Sika appreciates your interest in our company and our products and your visit to our website. In this context we set a high value on the protection of your personal data. This data protection declaration explains how we, as the responsible party, process your personal data and other information, in particular with regard to the significance of the GDPR in the context of the use of our website https://www.schonox.com/
I. General Information
1. Responsible within the scope of the GDPR
Sika Deutschland GmbH („Us“)
Kornwestheimer Straße 103-107
70439 Stuttgart Germany
Tel.: +49 711 8009 0
Telefax +49 711 8009 321
2. Contact details of the data protection officer
Sika Deutschland GmbH
3. Legal basis for processing
Sika complies with national and international laws and regulations and guarantees the right to informational independence. During the collection, storage and processing of personal data, we comply with European data protection regulations and the resulting national regulations. As a company headquartered in Germany, we are particularly committed to the GDPR, the National Data Protection Law, the Telecommunications Law and the Tele media Law.
We process personal data on the basis of at least one of the following legal bases:
- If you have given us your consent to process your personal data (Art. 6 (1)(a) GDPR);
- To fulfil a contract with the data subject or to carry out pre-contractual measures at the request of the data subject (Art. 6 (1)(b) GDPR);
- To fulfil a legal obligation to which we are bound (Art. 6 (1)(c) GDPR);
- To ensure our legitimate interests and the legitimate interests of third parties (Art. 6 (1)(f) GDPR). The maintenance of the functionality of our IT systems, but also the marketing of our own and third-party products and services as well as the legally required documentation of business contacts are such legitimate interests. Within the scope of the necessary weighing of interests, we take into account in particular the type of personal data, the purpose of processing, the processing circumstances and your interest in the confidentiality of your personal data.
Unless otherwise regulated for individual cases in this data privacy statement, personal data will be deleted if this data is no longer necessary for the purposes for which it was collected or processed in any other way and if there are no legal obligations to retain it. We also delete the personal data processed by us in accordance with Art. 17 GDPR on request, if the conditions set out therein are met. If personal data are required for other and legally permissible purposes, they will not be deleted but their processing will be restricted in accordance with Art. 18 GDPR. In the event of restriction, the data will not be processed for other purposes. This applies, for example, to personal data that must be stored by us for commercial or tax reasons. Documents according to § 257 (1) no. 2 and 3 HGB as well as § 147 (1) no. 2, 3, 5 AO are kept for 6 years, documents according to § 257 (1) no. 1 and 4 HGB as well as according to § 147 (1) no. 1, 4, 4a AO for 10 years.
We forward personal data to recipients (processors or other third parties) only to the extent necessary and only under one of the following conditions:
- The person concerned has consented to the disclosure;
- The transfer serves to fulfil contractual obligations or pre-contractual measures at the instigation of the person concerned;
- We are legally obliged to forward such data;
- The forwarding takes place on the basis of legitimate interests of us or a third party.
Some of our colleagues involved in website administration and IT services may be employees of our group companies. The legal basis for the transfer of your personal data is our legitimate interest pursuant to Art. 6 (1)(f) GDPR. Our legitimate interests are the transfer of personal data within the Group for internal administrative purposes.
Sika transfers your personal data to law enforcement authorities, government agencies, legal and external consultants in accordance with applicable data protection law. The legal basis for such processing is the fulfillment of any existing legal obligation on the part of Sika or legitimate interests, such as the assertion or defence of legal claims.
6. Third countries
The transfer of personal data to a country or an international organization outside the European Union (EU) or the European Economic Area (EEA) takes place subject to legal or contractual permissions only in accordance with the conditions set out in Art. 44 et seq. GDPR. This means that an adequacy decision by the EU Commission pursuant to Art. 45 GDPR exists for the country in question, appropriate data protection safeguards exist pursuant to Art. 46 GDPR or binding internal data protection regulations exist pursuant to Art. 47 GDPR.
External services may be integrated on this website, which are provided by companies based in the USA. If these services are set to "active" based on the settings you have made within the cookie settings area, personal data will be collected in connection with the provision of the respective service and may be transferred to servers in the USA and stored there. The European Court of Justice considers the level of data protection in the USA to be insufficient. When data is transferred to the USA, there is a fundamental risk that the US authorities will access the data without notification and without the possibility of legal recourse to use it for monitoring and control purposes.
7. What rights do you have and how can you exercise your rights?
As a data subject, you have the following rights:
- In accordance with Art. 15 GDPR, you can request information about your personal data processed by us; you can also request information about the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom your data has been disclosed or will be disclosed, the planned storage period or the criteria for determining the storage period, the origin of your data, if not collected from you, the existence of automated decision-making including profiling and, if applicable, the existence of an automated decision making process. You will have the right to know whether personal data have been transferred to a third country or to an international organization and, if so, the appropriate safeguards relating to the transfer;
- In accordance with Art. 16 GDPR, you have the right to request the immediate correction of incorrect data or the completion of your personal data stored by us;
- According to Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
- In accordance with Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful but you refuse its deletion and we no longer need the data, you need the data no longer required by us to enforce, exercise or defend legal claims, or you have objected to the processing in accordance with Art. 21 GDPR but it is not yet clear whether our legitimate reasons for the data processing outweigh your interest;
- In accordance with Art. 20 GDPR you have the right to request the transfer of your personal data which you have provided to us in a structured, common and machine-readable format or the transfer to another responsible person;
- In accordance with Art. 21 GDPR you have the right to object to the processing of your personal data if there are reasons for doing so which arise from your particular situation or if the objection is directed against direct advertising and the legal basis for the processing of the personal data are legitimate interests in accordance with Art. 6 (1)(f) GDPR;
- In accordance with Art. 7 (3) GDPR, you can revoke your consent to us at any time. As a result, we may no longer continue the data processing based on this consent in the future;
- According to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your usual residence, workplace or place of suspected non-compliance. A list with contact details of the data protection officers in the federal states can be found at the following link: https://www.bfdi.bund.de/DE/Service/Anschriften/Laender/Laender-node.html
If you wish to assert the above rights, you can contact us or our data protection officer at any time using the above contact details or use the specific web form available on the Sika website to exercise your rights.
This online offer is not intended for children under the age of 16.
II. Collection and processing of your personal data
In order to provide our Internet services, we use services from marketing service providers, IT support service providers and hosting companies, such as the provision of web servers, storage space, database services, security services and maintenance services. In doing so, we or our service provider process personal data of users of our website on the basis of our legitimate interests in the efficient and secure provision of this website in accordance with Art. 6 (1)(f) GDPR.
3. Access data and log files
When you access our website or the individual pages, information is automatically sent to the server of our website by the browser on your terminal device. The log files are used by us to identify malfunctions and for security reasons (e.g. to detect attempted attacks).
The access logs of the web servers record which page requests have taken place at what time. They contain the following data:
IP, directory protection user, date, time, accessed pages, logs, status code, amount of data, referer, user agent, accessed host name.
The IP addresses are stored anonymously. For this purpose, the last three digits are removed, i.e. 127.0.0.1 becomes 127.0.0.*. IPv6 addresses are also anonymized. The anonymized IP addresses are retained for 60 days. Information about the directory protection user used is anonymized after one day.
Error logs, which record erroneous page requests, are deleted after seven days. In addition to the error messages, these contain the accessing IP address and, depending on the error, the accessed website.
Accesses via FTP are logged with anonymized information on user name and IP address and stored for 60 days.
The following information is stored:
This data is processed for the following purposes:
- Provision of the Internet offer, including all functions and content,
- Ensuring a smooth connection setup of the website,
- Ensuring a comfortable use of our website,
- Ensuring system security and stability,
- Anonymized statistical evaluation of accesses,
- Optimization of the website,
- Disclosure to law enforcement authorities if an illegal intervention/attack on our systems has occurred,
- other administrative purposes.
The legal basis for data processing is Art. 6 (1) 1 p. 1 (f) GDPR. Our legitimate interest follows from the purposes for data collection outlined above. In no case do we use the collected data for the purpose of drawing conclusions about a person.
Possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in log files is necessary for the operation of the website. Therefore, there is no possibility of objection on the part of the visitor.
4. Application process
We process the applicant data only for the purpose of and within the scope of the application procedure in accordance with the legal requirements. Applicant data is processed to fulfill our (pre)contractual obligations within the scope of the application procedure in accordance with Art. 6 (1)(b). GDPR or Art. 6 (1)(f) GDPR insofar as the data processing becomes necessary for us, e.g. in the context of legal procedures (in Germany, Section 26 BDSG also applies).
The application process requires applicants to provide us with applicant data. The necessary applicant data is defined within our Group-wide applicant portal "Kenexa". "Kenexa" is provided by IBM Corporation in New Orchard, Armonk, New York, 10540 in the USA. Information on data protection at IBM can be found here: https://www.ibm.com/privacy/details/us/en
The applicant data we receive is derived from the job descriptions; in principle, this includes personal details, postal and contact addresses, and the application documents such as cover letter, curriculum vitae, and references. In addition, applicants may voluntarily provide us with additional information.
The Sika job portal is processed under joint responsibility with other Sika Group companies in accordance with Art. 26 GDPR. For more information on how personal data is processed on the application platform, please refer to the data protection information under Job Portal.
In the event of a successful application, the data provided by the applicants may be further processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which applicants are entitled to do at any time.
All personal data collected in connection with the application form will be deleted, subject to a justified revocation by the applicants, after the expiry of a period of six months so that we can answer any follow-up questions about the application and satisfy our obligations to provide evidence under the General Equal Treatment Act (AGG). Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements. Unless storage is required for the documentation of other processes (e.g. in the case of subsequent employment).
5. Contact form / other contact
Our web pages contain contact forms as well as links for sending an e-mail directly to us. If you use one of these contact forms, the data entered in the input mask will be transmitted to us and processed.
If you use the direct sending of an e-mail to us, we process the associated e-mail metadata as well as the content of the message.
If you use the contact form, you will be asked to provide your name, address, telephone, e-mail address and, if applicable, other contact details so that we can contact you personally. Further information can be provided voluntarily. Data processing for the purpose of contacting us and responding to your request is based on your voluntary consent in accordance with Art. 6 (1)(a) GDPR. All personal data collected in connection with the contact form will be deleted after your request has been dealt with unless storage is required for the documentation of other processes (e.g. subsequent conclusion of a contract).
If you contact us using the contact data published on our website (e.g. by e-mail) and provide us with personal data in the process, we will use this data to process your request on the basis of Art. 6 (1) sentence 1 lit. b GDPR, provided that your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent pursuant to Art. 6 (1)(a) GDPR and/or in our legitimate interest in effectively processing the requests addressed to us pursuant to Art. 6 (1)(f) GDPR. The data remains with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.
6. Schönox Live / Online Seminars
You have the possibility to register for an event under "Schönox Live" by providing personal data. The registration is voluntary and takes place according to Art. 6 (1)(a) GDPR based on the consent voluntarily given by you. Which personal data is transmitted in the process is indicated in the respective input mask used for the registration. A marking about the necessity or an optional indication takes place.
The following data is collected and stored:
- First and last name, company
- Address data
- E-mail address
The personal data collected will be used for the purposes of the event and to contact you for registration-related information. The purpose of the processing is the organization, implementation, documentation and, if applicable, billing of the training. Thus, the data processing is carried out to fulfill the contractual relationship created by the registration for the training (Art. 6 (1)(b) GDPR). Furthermore, we inform training participants about future Sika events as well as about the products of our brands presented in the training sessions by means of newsletters. This is in accordance with § 7 (1) 3 UWG in conjunction with. Art. 6 (1)(f) GDPR permissible. You may object to this processing at any time vis-à-vis the person responsible.
If necessary for the organization and implementation of the training, personal data will be passed on, for example, to hotel and conference facilities, travel companies and external lecturers.
Your data will only be deleted, or we will be instructed to delete your data after the event has ended. If we are obliged to store your personal data due to legal, in particular tax and commercial law retention periods, the processing of your personal data will be restricted accordingly until the retention periods expire and then this data will be deleted.
Purpose and legal basis of data processing
Online seminars are conducted by Sika Deutschland GmbH, the purpose of the processing is the organization, implementation, evaluation and, if applicable, the possibility of billing of online seminars. The online seminars serve for promotional purposes, customer loyalty or as a pre-contractual measure and is therefore carried out in accordance with data protection law based on Art.6 (1)(b) GDPR.
Furthermore, we inform training participants about future events, online seminars and the presented products of the brands "Sika" and "Sarnafil" or "Schönox" by means of a newsletter. This is permissible according to § 7 (1) 3 UWG in conjunction with. Art. 6 (1)(f) GDPR. You may object to this processing vis-à-vis the controller at any time.
Categories of personal data processed
Sika Deutschland GmbH documents who has registered for the corresponding online seminar and who has participated in the online seminars:
Topic and description of the online seminar, title, first name, last name, e-mail, and participation yes/no. Optionally, the telephone number can also be entered in the contact form. The following data is processed in the context of using the "Cisco Webex" application used for the webinar:
- User details:
first name, last name, phone number (optional).
metadata: Topic and description of the online seminar, participant IP
addresses, device/hardware information.
- For recordings
(optional): MP4 file of all video, audio and presentation recordings, M4A file
of all audio recordings.
- Text, audio and video data: as far as the possibility to interact and ask questions within the online seminar.
Scope of processing
We use Salesforce Pardot for registration as well as for analysis purposes. We use "Cisco Webex" meetings to conduct the online seminars. If we want to record "online meetings", we will transparently inform you in advance. Automated decision making according to Art. 22 GDPR does not take place.
We use the Pardot Marketing Automation System ("Pardot MAS") of Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA ("Pardot"). Pardot is a salesforce software module for recording and evaluating online seminars. To the extent that Pardot LLC processes personal data, the processing is performed exclusively on our behalf and in accordance with our instructions. We have entered into separate group-wide agreements with salesforce.com, inc. to comply with the EU data protection guidelines.
We use Cisco Webex Meetings, this is a cloud-based application that is not operated by us. Your data is therefore processed on our behalf by Cisco (Cisco International Limited with registered office at 9-11 New Square Park, Bedfont Lakes, Feltham, England TW14 8HA, United Kingdom). A corresponding contract for data processing on behalf has been concluded. All necessary technical and organizational security measures to protect your personal data from loss and misuse are taken by us and on our behalf by the company Cisco. The company assures that the provisions of the GDPR are complied with. You can obtain further data protection information from "Cisco Webex" at:
Recipients / passing on of data
Personal data that we process in connection with participation in online seminars is generally not passed on to third parties unless it is intended for transfer, e.g. to a specific trading partner.
Storage period / deletion of data
As a matter of principle, we delete personal data if there is no need for further storage. A need may exist if the data is still required for the fulfillment of contractual services, for the examination and granting or defense of warranty and, if applicable, guarantee claims.
In the case of statutory retention obligations (under tax law or commercial law), deletion will only be considered after expiry of the respective retention obligation.
You have the option to register on our website by providing personal data. The registration is voluntary and takes place according to Art. 6 (1)(a) GDPR on the basis of your voluntarily given consent. Which personal data is transmitted in the process is indicated in the respective input mask or direct contact by mail used for registration. The personal data collected will be used for the purposes of our offer and to contact you for information relevant to the offer and registration. You can view your personal data and make changes to this data via a personal user account. Your data will be stored until you delete the user account or instruct us to delete your data. If we are obliged to store your personal data due to legal, in particular tax and commercial law retention periods, the processing of your personal data will be restricted accordingly until the retention periods expire and then this data will be deleted.
We process the personal data of participants for the purpose of conducting competitions. Depending on the type of competition, a valid e-mail address as well as the first name, surname and date of birth must be provided and, if necessary, information on gender is also required. In individual cases, a telephone number must also be provided if contact is required at short notice (e.g. if tickets can be won). If the prizes are sent by post or parcel service, we also ask for your postal address to enable us to send the prizes.
We collect this information to determine if you are eligible to participate and to determine and notify winners by email. If you do not provide us with the above information, it will not be possible to enter the contest or contact you regarding prize notification. Your address information will only be used for the purpose of sending you the prize. Without this information, it is not possible to send the prizes by mail.
The data collected in the context of competitions is generally only accessible to the department within the responsible body that carried out the specific competition. Your data will not be passed on to third parties unless the passing on of the data is necessary for the implementation of the respective competition or for the dispatch of the prizes and there is a data protection-related transfer authorization. If we involve partner companies or service providers in the implementation or carry out joint activities with them, we conclude the necessary agreements by way of order processing pursuant to Art. 28 of the GDPR or joint responsibility pursuant to Art. 26 of the GDPR.
If we conduct sweepstakes with partners or if the respective cooperation partner providing the prizes arranges for the shipment on its own responsibility, personal data such as address data will be transmitted to the respective cooperation partner for a specific purpose. If we commission service providers to carry out competitions as part of the order processing, we select them carefully. Further detailed information on the specific processing at the cooperation partner for the respective survey, sweepstake or advertising campaign can be found in the data protection notices of the service providers.
In the context of the competition, we process the data based on Art. 6 (1)(b) GDPR and, if necessary, transmit it to the respective cooperation partner. For statistical purposes, we evaluate anonymously how many participants have taken part in the respective sweepstakes. This evaluation does not allow any conclusions to be drawn about individual participants. The legal basis for this is our legitimate interest pursuant to Art. 6 (1) sentence 1 (f) GDPR. The sending of advertising and newsletters only takes place on the legal basis granted under Art. 6 (1)(a) GDPR.
III. Services of Google
The provider of the following Google services is Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google").
The information collected by Google in connection with the provision of the respective service may be transferred to Google servers in the USA and stored there. Please also refer to our information above on data transfer to third countries and the selection within the cookie settings area. The legal basis for the use of the following services of Google is your voluntarily given consent of the respective type of cookie in our cookie - settings area on our website according to Art. 6 (1)(a) GDPR.
1. Google Analytics
You can prevent the collection by Google Analytics by clicking on the link to obtain an opt-out cookie. This cookie ensures that in the future no visitor data from your browser will be collected and stored by Google Analytics when you visit this website.
Please note: If you delete your cookies, the opt-out cookie will also be deleted and may have to be reactivated by you.
2. Google maps
IV. Media content
Within the scope of our Internet offer, we sometimes use third-party content that is loaded directly from servers of the providers named in detail below. The purpose of integrating this content is to make our Internet offering more attractive. Our legitimate interest in the use of such third-party content also lies in the purpose of making our website more attractive. The legal basis for the use of the following social media plugins are our legitimate interests according to Art. 6 (1)(f) GDPR as well as your consent according to Art. 6 (1)(a) GDPR, which you can manage by using the "cookie settings area". You can also find information on this by means of the cookie notice.
1. YouTube Our website uses media content from the YouTube platform. The provider is Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google"). The purpose is to display content from the YouTube platform as part of our Internet offering. This service collects your IP address and possibly other data required by Google for YouTube. The information generated about your use of this website is stored on a server in the USA. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of us or Google. If you are logged into YouTube at the same time, Google can assign the visit to the page of our website directly to your user account there. If you do not want Google to be able to associate the data collected on our website with your respective user account on YouTube, you must first log out of YouTube.
Due to technical advancements and/or due to changed legal and/or regulatory requirements, it may become necessary to adapt this data protection information. The current version is always available on this page.
Privacy notice for business partners