Data Protection Statement

We take the protection of your personal data seriously and comply with statutory data protection regulations. Personal data is collected only to the extent necessary.

The following policy/information provides an overview of how we ensure this protection and which type of data we collect for which purpose.

The explanation is divided into:

A. General information about data protection

B. Additional information for visitors to our website

C. Supplementary information for our customers, suppliers and other business partners

D. Supplementary information for our employees

E. Supplementary information for applicants

A. General information about data protection

I. Name and contact details of the controller and the Data Protection Officer

1. The controller within the meaning of Art. 4 Par. 7 EU General Data Protection Regulation (GDPR) is

Walter Schneider GmbH, represented by Managing Directors Dr. Jens Neumeyer and Jens Siegle,

Raiffeisenstr. 28,
75196 Remchingen-Wilferdingen
Germany
encrypted---aW5mb0BzY2huZWlkZXItdW1mb3JtZW4uZGU=

Website credits: https://www.schneider-umformen.de/impressum.php

2. The Data Protection Officer of the controller is:

Lawyer Jörg Hiltwein, Rastatterstr. 29, 75179 Pforzheim,
E-mail: encrypted---ZGF0ZW5zY2h1dHpiZWF1ZnRyYWd0ZXJAc2NobmVpZGVyLXVtZm9ybWVuLmRl

Each data subject can contact our Data Protection Officer directly at any time with any questions and comments.

II. General information about data processing

1. Scope of the processing

We process your personal data only if this is necessary for the provision of a functional website, for the performance of a contract, and especially for the provision of our services or for receiving your services to us. Personal data is processed only to the extent that a legal basis for doing so exists, for example if you give your consent. An exception applies in such cases in which prior consent cannot be obtained for factual reasons, or the processing of your personal data is permitted by a legal permission.

2. Terms

Below you will find information about how your personal data is processed especially when you use our website. This Privacy Policy uses the following terms, among others:

• Personal data

“Personal data” refers to all information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

• Data subject

“Data subject” means any identified or identifiable natural person whose personal data is processed by the controller.

• Processing

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

• Restriction of processing

“Restriction of processing" means the marking of stored personal data with the aim of limiting its processing in the future.

• Profiling

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

• Pseudonymisation

“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

• Controller

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

• Processor

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

• Recipient

“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed regardless of whether or not they are a third party. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not regarded as recipients.

• Third party

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

• Consent

“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

III. Legal basis for the processing of personal data

We process your personal data only if a legal basis for doing so exists, especially if

• You have granted us your express consent to do so in accordance with Art. 6 Par. 1 P. 1 lit. a GDPR;

• This is legally permissible and is required in accordance with Art. 6 Par. 1 P. 1 lit. b GDPR for the performance of contractual relationships with you;

• There is a legal duty to disclose it in accordance with Art. 6 Par. 1, 1 lit. c GDPR;

• In the event that the vital interests of the data subject or of another natural person require personal data to be processed, Art. 6 Par. 1 lit. d GDPR serves as the legal basis;

• The processing of the data is necessary in accordance with Art. 6 Par. 1 P. 1 lit. f, Art.9 Par. 2 lit. f GDPR to establish, exercise or defend legal claims and there is no reason to assume that you have a legitimate interest worthy of protection in your data not being forwarded;

We do not transmit any data to a third country (outside of the EU). Should such transmission of data become necessary, we will obtain your consent if your consent is not already covered by the contractual relationship (such as services/supply to a third country).

IV. Data deletion and storage periods

We follow the principles of data avoidance and data minimisation. This means that we store your personal data only for as long as it is required to fulfil the purposes set out here or as provided for under various statutory retention periods.

After the discontinuance of the respective purpose or the expiry of these periods, the corresponding data is routinely blocked or deleted according to statutory provisions.

In principle, the duration of the storage is determined by the applicable statutory retention period, e.g. retention periods under commercial and fiscal legislation as per § 257 Par. 4 German Commercial Code (HGB), § 147 Par. 3 Tax Code (AO) (6 or 10 years). Retention periods may also be determined based on the current limitation periods for claims. Civil claims thus regularly lapse in 3 years, maximum 30 years. After the end of this period, the data in question is routinely deleted to the extent that it is no longer required to perform a contract or for steps taken prior to entering into a contract and/or we have no legitimate interest in its continued storage.

V. Your rights as the data subject of the data processing

If your personal data (as a visitor to our website, as a customer or other business partner, as an employee or applicant) is processed by us, you are the data subject within the meaning of GDPR and you can assert the following rights against us:

1. Right to information

You have a right to information about whether and which of your personal data is processed by us. In this case, we will also inform you about

• The processing purpose;

• The data categories;

• The recipients of your personal data;

• The planned storage period or the criteria for the planned storage period;

• Your other rights;

• If your personal data was not supplied by you: all available information about its origin;

• If available: the existence of automated decision-making and information about the logic involved, the scope and the desired effect of the processing.

2. Right to correction

You have a right to correction and/or completion if the personal data that is processed by us is incorrect or incomplete.

3. Right to restriction of processing

You have a right to restrict the processing if

• We verify the correctness of your personal data that is processed by us;

• The processing of your personal data is unlawful;

• You require the data that was processed by us for prosecution if the purpose no longer exists;

• You have objected to the processing of your personal data and we examine this objection.

4. Right to deletion

You have a right to deletion if

• We no longer require your personal data for its original purpose;

• You withdraw your consent and there are no further legal bases for the processing of your personal data;

• You object to the processing of your personal data and - provided it is not direct marketing - no overriding reasons for its further processing exist;

• The processing of your personal data is unlawful;

• The deletion of your personal data is legally required;

• Your personal data was collected as a minor for information society services.

5. Right to information

If you have asserted your right to correction, deletion or restriction of the processing, we will notify all recipients of your personal data about this correction, deletion of data or restriction of the processing.

6. Right to portability

You have a right to obtain your personal data that is processed by us on the basis of consent or for performance of the contract in a structured, common and machine-readable format, and to transmit it to a different controller. If this is technically feasible, you have the right to us transmitting this data directly to another controller.

7. Right to object

In the event of special reasons, you have a right to object to the processing of your personal data. In this case, we will no longer process your personal data unless we can prove compelling and legitimate reasons for processing it.

In the event that your personal data is processed for the purpose of direct marketing, you have a right to object at all times.

Unless any other legal basis for the processing of personal data exists, we can continue to process this data despite your objection.

8. Right of withdrawal

You have the right to withdraw the consent that you have granted us at any time. Withdrawal of consent does not affect the lawfulness of consent-based processing carried out up to the point of withdrawal.

Unless any other legal basis for the processing of personal data exists, we can continue to process this data despite your withdrawal.

9. Right to complaint

If you believe that the processing of your personal data by us violates data protection regulations, you can complain to a supervisory authority. Generally, you can contact the supervisory authority at your usual place of residence or work, or our head office. You can use the following link for this: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

VI. Entries as the data subject in accordance with Art. 12 ff. GDPR

1. Description and scope of the data processing

If you want to exercise the above A. V. laws or assert other claims against us, or if you want to defend yourself against claims asserted by us against you, we will record the entries that you make when exercising your rights towards us.

2. Legal basis of the data processing

The legal basis for the processing of your personal data in the context of processing your data protection-related enquiry (“data subject input”) is Art. 6 Par. 1 lit. c in conjunction with Art. 12 ff. GDPR. The legal basis of the subsequent documentation of the legally compliant processing of data subject entries is Art. 6 Par. 1 lit. f GDPR.

3. Purpose of the data processing

The purpose of the processing of your personal data in the context of processing data subject entries is to answer your data protection-related enquiry. The subsequent documentation of the legally compliant processing of the respective data subject entries is used to fulfil the obligation to provide evidence that is required by law, Art. 5 Par. 2 GDPR.

4. Storage period

Your personal data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of processing of data subject entries, this is in accordance with § 41 Federal Data Protection Act in conjunction with § 31 Par. 2 No. 1 OWiG, three years after the end of the respective operation.

5. Right to object and removal

You have the right to object at any time to the processing of your personal data as part of the processing of data subject entries, with future effect. In this case, we cannot process your data protection-related enquiry, however.

Documentation of the legally-compliant processing of the relevant data subject entries is mandatory. It follows that you do not have any right to object.

VII. Defence and implementation of laws

1. Legal basis

The legal basis for processing your personal data as part of our legal defence and enforcement is Art. 9 Par. 2 f lit. f; 6 Par. 1 lit. f GDPR.

2. Recipient categories

Within our company, only those divisions and departments are given access to personal data that require it for the fulfilment of the previously-mentioned purposes. In addition, we sometimes use various service providers and transmit your personal data to other trusted recipients if this is necessary. These may be, for example:

• Banks

• Insurance companies

• IT service providers

• Lawyers, courts, notaries, bailiffs

• Tax advisers

3. Purpose

The purpose of processing your personal data as part of legal defence and enforcement is the defence of unauthorised access and the legal implementation and assertion of claims and rights.

4. Storage period

Your personal data is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

5. Right to object and removal

The processing of your personal data as part of legal defence and enforcement is essential for legal defence and enforcement. It follows that you do not have any right to object.

For an overview of your rights as a data subject, see A. V.

B. Additional information for visitors to our website

I. Provision of our website and creation of log files

1. Description and scope of the data processing

If you use the website for information purposes only, i.e. you do not register or in any other way provide us with information, we only collect the personal data made available to our server by your browser. If you want to view our website, we collect the following data that is technically required by us for displaying our website to you and for ensuring its stability and security.

• IP address

• Date and time of the query

• Time zone difference to Greenwich Mean Time (GMT)

• Content of the request (specific page)

• Access status/HTTP status code

• The data volume transmitted

• Websites from which the request originated

• Websites that are called by the user’s system via our website

• The type of browser

• Operating system (e.g. Windows 10, Linux) and its interface (e.g. X-Windows)

• Language and version of your browser software.

The data is stored in the log files in our system. Not affected by this are the IP addresses of the user or other data that enables data to be assigned to a user. There is no storage of this data together with other personal data relating to the user.

Our website may contain links to the websites of other providers or include content from other websites. As soon as you click on this link, the relevant website operator may receive information about the fact that you called up this page. This Privacy Policy applies to our website only. We do not have any influence over the data that is collected and processed, nor are we aware of the full scope of the data collection, the purposes of the processing, or the storage periods of linked websites. We have to assume that the data protection statements provided on these websites are comprehensive and accurate.

2. Legal basis for the data processing

The legal basis for the temporary storage of the data and the log files is Art. 6 Par. 1 lit. f GDPR.

3. Purpose of the data processing

The specified data is processed by us for the following purposes:

• To ensure a smooth connection to the website,

• To ensure that our website is user friendly,

• To evaluate system security and stability and

• For other administrative purposes.

• Creation of a server log (usually deleted after 7 days)

Under no circumstances do we use the collected data in order to identify you as an individual unless this is set out otherwise below.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Where data is collected and provided to our website, this will be done at the end of the respective session. Where data is stored in log files, this will be the case after seven days at the latest. Storage beyond these periods is also possible. In this case, users’ IP addresses are deleted or modified so that they can no longer be associated with the client that accessed our website.

5. Right to object and removal

The recording of data for provision to the website and the storage of the data in log files is essential for the operation of the website. It follows that the user does not have any option to object to this.

II. Use of cookies

1. Description and scope of the data processing

In addition to the previously specified data, cookies are stored on your computer as you use our website. Cookies are small text files which are saved on your hard drive assigned to the browser used by you, and through which certain information flows back to the location from which the cookie was created (in this case by us). Cookies cannot execute any programs or transfer viruses to your computer. We use cookies to make our website more user friendly. Some elements of our website require the requesting browser to be identified even after you navigate to a different page.

Furthermore, on our website we do not use cookies that are technically not required, but which allow the user’s surfing behaviour to be analysed. For an explanation of these, we refer you to our Cookie Consent Box on the home page of our website.

2. Legal basis for the data processing

The legal basis for the processing of personal data where we use technically necessary cookies is Art. 6 Par. 1 lit. f GDPR.

The legal basis for the processing of personal data where we use cookies for analysis purposes is Art. 6 Par. 1 lit. a GDPR where you have consented to this.

You can provide this consent in our cookie banner on the home page of our website.

3. Purpose of the data processing

The purpose of cookies that are technically required is to make the use of websites easier for the user. Some functions on our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognised even after a change of page.

The user data that is collected by cookies that are technically required are not used for creating user profiles.

Analysis cookies (which are not technically required) are used for the purpose of improving the quality of our website and its contents. By analysing cookies, we can find out how the website is used, and this enables us to continually improve our presence.

The following data can be transmitted in this way:

• Search terms entered

• Frequency of page calls

• Use of website functions

Our legitimate interest in the processing of the personal data in accordance with Art. 6 Par. 1 lit. f GDPR also lies in these purposes.

4. Duration of storage

Cookies are saved on the user’s computer and are transmitted by it to our website. You as the user therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by making changes to the settings in your Internet browser. Cookies that are already saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, you may not be able to use the full extent of all of the functions on the website. Your personal data is deleted as soon as it is no longer required to achieve the purpose of its processing, this is especially the case when you leave the website.

5. Right to object and removal

You can find an overview of the cookies used on our website in the Cookie Consent Box on the home page of our website.

Cookies are saved on your computer provided you consent to this, and are transmitted from there to our website. You therefore have full control over the use of cookies.

You can deactivate or restrict the transmission of cookies by making changes to the settings in your browser. Cookies that are already saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, you may not be able to use the full extent of all of the functions on the website. Some cookies that are technically required cannot be deactivated.

You cannot prevent Flash cookies from being transmitted by changing your browser settings. To do this, you need to make the corresponding changes to the Adobe Flash Player settings.

III. Contact form and e-mail contact

1. Description and scope of the data processing

Our website contains contact forms or specifies our e-mail address, which can be used for making contact with us electronically. If a user makes use of this option, the data that is entered on the entry screen or in the e-mail is transmitted to us and stored. This data includes:

• First and last name

• E-mail address

• Telephone number (voluntary)

• The reason for making contact (issue)

• Callback request

• Confirmation of having read the privacy policy

At the time when the message is sent, the following data is also stored:

• The IP address of the user

• Date and time when they made contact

Your consent regarding the processing of this data is obtained and you are referred to this privacy policy when you submit the data.

Alternatively, you can also contact us by using the e-mail address provided. In this case, the user’s personal data that is transmitted with the e-mail is stored.

Data is not shared with third parties in this context. The data is used solely to administer the conversation with you.

2. Legal basis for the data processing

The legal basis for the processing of this data is Art. 6 Par. 1 lit. a GDPR, provided the user has given their consent.

The legal basis for the processing of data transmitted when sending an e-mail is Art. 6 Par. 1 lit. a u lit. f GDPR. If the aim of the e-mail contact is to conclude a contract, a further legal basis for the processing is Art. 6 Par. 1 lit. b GDPR.

3. Purpose of the data processing

The processing of the personal data from the entry screen is used for the sole purpose of processing the contact. If you contact us by e-mail, this constitutes the required legitimate interest in processing the data.

The other personal data processed when the data is submitted is used to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for personal data from the entry screen of the contact form and that which was sent by e-mail, when the conversation with the user has ended. The conversation is deemed to have ended when it can be seen that the matter in question has been fully resolved.

The additional personal data that was collected when the data was submitted is deleted after seven days at the latest.

Please note that statutory requirements may result in longer storage/retention periods (above A. IV.).

5. Right to object and removal

The user also has the option of withdrawing their consent to the processing of their personal data at any time.

If the user contacts us via e-mail, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data that was saved in the course of the contact will be deleted in this case unless we are obliged to save it due to a legal requirement (see above A. IV.).

For an overview of your rights as a data subject, see A. V.

IV. Newsletter

1. Description and scope of the data processing

You can subscribe to our newsletter with which we inform you about our latest interesting offers. If you make use of this option, the data entered on the entry screen (name, e-mail address, telephone number, content of the message) is transmitted to us and stored.

2. Legal basis

The legal basis for the processing of your personal data as part of sending the newsletter is your consent provided in accordance with Art. 6 Par. 1 lit. a EU-GDPR.

3. Purpose

The processing of your personal data is used for sending the newsletter to you. The purpose of processing your personal data in the context of sending the newsletter is to send information and offers and, where necessary, to promote sales through the sale of goods or services.

4. Storage period

Your personal data is deleted as soon as it is no longer required to achieve the purpose for which it was processed. Your personal data will accordingly be saved for as long as you have subscribed to our newsletter.

5. Right to object and removal

You can withdraw your consent to receive the newsletter at any time or use the unsubscribe link provided in each newsletter to stop receiving the newsletter.

V. Use of Google Analytics

1. Description and scope of the data processing

Our website uses Google Analytics, a web analysis service from Google Inc. ("Google"). Google Analytics uses cookies; these are text files that are stored on your computer and enable us to analyse your use of the website.

This website uses Google Analytics with the extension "_anonymizeIp()". This means that abbreviated IP addresses are further processed to eliminate direct reference to persons. Any possibility of relating the data collected on you to you as an individual is immediately excluded, and the personal data is deleted instantly.

Google will not associate the IP address transmitted by your browser with any other data held by Google within the framework of Google Analytics.

2. Legal basis

The legal basis for the use of Google Analytics is Art. 6 Par. 1 P. 1 lit. f DS-GVO.5.

3. Purpose

We use Google Analytics so that we can analyse how our website is used and improve it on a regular basis. We also use Google Analytics for the cross-device analysis of visitor traffic which is carried out by using a user ID. You can deactivate the cross-device analysis of your use in your customer account under "My Data", "Personal Data".

We use the statistics obtained to improve our offering and make it more interesting to you as a user. For exceptional cases in which personal data is transmitted to the USA, Google is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

4. Recipient

The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. If IP anonymisation is activated on this website, your IP address will be truncated by Google prior to this within the Member States of the European Union or other countries that are parties to the Agreement on the European Economic Area. Only in exceptional cases is the complete IP address transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities, and to provide other services associated with the use of the website and the Internet to the website operator.

5. Right to object and removal

You can prevent the storage of cookies by means of a corresponding setting in your browser software; please note, however, that you may not be able to use all functions of this website in full in this case. Furthermore, you can prevent the transmission of the data that is created by the cookie relating to your use of the website (including your IP address) to Google, and the processing of this data by Google, by downloading and installing the browser plug-in that is available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

6. Additional information

Information relating to the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User terms http://www.google.com/analytics/terms/de.html, overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, and the privacy policy: http://www.google.de/intl/de/policies/privacy.

VI. Social media, Google Maps

1. Description and scope of the data processing

We do not use any social media plug-ins such as Facebook, Twitter etc. This website does use the offering from Google Maps. By using Google Maps, we can display interactive maps on our website and you can use the map function for your convenience.

2. Legal basis

Data related to the following measures is collected on the basis of Art. 6 Par. 1 P. 1 lit. f GDPR.

3. Recipient

When you visit the website, this provides Google with the information that you have called up the corresponding sub-page of our website. Furthermore, the data specified under § 3 of this policy is transmitted. This occurs regardless of whether Google provides a user account that you are logged into or if no such user exists. If you are signed into Google, your data will be directly associated with your account. If you do not want to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and utilises them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is conducted in particular (even if users are not logged in) in order to support needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise it, you must contact Google.

4. Additional information

Additional information about the purpose and scope of the data collection and how it is processed by plug-in providers is available from the privacy policies of the provider. Here you also obtain additional information about your rights and settings options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

C. Supplementary information for our customers, suppliers and other business partners

We are obliged by the GDPR to provide you with comprehensive information about the processing of your personal data within our contractual relationship and we are happy to do this.

In case you have any questions about your personal data and how it is processed, our Data Protection Officer is available at all times. They are not bound by any instructions, their position is independent and they have a legal obligation to secrecy and confidentiality, which means that you can speak to them in complete confidence.

We would like to notify you of the following:

I. Customers, suppliers, other business partners; performance of the contract etc.

1. Description and scope of the data processing

Personal data is processed to fulfil our rights and obligations arising from a contractual relationship with our customers, suppliers and other business partners.

We collect/process the following personal data (but only if this is necessary):

Title, first name, last name of the customer
First name and last name of the owner and the contact people in your company;
A valid e-mail address
Postal address
Date of birth, especially for applications to authorities
Telephone/fax number (fixed network and/or mobile number);
Information that is otherwise necessary for the performance of the contractual relationship or for safeguarding our rights and fulfilling our obligations.

2. Recipient categories

We process personal data for the performance of the contractual relationship and record it in our database system (ERP, CRM) and in our accounting system. The data is sent internally to divisions and departments that must be involved to fulfil the purpose that is associated with the data collection. The data is also sent to our tax adviser and authorities (such as the building authorities and tax authorities) if this is legally required or necessary. For delivering orders, we send the address data to the commissioned shipping company. Recipients of personal data can also be third parties if contract conclusions or services are offered or provided by us together with partners, as well as suppliers, sub-contractors, company owners of preceding or following trades as well as credit institutes and legal services providers, if this is necessary for the performance of the contract (manufacture, delivery, payment). We will forward your data to the commissioned shipping company for delivering orders. There is no profiling or automated decision-making.

If you do not provide your data, this can result in the contract not being concluded or performed.

3. Legal basis of the data processing

The legal basis for the processing of your personal data and the personal data of the contact people in your company when registering customers and suppliers, business transactions and the ongoing business relationship is Art. 6 Par. 1 lit. b GDPR or Art. 6 Par. 1 lit. f GDPR.

If you or the contact people in your company have given your consent, Art. 6 Par. 1 lit. a GDPR is an additional legal basis for the processing of your personal data and the personal data of the contact people in your company.

4. Purpose of the data processing

The purpose of the processing of your personal data and the personal data of the contact people in your company in the context of registering customers and suppliers, business transactions and the ongoing business relationship is the establishment, performance and termination of the respective order as well as its consideration in future orders awarded or invitations to tender.

This data is processed especially to

• Identify you as our contractual partner or as an employee of our contractual partner

• Provide you with appropriate support, services and supplies

• Correspond with you

• Send you invoices

• Process any warranties or liability claims

• Reject unjustified claims and to legally implement and assert claims and rights

5. Source

If we have not received personal data directly from you, the contact people in your company have provided to us and named your personal data as part of customer and supplier registration.

6. Storage period

Your personal data and the personal data of the contact people in your company is deleted as soon as it is no longer required to achieve the purpose for which it was collected.

This is the case in the event of customer and supplier registration, business transactions and the ongoing business relationship, if the order or offer on which the contract is based is fulfilled and all claims arising from the contractual relationship are lapsed or there are no more statutory retention periods.

In the event of consideration in future contracts awarded or invitations to tender, this is the case if your company is definitively no longer interested in consideration for future contracts being awarded, invitations to tender or offers.

Please note that statutory requirements may result in longer storage/retention periods (above A. IV.).

7. Right to object and removal

The processing of your personal data and the personal data of the contact people in your company is essential for the establishment, performance and termination of the respective contract, order or offer. It follows from this that neither you nor the contact people in your company have a right to object to this.

If you or the contact people in your company have given your consent to the processing of your personal data, this consent can be withdrawn at any time with future effect, or else the processing of the personal data as part of the consideration for future orders or offers can be objected to for the future.

For an overview of your rights as a data subject, see A. V.

II. Establishment of contact via e-mail

1. Description and scope of the data processing

You have the option of establishing contact with us by means of our e-mail address(es). In this case, the user’s personal data that is transmitted with the e-mail is stored.

Data is not shared with third parties in this context. The data is used solely to administer the conversation with you.

2. Legal basis for the data processing

The legal basis for the processing of your personal data and the personal data of the contact people in your company that is transmitted to us when an e-mail is sent to us is Art. 6 Par. 1 lit. f GDPR. If the e-mail contact has the objective of concluding or the performance of a contract, then Art. 6 Par. 1 lit. b GDPR is an additional legal basis for the processing of the personal data.

3. Purpose of the data processing

Personal data is processed in the event of contact being established via e-mail solely for the purpose of processing this contact.

4. Duration of storage

Your personal data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data that was transmitted via e-mail, this is then the case if the relevant conversation with you or the contact people in your company has ended. The conversation is deemed to have ended when it can be seen that the matter in question has been fully resolved between us.

Please note that statutory requirements may result in longer storage/retention periods (above A. IV.)

5. Right to object and removal

You have the option of objecting to the processing of the personal data in the context of establishment of contact via e-mail at any time with future effect. In such a case, the conversation between us cannot be continued. All personal data that was stored in the course of making contact will be deleted in this case.

For an overview of your rights as a data subject, see A. V.

D. Supplementary information for our employees

I. General information about data processing

We are obliged by the GDPR to provide you with comprehensive information about the processing of your personal data as part of a contractual relationship with us.

II. Data processing in the context of the employment relationship

1. Description and scope of the data processing

We process your personal data only to the extent that this is necessary for the establishment, performance and termination of an employment relationship. Your personal data is processed on a regular basis only if we have obtained your prior consent to this. An exception applies in such cases in which prior consent cannot be obtained for factual reasons, or the processing of your personal data is permitted by a statutory regulation.

2. Recipient categories

Within our company, only those divisions and departments are given access to personal data that require it for the fulfilment of the purpose associated with its entry. We also transmit your data to the following (internal and external) recipients, but only if this is necessary for the fulfilment of statutory or contractual obligations:

Our HR department
Superiors of the employees concerned
Payroll accounting
Financial accounting
Works council (if available)
Data Protection Officer
Representative Council of Employees with Disabilities (if available)
Equal Opportunities Officer (is available)
Controlling/review
Social insurance agencies: health insurance companies, doctor pension funds, pension insurance institutes
Employment agency
Supervisory authorities, OHSA
Tax authorities
Integration office in the event of a severe disability
Insurance companies
Document shredders
Creditors, in the case of attachments of wages and salaries
IT service providers
Solicitors
Courts
Tax advisers
HR service providers
Other external service providers
Customers (for example if the employee is employed in sales)
Mutual indemnity society
Banking institutes.

3. Legal bases for the data processing

a. Personal data

If we obtain your consent for the processing of your personal data, we use Art. 6 Par. 1 lit. a GDPR, Art. 88 Par. 1 GDPR in conjunction with § 26 Par. 2 Federal Data Protection Act as the legal basis.

When processing personal data that is required for the establishment, performance or termination of the employment contract, we use Art. 6 Par. 1 lit. b GDPR, Art. 88 Par. 1 GDPR in conjunction with § 26 Par. 1 Federal Data Protection Act, § 611a Civil Code as the legal basis.

If it is necessary to process personal data for the fulfilment of a legal obligation, we shall use Art. 6 Par. 1 lit. c GDPR as the legal basis. Legal obligations include:

§ 28a SGB (Social Code) IV; §198 ff SGB V; § 190 ff., § 281c SGB VI DEÜV (Data Collection and Data Transmission Regulation) for reporting to the authorities;
§ 829 Par. 2 Sentence 1 ZPO (Code of Civil Procedure) in terms of attachments of earnings;
§ 16 Par. 2 ArbZG (Working Hours Act) and § 7d Par. 1 Sentence 1 SGB IV, for documentation of working time accounts;
§§ 16, 17 MiLoG (minimum wage legislation), for the documentation of working hours and for fulfilling reporting obligations to the authorities;
§§ 49, 50 JArbSchG (Young Persons Employment Act), for meeting the information and documentation obligations to the authorities;
§§ 76, 88, 101 BBiG (Vocational Training Act) for fulfilling the documentation and information obligations to the authorities;
§ 163 SGB IX (Rehabilitation and Participation of People with Disabilities in Working Life) for implementing the cooperation between the employer, employment agency and integration offices;
§ 312 SGB III for issuing the employment certificate to the employment agency;
§ 27 Maternity Protection Act, for meeting the notification and retention obligations to the authorities.

b. Special categories of personal data

If we obtain consent from you for the processing of special categories of personal data (Art. 9 Par. 1 GDPR), such as their religious affiliation, nationality and health data, then Art. 9 Par. 2 lit. a GDPR serves as the legal basis.

If the processing of special categories of personal data is necessary so that we can exercise our rights arising from employment law and the law of social security and social protection and we fulfil our obligations in this regard, the legal basis for the processing follows from Art. 6 Par. 1 lit. c GDPR, Art. 9 Par. 2 lit. b GDPR, Art. 88 Par. 1 GDPR in conjunction with § 26 Par. 3 Federal Data Protection Act.

If the processing relates to special categories of personal data that were made public by you yourself, this results in the legal basis from Art. 6 Par. 1 lit. f GDPR, Art. 9 Par. 2 lit. e GDPR, Art. 88 Par. 1 GDPR in conjunction with § 26 Par. 1 Federal Data Protection Act.

If the processing of special categories of personal data is necessary for purposes of health care, occupational health or for assessing working capacity, the legal basis follows from Art. 6 Par. 1 lit. b GDPR, Art. 9 Par. 2 lit. h GDPR, Art. 88 Par. 1 GDPR in conjunction with § 26 Par. 1 Federal Data Protection Act.

4. Purpose of the data processing

Your personal data will be processed for the purpose of the establishment, performance and termination of the employment relationship, especially to fulfil obligations relating to contractual, statutory and collective agreements as well as social insurance-related obligations.

5. Duration of storage

Your personal data is deleted or locked as soon as the purpose of storage no longer applies. Your data may also be saved if this was stipulated by the European or national legislator in EU regulations, laws or other provisions that we are subject to. The data may also be locked or deleted if a storage period expires that is stipulated by the aforementioned standards, unless there is a need to store the data further for concluding or fulfilling a contract.

We will save your data among other things for the following periods:

• Wage account documents up to 10 years according to § 147 Par. 1 No. 4,5 in conjunction with Par. 3 AO (Tax Code); § 41 Par. 1 P. 9 EStG (Income Tax Act); § 257 Par. 1 No. 1, 4 in conjunction with § 238 Par. 1 HGB (Commercial Code);

• Warnings up to 2.5 years (according to case law);

• Application documentation and data, following a decision of non-employment, up to 6 months, burden of proof in case of discrimination, period §§ 21 Par. 5, 22 AGG (General Equal Treatment Act);

• Other application documentation: Upon dissolution or termination of the employment relationship;

• Timesheets 2 years according to § 16 Par. 2 ArbZG (German Working Hours Act);

• Timesheets 2 years according to § 50 JArbSchG (German Youth Employment Protection Act);

• Timesheets 2 years according to § 17 Par. 1 MiLoG (Minimum Wage Law);

• Other timesheets 6 years, § 147 Par. 1 No. 5, Par. 3 Tax Code;

• Pension 30 years following retirement, § 18a BetrAVG (Company Pension Act).

Please note that statutory requirements may result in longer storage/retention periods (above A. IV.).

6. Right to object and removal

The processing of your personal data in the context of the employment relationship is essential for the establishment, performance and termination of the employment relationship. It follows that you do not have any right to object.

If the processing of your personal data is based on consent that was granted, you have the right to withdraw your consent at any time.

For an overview of your rights as a data subject, see A. V.

E. Supplementary information for applicants

I. General information about data processing

We are obliged by the GDPR to provide you with comprehensive information about the processing of your personal data in the context of your application process.

II. Data processing in the context of the application process

1. Description and scope of the data processing

We will process your personal data only if this is necessary for initiating and establishing an employment relationship. Your personal data is processed on a regular basis only if we have obtained your prior consent to this. An exception applies in such cases in which prior consent cannot be obtained for factual reasons, or the processing of your personal data is permitted by a statutory regulation.

2. Recipient categories

Within our company, only those divisions and departments are given access to personal data that need it for the fulfilment of the previously-mentioned purposes. In addition, we sometimes use different service providers and transmit your personal data to other external or internal recipients if this is permitted by law or if you have provided your consent to this, such as

• Our HR department

• Possible superiors

• Specialist departments

• Financial accounting

• Works council (if available)

• Data Protection Officer

• Representative for the Disabled

• Equal Opportunities Officer

• Controlling/review

• Employment agency

• Integration office in the event of a severe disability

• IT service providers

2. Legal bases for the data processing

The legal basis for the processing of your personal data as part of the application process is § 26 Par. 1 P. 1, Par. 3 Federal Data Protection Act.

If we obtain your consent for the processing of your personal data, we shall use § 26 Par. 2 Federal Data Protection Act as the legal basis.

If it is necessary to process your personal data for the fulfilment of a legal obligation that we are subject to, we shall use Art. 6 Par. 1 lit. c GDPR as the legal basis.

If the processing is necessary for safeguarding a legitimate interest of ours or of a third party, and provided that the first interest named does not outweigh your interests, fundamental rights and fundamental freedoms, we shall use Art. 6 Par. 1 lit. f GDPR as the legal basis for the processing. Another legitimate interest in this sense is the burden of proof in proceedings under the General Act on Equal Treatment (AGG).

The legal basis for the processing of special categories of personal data within the meaning of Article 9 Par. 1 GDPR, is § 26 Par. 3 Federal Data Protection Act.

3. Purpose of the data processing

Your personal data will be processed for the purpose of establishing the employment relationship, especially for the fulfilment of obligations relating to employment law, statutory, collective agreements (if available) and social security.

4. Duration of storage

We save your personal data for the following periods, among others:

• Application documentation and data, following the decision of non-employment, up to 6 months, burden of proof in cases of discrimination, period §§ 21 Par. 5, 22 AGG (General Equal Treatment Act)

• Other application documentation: If the employment relationship is dissolved or terminated

5. Right to object and removal

The processing of your personal data as part of the application process is essential for establishing an employment relationship. It follows that you do not have any right to object.

If the processing of your personal data is based on consent that was granted, you have the right to withdraw your consent at any time.

For an overview of your rights as a data subject, see A. V.