Privacy Policy

Privacy Policy and Information
Information obligations pursuant to Art. 12, 13 ff. GDPR

We take the protection of your personal data seriously and comply with the legal regulations on data protection. Personal data is only collected to the extent necessary.

The following statement/information provides you with an overview of how we ensure this protection and what type of data is collected for what purpose.

The statement is divided into:

A. General information on data protection

B. Additional information for visitors to our website

C. Additional information for our customers, suppliers, and other business partners

D. Additional information for our employees

E. Additional information for applicants

A. General information on data protection

I. Name and contact details of the controller and the data protection officer

1. The controller within the meaning of Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is

Walter Schneider GmbH, represented by the managing directors Dr. Jens Neumeyer and Jens Siegle,

Raiffeisenstr. 28,
75196 Remchingen-Wilferdingen
Germany
in**@****************en.de

Legal notice: https://www.schneider-umformen.de/impressum.php

2. The data protection officer of the controller is:

Attorney Jörg Hiltwein, Rastatterstr. 29, 75179 Pforzheim, Germany,
Email: da*********************@****************en.de

Any data subject may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

II. General information on data processing

1. Scope of processing

We only process your personal data to the extent necessary to provide a functional website, to execute a contract, in particular to provide our services or to receive your services to us. Personal data is only processed if there is a legal basis for doing so, e.g. your consent. An exception applies in cases where it is not possible to obtain prior consent for practical reasons or where the processing of your personal data is permitted by law.

2. Terms

Below, we provide information about the processing of personal data, in particular when using our website. In this privacy policy, we use the following terms, among others:

• Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

• Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

• Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, distribution, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

• Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.

• Profiling

Profiling is any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

• Pseudonymization

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

• Controller or processor

The controller or data controller is the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

• Processor

A processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

• Recipient

A recipient is a natural or legal person, public authority, agency, or another body to which personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

• Third party

Third party means any natural or legal person, public authority, agency, or other body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

• Consent

Consent is any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

III. Legal basis for the processing of personal data

We only process your personal data if there is a legal basis for doing so, in particular if

• you have given your express consent in accordance with Art. 6 (1) (a) GDPR;

• this is legally permissible and necessary for the performance of contractual relationships with you in accordance with Art. 6 (1) (b) GDPR;

• there is a legal obligation to disclose the data pursuant to Art. 6 (1) (c) GDPR;

• the processing of personal data is necessary to protect the vital interests of the data subject or another natural person, Art. 6 (1) (d) GDPR serves as the legal basis;

• processing is necessary for the establishment, exercise, or defense of legal claims pursuant to Art. 6(1)(f) and Art. 9(2)(f) GDPR, and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data;

As a matter of principle, we do not transfer data to third countries (outside the EU). Should such a transfer become necessary, we will obtain your consent if your consent is not already apparent from the contractual relationship (e.g., services/delivery to a third country).

IV. Data deletion and storage period

We adhere to the principles of data avoidance and data minimization. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as provided for by the various storage periods stipulated by law.

After the respective purpose has ceased to exist or these periods have expired, the corresponding data will be routinely blocked or deleted in accordance with the statutory provisions.

In principle, the duration of storage is determined by the respective statutory retention period, e.g., commercial and tax law retention periods pursuant to Section 257 (4) of the German Commercial Code (HGB) and Section 147 (3) of the German Fiscal Code (AO) (6 or 10 years). Retention periods may also arise due to ongoing limitation periods for claims. Civil law claims regularly become time-barred after 3 years, with a maximum of 30 years. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfillment of a contract or the initiation of a contract and/or we no longer have a legitimate interest in further storage.

V. Your rights as a data subject

If your personal data (as a visitor to our website, as a customer or other business partner, as an employee or applicant) is processed by us, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis us:

1. Right to information

You have the right to obtain information about whether and which of your personal data is processed by us. In this case, we will also inform you about

• the purpose of processing;

• the categories of data;

• the recipients of your personal data;

• the planned storage period or the criteria for the planned storage period;

• your other rights;

• if we have not obtained your personal data from you: all available information about its origin;

• if available: the existence of automated decision-making and information about the logic involved, the scope and the intended effects of the processing.

2. Right to rectification

You have the right to rectification and/or completion if your personal data processed by us is inaccurate or incomplete.

3. Right to restriction of processing

You have the right to restriction of processing if

• we are verifying the accuracy of your personal data processed by us;

• the processing of your personal data is unlawful;

• you need your personal data processed by us for the purpose of legal proceedings after the purpose has ceased to exist;

• you have objected to the processing of your personal data and we are reviewing this objection.

4. Right to erasure

You have the right to erasure if

• we no longer need your personal data for its original purpose;

• you withdraw your consent and there is no other legal basis for processing your personal data;

• you object to the processing of your personal data and, unless it is for direct marketing purposes, there are no overriding reasons for further processing;

• the processing of your personal data is unlawful;

• the erasure of your personal data is required by law;

• your personal data was collected as a minor for information society services.

5. Right to notification

If you have exercised your right to rectification, erasure, or restriction of processing, we will notify all recipients of your personal data of this rectification, erasure, or restriction of processing.

6. Right to data portability

You have the right to receive your personal data processed by us on the basis of consent or for the performance of a contract in a structured, commonly used, and machine-readable format and to transmit it to another controller. If technically feasible, you have the right to have us transmit this data directly to another controller.

7. Right to object

You have the right to object to the processing of your personal data for specific reasons. In this case, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing.

You have the right to object at any time to the processing of your personal data for direct marketing purposes.

If there is another legal basis for the processing of personal data, we may continue to process this data despite your objection.

8. Right of revocation

You have the right to revoke your consent to us at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

If there is another legal basis for the processing of personal data, we may continue to process this data despite your revocation.

9. Right to complain

If you believe that our processing of your personal data violates data protection rules, you can complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our headquarters. You can follow this link: https://www.bfdi.bund.de/DE/Service/Anschriften/anschriften_table.html.

VI. Submissions as a data subject pursuant to Art. 12 et seq. GDPR

1. Description and scope of data processing

If you wish to exercise the above rights or otherwise assert claims against us or oppose claims by us against you, we will record the submissions you make to us in exercising your rights.

2. Legal basis for data processing

The legal basis for the processing of your personal data in the context of processing your data protection request (“data subject input”) is Art. 6 (1) lit. c in conjunction with Art. 12 ff. GDPR. The legal basis for the subsequent documentation of the legally compliant processing of data subject input is Art. 6 (1) lit. f GDPR.

3. Purpose of data processing

The purpose of processing your personal data in the context of processing data subject requests is to respond to your data protection request. The subsequent documentation of the legally compliant processing of the respective data subject request serves to fulfill the legally required obligation to provide evidence, Art. 5 (2) GDPR.

4. Storage period

Your personal data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of processing data subject requests, this is three years after the end of the respective process, in accordance with Section 41 BDSG in conjunction with Section 31 (2) No. 1 OWiG.

5. Right to object and right to erasure

You have the right to object to the processing of your personal data in connection with the processing of data subject requests at any time with future effect. In this case, however, we will no longer be able to process your data protection request.

It is mandatory to document the lawful processing of the respective data subject request. Consequently, you have no option to object.

VII. Defense and enforcement of rights

1. Legal basis

The legal basis for the processing of your personal data in the context of our legal defense and enforcement is Art. 9 (2) (f) and Art. 6 (1) (f) GDPR.

2. Categories of recipients

Within our company, only those departments and divisions that need the data to fulfill the aforementioned purposes receive personal data. In addition, we sometimes use various service providers and transfer your personal data to other trustworthy recipients to the extent necessary. These may include, for example:

• Banks

• Insurance companies

• IT service providers

• Lawyers, courts, notaries, bailiffs

• Tax advisors

3. Purpose

The purpose of processing your personal data in the context of legal defense and enforcement is to defend against unauthorized claims and to legally enforce and assert claims and rights.

4. Storage period

Your personal data will be deleted as soon as it is no longer required for the purpose for which it was collected.

5. Right to object and right to erasure

The processing of your personal data in the context of legal defense and enforcement is absolutely necessary for legal defense and enforcement. Consequently, you have no right to object.

An overview of your rights as a data subject can be found under A. V.

B. Additional information for visitors to our website

I. Provision of our website and creation of log files

1. Description and scope of data processing

When you use the website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security.

• IP address

• Date and time of the request

• Time zone difference to Greenwich Mean Time (GMT)

• Content of the request (specific page)

• Access status/HTTP status code

• Amount of data transferred

• Website from which the request originates

• Websites accessed by the user’s system via our website

• Type of browser

• Operating system (e.g., Windows 10, Linux) and its interface (e.g., X-Windows)

• Language and version of the browser software.

The data is stored in our system’s log files. This does not affect the user’s IP addresses or other data that enables the data to be assigned to a user. This data is not stored together with other personal data of the user.

Our website may contain links to websites of other providers or embed content from other websites. As soon as you click on these links, the respective website operator may receive information that you have accessed the page. This privacy policy applies exclusively to our website. We have no influence on the data collected and processed, nor are we aware of the full extent of data collection, the purposes of processing, or the storage periods of linked websites. We must assume that the privacy policies there are comprehensive and correct.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 (1) lit. f GDPR.

3. Purpose of data processing

We process the aforementioned data for the following purposes:

• Ensuring smooth connection to the website,

• Ensuring convenient use of our website,

• Evaluating system security and stability, and

• For other administrative purposes,

• Creating a server log (usually deleted after 7 days)

Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person, unless otherwise stated below.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended. In the case of data storage in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

5. Right to object and right to erasure

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no right to object on the part of the user.

II. Use of cookies

1. Description and scope of data processing

In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information flows to the entity that sets the cookie (in this case, us). Cookies cannot execute programs or transfer viruses to your computer. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

We also use cookies on our website that are not technically necessary, but enable us to analyze the surfing behavior of users. For an explanation of these, please refer to our cookie consent box when you start the website.

2. Legal basis for data processing

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 (1) lit. f GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 (1) lit. a GDPR, provided that the user has given their consent.

You can give this consent in our cookie banner on the home page of our website.

3. Purpose of data processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

The user data collected by technically necessary cookies is not used to create user profiles.

The use of (technically unnecessary) analysis cookies is for the purpose of improving the quality of our website and its content. Analysis cookies tell us how the website is used and enable us to continuously optimize our offering.

The following data may be transmitted in this way:

Search terms entered

• Frequency of page views

• Use of website functions

These purposes also constitute our legitimate interest in processing personal data in accordance with Art. 6 (1) (f) GDPR.

4. Duration of storage

Cookies are stored on the user’s computer and transmitted to our site by the user. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent. Your personal data will be deleted as soon as it is no longer required for the purpose of its processing; this is particularly the case when you leave the website.

5. Option to object and delete

You can find an overview of the cookies used on our website in the cookie consent box when you start the website.

Cookies are stored on your computer with your permission and transmitted from there to our website. You therefore have full control over the use of cookies.

You can deactivate or restrict the transmission of cookies by changing the settings in your browser. You can delete cookies that have already been stored at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent. Some technically necessary cookies cannot be deactivated.

The transmission of Flash cookies cannot be prevented via your browser settings. This requires appropriate changes to the settings of Adobe Flash Player.

III. Contact form and email contact

1. Description and scope of data processing

Our website contains contact forms and our email address, which can be used to contact us electronically. If a user takes advantage of this option, the data entered in the input mask/email will be transmitted to us and stored. This data includes:

• First name, last name

• Email address

• Phone number (optional)

• Reason for contacting us (request)

• Request for a callback

• Confirmation that you have read and understood the privacy policy

When you send the message, the following data will also be stored:

• Your IP address

• Date and time of contact

Your consent is obtained for the processing of the data as part of the sending process and reference is made to this privacy policy.

Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted with the email will be stored.

In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for processing the data is Art. 6 (1) lit. a GDPR if the user has given their consent.

The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 (1) lit. a and lit. f GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR.

3. Purpose of data processing

The processing of personal data from the input mask serves solely to process the contact request. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data from the input mask of the contact form and that sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

Please note that longer storage/retention periods may result from legal requirements (see A. IV. above).

5. Right to object and right to erasure

Users may revoke their consent to the processing of their personal data at any time.

If users contact us by email, they may object to the storage of their personal data at any time. In such cases, the conversation cannot be continued.

All personal data stored in the course of establishing contact will be deleted in this case, unless we are obliged to store it on a legal basis (see A. IV. above).

An overview of your rights as a data subject can be found under A. V.

IV. Newsletter

1. Description and scope of data processing

You can subscribe to our newsletter, which we use to inform you about our current interesting offers. If a user takes advantage of this option, the data entered in the input mask (name, email address, telephone number, content of the message) will be transmitted to us and stored.

2. Legal basis

The legal basis for the processing of your personal data in the context of sending the newsletter is your declared consent in accordance with Art. 6 (1) lit. a EU GDPR.

3. Purpose

The processing of your personal data serves to send you the newsletter. The purpose of processing your personal data in the context of sending the newsletter is to send you information, offers, and, where applicable, to promote sales through the sale of goods or services.

4. Storage period

Your personal data will be deleted as soon as it is no longer required for the purpose of its processing. Your personal data will therefore be stored until you unsubscribe from our newsletter.

5. Right to object and right to erasure

You can revoke your consent to receive the newsletter at any time or use the unsubscribe link contained in each newsletter to object to further receipt of the newsletter.

V. Use of Google Analytics

1. Description and scope of data processing

Our website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies,” which are text files placed on your computer, to help the website analyze how users use the site.

This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are truncated before being processed, thus ruling out the possibility of personal references. If the data collected about you is personal, it is immediately excluded and the personal data is deleted immediately.

The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

2. Legal basis

The legal basis for the use of Google Analytics is Art. 6 (1) (f) GDPR.5.

3. Purpose

We use Google Analytics to analyze and regularly improve the use of our website. We also use Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data,” “Personal data.”

The statistics obtained enable us to improve our offering and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

4. Recipients

The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator.

5. Right to object and removal option

You can prevent cookies from being stored by adjusting your browser software settings accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

6. Further information

Third-party provider information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of use: http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and privacy policy: http://www.google.de/intl/de/policies/privacy.

VI. Social media, Google Maps

1. Description and scope of data processing

We do not use social media plugins such as Facebook, Twitter, etc. We use Google Maps on this website. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function.

2. Legal basis

The data in connection with the following measures is collected on the basis of Art. 6 (1) (f) GDPR.

3. Recipients

When you visit the website, Google receives information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in § 3 of this declaration is transmitted. This occurs regardless of whether Google provides a user account that you are logged in to or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not want your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research, and/or the needs-based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

4. Further information

Further information on the purpose and scope of data collection and its processing by the plugin provider can be found in the provider’s privacy policy. There you will also find further information on your rights in this regard and settings options for protecting your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

C. Additional information for our customers, suppliers, and other business partners

The GDPR requires us to provide you with comprehensive information about the processing of your personal data within the framework of our contractual relationship, which we are very happy to do.

If you have any questions about your personal data and its processing, our data protection officer is available to assist you at any time. The data protection officer is not subject to any instructions, is independent in his position, and is legally bound to maintain secrecy and confidentiality, so you can contact him with confidence.

We would like to take this opportunity to inform you of the following:

I. Customers, suppliers, other business partners; contract processing, etc.

1. Description and scope of data processing

Personal data is processed in order to fulfill our rights and obligations arising from contractual relationships with our customers, suppliers, and other business partners.

We collect/process the following personal data (but only to the extent necessary):

  • Title, first name, last name of the customer
  • First name, last name of the entrepreneur and the contact person in their company;
  • A valid email address;
  • Address;
  • Date of birth, in particular for applications to authorities
  • Telephone/fax number (landline and/or mobile);
  • Information that is otherwise necessary for the execution of the contractual relationship or the protection of our rights and the fulfillment of our obligations.

2. Categories of recipients

We process personal data for the purpose of fulfilling the contractual relationship and store it in our database system (ERP, CRM) and in our accounting system. The data is sent internally to departments and divisions that need to be involved in order to fulfill the purpose associated with the data collection. The data is also sent to our tax advisor and to authorities (e.g., building authority, tax office) to the extent required or necessary by law. We provide address data to the shipping company commissioned to deliver orders. Recipients of personal data may also be third parties if contracts are concluded or services are offered or provided by us together with partners, as well as suppliers, subcontractors, contractors of preceding or subsequent trades, and credit institutions, legal service providers, insofar as this is necessary for contract processing (manufacture, delivery, payment). We pass on your data to the shipping company commissioned to deliver orders. Profiling or automated decision-making does not take place.

Failure to provide data may result in the contract not being concluded or processed.

3. Legal basis for data processing

The legal basis for the processing of your personal data and the personal data of your company’s contact persons in the context of customer and supplier accounts, the conclusion of business transactions, and ongoing business relationships is Art. 6 (1) (b) GDPR and Art. 6 (1) (f) GDPR.

If you or the contact persons at your company have given your consent, Art. 6 (1) (a) GDPR is an additional legal basis for the processing of your personal data and the personal data of the contact persons at your company.

4. Purpose of data processing

The purpose of processing your personal data and the personal data of your company’s contact persons in the context of customer and supplier registration, the conclusion of business transactions, and ongoing business relationships is to establish, execute, and terminate the respective order and to take it into account in future order placements and tenders.

This data is processed in particular

• to be able to identify you as our contractual partner or employee of our contractual partner;

• to be able to advise, support, and supply you appropriately;

• to correspond with you;

• for invoicing;

• to process any warranties or liability claims;

• to defend against unauthorized claims and to legally enforce and assert claims and rights.

5. Origin

If we have not received personal data directly from you, the contact person at your company has provided us with your personal data as part of the customer and supplier registration process.

6. Storage period

Your personal data and the personal data of your company’s contact persons will be deleted as soon as it is no longer required for the purpose for which it was collected.

In the case of customer and supplier records, business transactions, and ongoing business relationships, this is the case when the contract underlying the order or offer has been fulfilled and all claims arising from the contractual relationship have become time-barred or there are no longer any statutory retention periods.

In the case of consideration for future orders or tenders, this is the case when your company is no longer interested in being considered for future orders, tenders, or offers.

Please note that longer storage/retention periods may result from legal requirements (see A. IV. above).

7. Right to object and right to erasure

The processing of your personal data and the personal data of your company’s contact persons is essential for the establishment, execution, and termination of the respective contract, order, or offer. Consequently, you or your company’s contact person have no right to object.

If you or your company’s contact persons have given consent to the processing of your personal data, this consent can be revoked at any time for the future, or you can object to the processing of personal data for the future in the context of future orders or offers.

An overview of your rights as a data subject can be found under A. V.

II. Contacting us by email

1. Description and scope of data processing

You have the option of contacting us via our email address(es). In this case, the user’s personal data transmitted with the email will be stored.

In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

2. Legal basis for data processing

The legal basis for the processing of your personal data and the personal data of your company’s contact persons, which is transmitted to us when you send us an email, is Art. 6 (1) lit. f GDPR. If the email contact is aimed at concluding or processing a contract, Art. 6 (1) lit. b GDPR is an additional legal basis for the processing of personal data.

3. Purpose of data processing

The processing of personal data in the event of contact by email serves us solely for the purpose of processing the contact.

4. Duration of storage

Personal data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data sent by email, this is the case when the respective conversation with you or the contact persons at your company has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified between us.

Please note that longer storage/retention periods may result from legal requirements (see A. IV. above).

5. Right to object and right to erasure

You have the right to object to the processing of your personal data at any time in the future when contacting us by email. In such a case, the conversation between us cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

An overview of your rights as a data subject can be found under A. V.

D. Additional information for our employees

I. General information on data processing

The GDPR obliges us to provide you with comprehensive information about the processing of your personal data within the framework of a contractual relationship with us.

If you have any questions about your personal data and its processing, our data protection officer is available to assist you at any time. The data protection officer is not subject to any instructions, is independent in his position, and is legally obliged to maintain secrecy and confidentiality, so you can contact him or her with confidence.

II. Data processing within the framework of the employment relationship

1. Description and scope of data processing

We only process your personal data to the extent necessary for the establishment, implementation, and termination of the employment relationship. Further processing of your personal data will only take place on a regular basis if we have obtained your prior consent. An exception applies in cases where it is not possible to obtain prior consent for practical reasons or where the processing of your personal data is permitted by law.

2. Categories of recipients

Within our company, personal data is received by those departments and divisions that need it to fulfill the purpose for which it was collected. We also transfer your data to the following (internal and external) recipients, but only if this is necessary to fulfill legal or contractual obligations:

  • Our human resources department
  • Supervisors of the employee concerned
  • Payroll accounting
  • Financial accounting
  • Works council (if applicable)
  • Data protection officer
  • Representative for severely disabled persons (if applicable)
  • Equal opportunities officer (if applicable)
  • Controlling/auditing
  • Social security institutions: health insurance companies, medical care funds, pension insurance institutions
  • Employment agency
  • Supervisory and occupational safety authorities
  • Tax office
  • Integration office in the case of severe disability
  • Insurance companies
  • Document shredders
  • Creditors in the case of wage and salary garnishments
  • IT service providers
  • Lawyers,
  • Courts,
  • Tax advisors,
  • Personnel service providers,
  • Other external service providers
  • Customers (if the employee works in sales, for example),
  • Employers’ liability insurance association,
  • Banking institutions.

3. Legal basis for data processing

a. Personal data

Insofar as we obtain your consent for the processing of personal data, Art. 6 (1) lit. a GDPR, Art. 88 (1) GDPR in conjunction with § 26 (2) BDSG (Federal Data Protection Act) serve as our legal basis.

When processing personal data that is necessary for the establishment, implementation, or termination of the employment contract, we use Art. 6 (1) (b) GDPR, Art. 88 (1) GDPR in conjunction with § 26 (1) BDSG, § 611a BGB as the legal basis.

Insofar as the processing of personal data is necessary to fulfill a legal obligation, Art. 6 (1) lit. c GDPR serves as the legal basis. Legal obligations include, among others:

  • § 28a SGB (Social Security Code) IV; §198 ff SGB V; § 190 ff., § 281c SGB VI DEÜV (Data Collection and Transmission Ordinance), for reporting to the authorities;
  • § 829 (2) sentence 1 ZPO (Code of Civil Procedure) with regard to wage garnishments;
  • § 16 (2) ArbZG (Working Hours Act) and § 7d (1) sentence 1 SGB IV, for the documentation of working time accounts;
  • §§ 16, 17 MiLoG (Minimum Wage Act), for the documentation of working hours and for the fulfillment of the obligation to report to the authorities;
    Sections 49, 50 JArbSchG (Youth Employment Protection Act), for fulfilling information and documentation obligations to the authorities;
    Sections 76, 88, 101 BBiG (Vocational Training Act), for fulfilling documentation and information obligations to the authorities;
  • Section 163 SGB IX (Rehabilitation and participation of persons with disabilities in working life) on the implementation of cooperation between employers, the Employment Agency, and integration offices;
  • Section 312 SGB III on the issuance of employment certificates to the Employment Agency;
  • Section 27 MuSchG on the fulfillment of notification and retention obligations vis-à-vis the authorities.

If processing is necessary to safeguard a legitimate interest of ours or of a third party and your interests, fundamental rights, and freedoms do not outweigh the former interest, Art. 6 (1) lit. f GDPR serves as the legal basis for processing.

b. Special categories of personal data

Insofar as we obtain your consent for the processing of special categories of personal data (Art. 9 (1) GDPR), such as religious affiliation, nationality, and health data, Art. 9 (2) lit. a GDPR serves as the legal basis.

If the processing of special categories of personal data is necessary for us to exercise our rights under labor law and social security and social protection law and to fulfill our obligations in this regard, the legal basis for the processing is Art. 6 (1) (c) GDPR, Art. 9 (2) (b) GDPR, Art. 88(1) GDPR in conjunction with Section 26(3) BDSG.

If the processing relates to special categories of personal data that you yourself have made public, the legal basis is Art. 6 (1) (f) GDPR, Art. 9 (2) (e) GDPR, Art. 88 (1) GDPR in conjunction with § 26 (1) BDSG.

If the processing of special categories of personal data is necessary for the purposes of health care, occupational medicine, or the assessment of working capacity, the legal basis is provided by Art. 6 (1) (b) GDPR, Art. 9 (2) (h) GDPR, Art. 88 (1) GDPR in conjunction with § 26 (1) BDSG.

4. Purposes of data processing

Your personal data is processed for the purpose of establishing, implementing, and terminating the employment relationship, in particular to fulfill obligations under the employment contract, statutory obligations, collective agreements (if applicable), and social security law.

5. Duration of storage

Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by European or national legislators in EU regulations, laws, or other provisions to which we are subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

We then store your data for the following periods, among others:

• Payroll account documents for up to 10 years in accordance with Section 147 (1) No. 4,5 in conjunction with Section 3 AO (German Fiscal Code); Section 41 (1) Sentence 9 EStG (Income Tax Act); § 257 (1) No. 1, 4 in conjunction with § 238 (1) HGB (German Commercial Code);

• Warnings for up to 2.5 years (according to case law);

• Application documents and data, after a decision not to fill the position, up to 6 months, burden of proof for discrimination, deadline §§ 21 (5), 22 AGG (General Equal Treatment Act);

• Application documents otherwise: Upon dissolution or termination of the employment relationship;

• Working time records 2 years according to § 16 (2) ArbZG (Working Hours Act);

• Working time records 2 years according to § 50 JArbSchG (Youth Employment Protection Act);

• Working time records 2 years according to § 17 (1) MiLoG (Minimum Wage Act);

• Other working time records: 6 years, Section 147 (1) No. 5, (3) AO (German Fiscal Code);

• Pension provision: 30 years from retirement, Section 18a BetrAVG (German Occupational Pensions Act).

Please note that longer storage/retention periods may result from legal requirements (see A. IV. above).

6. Right to object and right to erasure

The processing of your personal data within the scope of the employment relationship is essential for the establishment, implementation, and termination of the employment relationship. Consequently, you have no right to object.

If the processing of your personal data is based on consent, you have the right to withdraw your consent at any time.

An overview of your rights as a data subject can be found under A. V.

E. Additional information for applicants

I. General information on data processing

The GDPR requires us to provide you with comprehensive information about the processing of your personal data in the context of your application process.

II. Data processing in the context of the application process

1. Description and scope of data processing

We only process your personal data to the extent necessary to initiate and establish an employment relationship. Further processing of your personal data will only take place on a regular basis if we have obtained your prior consent. An exception applies in cases where it is not possible to obtain prior consent for practical reasons or where the processing of your personal data is permitted by law.

2. Categories of recipients

Within our company, personal data is received by those departments and divisions that need it to fulfill the aforementioned purposes. In addition, we sometimes use various service providers and transfer your personal data to other external or internal recipients if this is permitted by law or if we have your consent, e.g.

• Our human resources department

• Potential supervisors

• Specialist departments

• Financial accounting

• Works council (if applicable)

• Data protection officer

• Representative for disabled employees

• Equal opportunities officer

• Controlling/auditing

• Employment agency

• Integration office in the case of severe disability

• IT service providers

3. Legal basis for data processing

The legal basis for the processing of your personal data in the context of the application process is Section 26 (1) sentence 1, (3) BDSG.

Insofar as we obtain your consent for the processing of your personal data, Section 26 (2) BDSG serves as the legal basis.

If the processing of your personal data is necessary to fulfill a legal obligation to which we are subject, Art. 6 (1) (c) GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of ours or of a third party and your interests, fundamental rights, and freedoms do not outweigh the former interest, Art. 6 (1) lit. f GDPR serves as the legal basis for processing. Another legitimate interest in this sense is, for example, the burden of proof in proceedings under the General Equal Treatment Act (AGG).

The legal basis for the processing of special categories of personal data within the meaning of Article 9(1) GDPR is Section 26(3) BDSG.

4. Purposes of data processing

Your personal data is processed for the purpose of establishing an employment relationship, in particular to fulfill obligations arising from the employment contract, statutory obligations, collective agreements (if applicable), and social security obligations.

5. Duration of storage

Your personal data will be deleted or blocked as soon as the purpose for storage no longer applies. Storage may also take place if this has been provided for by European or national legislators in EU regulations, laws, or other provisions to which we are subject. The data will also be blocked or deleted when a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

We store your personal data for the following periods, among others:

• Application documents and data, after a decision not to fill the position, for up to 6 months, burden of proof for discrimination, deadline §§ 21 (5), 22 AGG (General Equal Treatment Act)

• Application documents otherwise: Upon dissolution or termination of the employment relationship

6. Right to object and right to erasure

The processing of your personal data as part of the application process is essential for establishing the employment relationship. Consequently, you have no right to object.

If the processing of your personal data is based on consent, you have the right to withdraw your consent at any time.

An overview of your rights as a data subject can be found under A. V.