(Status 29.04.2024)
The following data protection information informs you about the type and scope of processing of so-called personal data by ANDREAS STIHL AG & Co. KG (hereinafter referred to as "STIHL"). Personal data is information that is or can be directly or indirectly assigned to your person.
We would like to inform you about the processing of personal data in connection with the reporting of vulnerabilities required under the UK Product Security and Telecommunications Infrastructure („UK PSTI“) regulations.
This data protection information applies to data processing by ANDREAS STIHL AG & Co. KG, BadstraBe 115, 71336 Waiblingen, Germany ("Data Controller") in the context of reporting vulnerabilities under the UK PSTI. The STIHL data protection officer can be contacted via the above mentioned address, to the attention of the data protection department, or via datenschutz@stihl.de.
The personal data provided to us with reference to vulnerability reporting shall be exclusively used for the purposes stated by UK PSTI regulations with regard to security of products and services. The purposes include reporting and responding to security issues for STIHL products and services. This can also include contacting you if we require further information about your discovery and reporting of security issues. STIHL may process the following categories of personal data: name, email address, phone number and personal data voluntarily provided by you.
STIHL processes your personal data as it is necessary for STIHL’s compliance with the legal obligations (Article 6.1 (c) Legal Obligation of the UK Data Protection Act 2018 and/or Article 6.1 (c) Legal Obligation of the GDPR REGULATION (EU) 2016/679).
Your personal data will be deleted as a general rule when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims. In the case of statutory storage obligations, deletion shall only be considered after the expiry of the respective storage obligation.
Certain data processing activities, such as technical support, are carried out by companies within the STIHL Group. Data is therefore regularly transferred within the group. As a rule, the transmission is based on a data processing agreement. We shall only share your personal data with organisations within the STIHL organisations (for the purposes of processing your vulnerability report) or regulatory bodies if legally enforced to do so.
We do not normally pass on your data to recipients based outside the European Union or the European Economic Area. As far as this is necessary from a technical point of view, the data transmission is encrypted and on the basis of so-called standard contractual clauses of the EU Commission.
In addition to the right to revoke your consent granted to us, you are entitled to the following further rights if the respective legal requirements are met:
Under the conditions of Art. 21 para. 1 GDPR, data processing may be objected to for reasons arising from the specific situation of the data subject.
The above general right of objection applies to all processing purposes described in this Data Privacy Notice which are processed on the basis of Article 6 para. l lit. f GDPR. In contrast to the special right of objection aimed at data processing for advertising purposes, we are only obliged under the GDPR to implement such a general right of objection if you give us reasons of major importance.
We will revise this privacy notice whenever changes are made to this website or other matters that require it. You will always find the current version here. You should therefore visit this page regularly to keep yourself informed about the current status of the data protection declaration.