Legals & Data Privacy


Owned by

Norman Schülein

Burgeffstr. 5c

65239 Hochheim, Germany

Contact details:
Telephone: +49 15255309928

Nature and purpose of business: Source-to-Pay and SAP Ariba Consulting
VAT number: DE213907371

Editorial concept: 
Sharing information and inspiration on Source-to-Pay system and process excellence


Thank you very much for visiting our website. We take the protection of your personal data very seriously. That is why we process your personal data exclusively in compliance with the legal provisions of the General Data Protection Regulation (GDPR) and the German Data Protection Act (DSG). This privacy notice explains how we use your personal data when you visit our website (hereinafter referred to as the „website„).

1. Controller

Source-to-Excellence, Norman Schülein
Email address: (please also refer to the legal information on our website)

Hereinafter referred to as „S2E„, „we“ and „us

2. The personal data (information that relates to you as an identified or identifiable natural person) we process and the purpose and legal basis for processing that data

2.1 Website visits

If you just browse our website and do not provide us with any information beyond that, we will only collect the personal data transferred to our server by your browser. We only collect the following data that is required for technical reasons because it allows us to display our website and ensure that our website is stable and secure (the legal basis is Art 6 (1) (f) of the GDPR): IP address, date and time of access, time zone difference to Greenwich Mean Time (GMT), specific page visited, access status/HTTP status code, volume of data transferred, referring website, browser, operating system and interface, language and version of browser software.

In addition to the above data being processed, cookies are also stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using. They provide specific information to the entity placing the cookies (us in this case). Cookies cannot be used to run programs or deliver viruses to your computer. Their purpose is to improve the website and the user experience. More information about cookies appears in a popup when you first access our website. You can accept and reject certain cookies by updating your browser settings. 

We also include content from third parties on our website (such as links, pixels and plugins) to allow us to provide our services. For technical reasons, when you access that content on our website, electronic identification data is sent automatically to third parties. Those third parties can then process that data in their own right. This data primarily includes your IP address and browser settings as the user. When you use the Controller’s social media channels, the primary contractual relationship is between you and the relevant provider. Further information on this is provided below. 

2.2 Contact with us

If you get in touch with us via the contact form on our website, via email or over the phone, we process the personal data you voluntarily provide us (e.g. your name and contact details) and the content of your message. We need this data to process your enquiry and, in the event of further questions, to fulfill our precontractual/contractual duties as per Art. 6 (1) (b) of the GDPR. We only store this data for as long as it is needed to fulfill its specific purpose. After that point, we delete the data or restrict its processing if there is a statutory requirement to store it for longer.

Further details are provided below to explain how your data is processed and how long it is stored for in the event that we need to commission service providers to enable specific features on our website or if we intend to use your data for marketing purposes. 

2.3 Orders in our online shop

If you place an order in our online shop, we process your name, email address, telephone number, address and payment details to process and fulfill your order. Again, we process your data in this way to fulfill our precontractual/contractual duties under Art. 6 (1) (b) of the GDPR. Information that must be provided because it is not possible for us to fulfill our contractual duties without it is marked as mandatory. You are not required to provide any other information but can do so voluntarily. We may use third-party services to enable us to fulfill our contractual duties, especially when it comes to processing payments. In this case, we will share your personal data with those third parties, usually payment providers. SSL/TLS encryption is always used for transactions processed using standard means of payment (Visa/MasterCard, direct debit). Encrypting your payment data in this way protects it so that third parties cannot access it. Transactions made through the specified payment providers are subject to the contractual terms and data protection provisions of those payment providers. 

We are required by commercial and tax law to store your address, payment details and order details for seven years. However, we do restrict processing of your data after two and a half years (at the end of contractual claims), which means that your data is not being processed and is just being stored to comply with statutory requirements.

2.4 Customer surveys

We conduct customer surveys in order to constantly develop and improve our products. 

2.5 Management of contractual relationships with customers arising from warranty agreements; handling of warranty claims

Conclusion of warranty agreements: Some of the controller’s products include warranties. Once a warranty agreement has been registered or a warranty claim has been submitted, the warranty agreement provides the legal basis for data processing.

2.6 Newsletter

We send out a newsletter to keep you updated about our products and services and invite you to participate in events and competitions.

If we send you our newsletter in the post, we process your name and address. We have a legitimate interest in processing your personal data for the purpose of direct marketing in accordance with Art. 6 (1) (f) of the GDPR.

You also have the option of subscribing to our personalized digital newsletter. Based on your voluntary consent, we process your name, email address, preferred language and information about your buying habits and consumer behavior so that we can provide you with relevant and interesting information by email about our company, our products and our services. The products and services being advertised are specified in the declaration of consent. The legal basis is your consent as per Art. 6 (1) (a) of the GDPR. We also process your IP address, your preferred email client, the sign-up source and campaign-related details (receipt, open and click rates) to track the success of our newsletter. You can revoke your consent with immediate effect at any time without providing a reason by contacting us directly or by clicking on the unsubscribe link in the email.

2.7 Website usage data

When you visit our website, we store your IP address for seven days in order to prevent targeted attacks that overload servers (denial of service attacks) and other damage to our systems. The legal basis for processing your data in this way is our overriding legitimate interest in keeping our website working and secure as per Art. 6 (1) (f) of the GDPR in conjunction with Section 96 (3) of the TKG.

3. Automated decision-making

Customers are not subject to automated decision-making that will have a legal effect on them.

4. Purpose limitation

S2E will only ever process personal data for the purpose for which it was originally collected.

5. External data recipients

We share your personal data with the following external service providers (data processors) where necessary:

  • IT service providers and/or providers of services such as data hosting and data processing
  • Other service providers and providers of software solutions and tools (e.g. newsletter sending services, survey tools, marketing service providers) that we commission to support us in providing our services

We take great care when selecting all our data processors. They only ever process your data on our behalf and on the basis of our instructions for providing the services specified above. We monitor our data processors regularly. You can submit a request to be provided with a list of data recipients at any time by contacting us using the details provided.

We also share your personal data with the following recipients where necessary:

  • Third parties we rely upon to fulfill our obligations to you (e.g. banks for processing payments and parcel service providers for delivering orders)
  • Other external third parties as required, based on our legitimate interests (e.g. auditors, insurance providers and legal representatives)
  • Authorities and other government offices as required by law (e.g. financial authorities and data protection authorities)

If we process your data in a third country outside of the European Union (EU) or the European Economic Area (EEA), or if your data is processed through the use of third-party services, it will only be to the extent required for us to fulfill our precontractual/contractual duties or our legal obligations or on the basis of your consent or our legitimate interests. We have implemented appropriate and adequate safeguards to ensure that the transfer of your data to the respective third country is carried out in conformity with data protection regulations (e.g. adequacy decisions, binding corporate rules and agreement on standard privacy protection clauses). You have the right to withdraw that consent at any time. You can request that we send you a copy of these safeguards if we are processing your data or having your data processed in a third country. 

6. Social plugins and analytics tools

There are links to social plugins (hereinafter referred to as „plugins“) on our website. We do not collect any personal data in relation to these plugins or your use of them. It is, however, possible that data about you as a visitor to our website is collected, transferred to the relevant service provider and linked to other data by them via the plugins. No personal data is shared automatically with the plugin provider. When you click on the image, the service provider will be told that you have visited our website. You do not need to be logged in or even have a user account with that service provider for them to receive that information. We have no say on whether and to what extent the service provider collects personal data. We do not know which personal data is processed or how it is processed or used. We have no insight into the purpose of data processing or how long data is stored for. You will need to refer to the privacy policy provided on the service provider’s website to find out this information along with details on your rights as a data subject and your options for changing the settings. 

Google Analytics

We use Google Analytics to analyze the use of our website. The data collected is used to optimize our website and our advertising. Google Analytics is a service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes data relating to the use of our website on our behalf and is contractually committed to taking steps to ensure the data processed is secure and confidential.

Types of data processed: When someone is visiting the website, the data collected includes the following: pages visited, order details including the value and products ordered, website actions taken (e.g. contact requests and newsletter subscriptions), interaction with the website (e.g. session duration, clicks, scroll depth), rough location of the visitor (country and town/city), IP address (truncated for anonymization), technical details (e.g. browser, internet provider, device and screen resolution), traffic source (i.e., which website or which advert originally drove the visitor to our website).

This data is transferred to Google servers in the USA. Google is subject to the EU-US Data Privacy Framework.

The data transferred to Google Analytics does not include names, addresses or contact details. Google Analytics stores cookies on the user’s web browser for two years after their last visit to our website. These cookies contain a randomly generated user ID that makes it possible to recognize the user when they visit the website again in the future.

The data collected is stored with the randomly generated user ID, making it possible to analyze anonymized usage profiles. This usage data is deleted automatically after 14 months. Other data is stored indefinitely in aggregated form.

If you do not want your data to be collected in this way, you need to install the opt-out browser add-on to disable Google Analytics or reject cookies in our cookie banner dialogue box.

7. Storage period

We only store your data for as long as it is needed to fulfill its specific purpose (e.g. until our business relations have come to an end or our contractual duties have been fulfilled). Personal data (especially the IP address) of (non-registered) website users will be stored for seven days for reasons of IT security and will subsequently be deleted.

If you sign up for our customer loyalty scheme, we store your data for six months after you cancel your membership.

Data required for us to fulfill our accounting and tax obligations within the context of our contractual relationship is stored for seven years. If you sign up for our customer loyalty scheme, we continue to store the associated data for seven years after you cancel your membership.

If you sign up for our customer loyalty scheme, we store your data for six months after you cancel your membership.

We store any data associated with your enquiries for six months to allow us to respond to any questions or queries. Data associated with competitions and events is stored until the corresponding competition or event has ended provided that there are no requirements to store it for longer under commercial or tax law. 

If you have subscribed to our newsletter, we will continue to process your data until you revoke your consent or object to us processing your data in this way. Otherwise, we will delete your data no later than six months after the last contact.

Data may be stored for longer than specified if required to assert our legal rights or defend against legal claims. In that case, the data will be stored based on our legitimate interests as per Art. 6 (1) (f) of the GDPR.

8. Rights of data subjects

You have the right to receive information about whether and to what extent your personal data is being processed.

You have the right to ask for inaccurate personal data to be corrected and incomplete personal data to be completed without delay. You also have the right to ask for your personal data to be erased without delay provided that the reasons defined in Art. 17 (1) of the GDPR are met.

You have the right to restrict the processing of your personal data provided that the reasons defined in Art. 18 (1) of the GDPR are met.

You have the right to object to the processing of your personal data on the basis of an overriding legitimate interest. You also have the right to withdraw your consent with immediate effect at any time without providing a reason.

You also have the right to receive personal data you have provided in a structured, commonly used and machine-readable format.

9. Right to lodge a complaint

Data subjects have the right to lodge a complaint with the supervisory authority if they believe that the processing of their personal data violates this regulation.

Before you lodge a complaint with the supervisory authority or if you have any other questions relating to data protection, you can get in touch with us at any time using the contact details provided above in Section 1.