Find a Dealer
Email icon alternative text
  1. Homepage
  2. Vulnerabilities Privacy Policy

Data protection notice of the ANDREAS STIHL AG & Co. KG

(Status 29.04.2024)

1. Overview

The following data protection information informs you about the type and scope of processing of so-called personal data by ANDREAS STIHL AG & Co. KG (hereinafter referred to as "STIHL"). Personal data is information that is or can be directly or indirectly assigned to your person.

We would like to inform you about the processing of personal data in connection with the reporting of vulnerabilities required under the UK Product Security and Telecommunications Infrastructure („UK PSTI“) regulations.

2. Name and contact details of the person responsible and the data protection officer

This data protection information applies to data processing by ANDREAS STIHL AG & Co. KG, BadstraBe 115, 71336 Waiblingen, Germany ("Data Controller") in the context of reporting vulnerabilities under the UK PSTI. The STIHL data protection officer can be contacted via the above­ mentioned address, to the attention of the data protection department, or via datenschutz@stihl.de.

3. Purposes of data processing, legal basis and legitimate interests  pursued by STIHL or a third party  and categories of recipient

The personal data provided to us with reference to vulnerability reporting shall be exclusively used for the purposes stated by UK PSTI regulations with regard to security of products and services. The purposes include reporting and responding to security issues for STIHL products and services. This can also include contacting you if we require further information about your discovery and reporting of security issues. STIHL may process the following categories of personal data: name, email address, phone number and personal data voluntarily provided by you.

  • Basic personal data (name, first name)
  • Contact details (e-mail address, telephone number if applicable) 
  • Serial Number

STIHL processes your personal data as it is necessary for STIHL’s compliance with the legal obligations (Article 6.1 (c) Legal Obligation of the UK Data Protection Act 2018 and/or Article 6.1 (c) Legal Obligation of the GDPR REGULATION (EU) 2016/679).

Your personal data will be deleted as a general rule when there is no need for further storage. A requirement may exist in particular if the data is still needed to fulfill contractual services, to check and grant or defend against warranty and, if applicable, guarantee claims. In the case of statutory storage obligations, deletion shall only be considered after the expiry of the respective storage obligation.

4. Transmission of data

Certain data processing activities, such as technical support, are carried out by companies within the STIHL Group. Data is therefore regularly transferred within the group. As a rule, the transmission is based on a data processing agreement. We shall only share your personal data with organisations within the STIHL organisations (for the purposes of processing your vulnerability report) or regulatory bodies if legally enforced to do so.

We do not normally pass on your data to recipients based outside the European Union or the European Economic Area. As far as this is necessary from a technical point of view, the data transmission is encrypted and on the basis of so-called standard contractual clauses of the EU Commission.

5. Your rights

5.1 Overview

In addition to the right to revoke your consent granted to us, you are entitled to the following further rights if the respective legal requirements are met:

  • Right of information about your personal data
    stored with us in accordance with Art. 15 GDPR;
  • Right to rectification of incorrect or
    completion of correct data in accordance with Art.16 GDPR,
  • Right to erasure of your data stored with us in
    accordance with Art. 17 G DPR insofar as no legal or contractual retention periods or other legal obligations or rights to further storage must be observed, 

  • Right to restriction of the processing of your data according to Art. 18 G DOR,
  • Right to data portability according to Art. 20 GDPR
  • Right to complain to a supervisory authority

5.2 Right to object

Under the conditions of Art. 21 para. 1 GDPR, data processing may be objected to for reasons arising from the specific situation of the data subject.

The above general right of objection applies to all processing purposes described in this Data Privacy Notice which are processed on the basis of Article 6 para. l lit. f GDPR. In contrast to the special right of objection aimed at data processing for advertising purposes, we are only obliged under the GDPR to implement such a general right of objection if you give us reasons of major importance.

6. Amendments to this declaration

We will revise this privacy notice whenever changes are made to this website or other matters that require it. You will always find the current version here. You should therefore visit this page regularly to keep yourself informed about the current status of the data protection declaration.