxembourg (in the following called “PayPal”).
If you choose payment via PayPal, the payment data you enter will be transferred to PayPal. You can read the
privacy statement of PayPal here:
The transfer of your data to PayPal is made on the legal basis of Article 6(1 lit. a) GDPR (Consent) and Article 6(1 lit.
b) GDPR (Processing to fulfill a contract). You have the option to withdraw your approval at any time. A withdrawal
does not affect the effectiveness of data processing procedures in the past.
On our website we offer, among others, payments with the services of Klarna, operated by Klarna AB, Sveavägen 46,
111 34 Stockholm, Schweden (in the following called “Klarna”).
If you choose payment via Klarna, the payment data you enter will be transferred to Klarna. You can read the privacy
statement of Klarna here:
The transfer of your data to Klarna is made on the legal basis of Article 6(1 lit. a) GDPR (Consent) and Article 6(1 lit.
b) GDPR (Processing to fulfill a contract). You have the option to withdraw your approval at any time. A withdrawal
does not affect the effectiveness of data processing procedures in the past.
6.3 Kinds of tracking in our shop-websites
For the appropriate design as well as for the optimization of our shop, we use solutions and technology of econda
GmbH. For this purpose, anonymized data are gathered and saved and user profiles are created, using pseudonyms.
For the successful settlement of orders in our shops we use the services of econda Analytics, operated by econda
GmbH, Zimmerstraße 6, 76137 Karlsruhe, Germany. You can read the privacy statement of econda Analytics here:
7. Which security measures do we take for the protection of data saved with us?
We have taken technical and administrative security measures to protect your personal data against loss,
destruction, manipulation, and unauthorized access.
Our employees and our subcontractors are obligated to adhere to the valid data protection laws.
Please note that because of the given structure of the internet, it may be possible that the regulations for data
protection and the above-mentioned security measures may be disregarded by persons or institutions outside of our
area of responsibility. In particular, unencrypted data – even if transferred by E-mail – may be read by third parties.
We have no technical influence on this. It is in your area of responsibility to protect your data by encryption or
otherwise against misuse.
Nevertheless, data transfers can generally have security gaps, so that an absolute protection cannot be guaranteed.
For this reason, each concerned person is entitled to transfer personal data to us in other ways, i.e. via telephone or
8. Which rights can you assert against us?
Each concerned person has the right of
- Information according to Article 15 GDPR
- Notification according to Article 16 GDPR
- Deletion according to Article 17 GDPR
- Limitation of processing according to Article 18 GDPR
- Contradiction based on Article 21 GDPR
- Data transferability based on Article 20 GDPR
As to the right of information and the right of deletion, the limitations according to §§ 34 and 35 BDSG (German Law)
are valid. Moreover, there exists a right of appeal at a responsible data protection authority (Article 77 DSGVO i.V.m.
§ 19 BDSG) (German Law).
You can withdraw a given approval for the processing of your personal data by us at any time. This is also true for the
withdrawal of consents which have been given to us prior to the validity of the GDPR, i.e. before May 25, 2018.
Please note that the withdrawal will only become effective in the future. Any data processing, which has been
conducted before the withdrawal, is not concerned by this.
You can assert all above-mentioned rights with this E-mail contact: firstname.lastname@example.org.
Status: May 23, 2018