Data Protection Statement
Walter Schneider GmbH takes the protection of your personal data seriously and abides by the statutory data protection legislation. Personal data is collected on this website only to the required extent.
This Data Protection Statement provides you with an overview of how we ensure that your data is protected, what types of data are collected and for what purpose.
1. Name and contact details of the controller and the company’s Data Protection Officer
(1) The controller under Art. 4(7) EU General Data Protection Regulation (GDPR) is:
Walter Schneider GmbH, represented by its Managing Directors, Dr. Jens Neumeyer and Jens Siegle
Please also note the information in our Imprint.
(2) The controller’s Data Protection Officer is:
Solicitor Jörg Hiltwein
2. General information on the processing of personal data
(1) The following information sets out how we process personal data and applies in particular to use of our website. We use the following terms in this Data Protection Statement:
• Personal data
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in partic-ular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Data relating to legal persons is not personal data within the meaning of the GDPR or the German Federal Data Protection Act (BDSG).
• Data subject
“Data subject” means any identified or identifiable natural person whose personal data is processed by the controller.
“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisa-tion, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by trans-mission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Restriction of processing
“Restriction of processing” means the marking of stored personal data with the aim of limiting its processing in the future.
“Profiling” means any form of automated processing of personal data consisting of the use of per-sonal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, pro-vided that such additional information is kept separately and is subject to technical and organisa-tional measures to ensure that the personal data is not attributed to an identified or identifiable nat-ural person.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data is disclosed, whether a third party or not. However, public authorities which may re-ceive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not regarded as recipients.
• Third party
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or pro-cessor, are authorised to process personal data.
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
(2) We process your personal data only where there is a legal basis for it, in particular where:
• You have expressly consented to it in accordance with Art. 6(1)(a) GDPR;
• It is permitted by law and necessary for the performance of a contract with you in accordance with Art. 6(1)(b) GDPR;
• There is a legal duty to disclose it in accordance with Art. 6(1)(c) GDPR;
• It is necessary for the performance of a task carried out in the public interest or in the exercise of official authority in accordance with Art. 6(1)(e) GDPR;
• The sharing is required in order to establish, exercise or defend legal claims in accordance with Art. 6(1)(f) GDPR, and there are no grounds for assuming that you have an overriding legitimate interest in your data not being shared.
Your personal data is not shared with third parties for any purposes other than those set out in this Statement, and where it is shared, this only takes place where one of the legal grounds under Art. 6(1) GDPR applies (see above).
(3) We follow the principles of data avoidance and data minimisation. This means that we only store your personal data for as long as it is required to fulfil the purposes set out here or as provided for under various statutory retention periods. Where the purpose ceases to apply or after the expiry of these periods, the data in question is routinely blocked or deleted in accordance with the statutory regulations. In principle, the duration of the storage is determined by the applicable statutory retention period, e.g. retention periods under commercial and fiscal legislation as per Sec. 257, Para. 4 German Commercial Code (HGB), Sec. 147, Para. 3 German Fiscal Code (AO; 6 or 10 years). Retention periods may also be determined based on the current limitation periods for claims. Claims to company pensions expire after 30 years (Sec. 18a German Company Pensions Act (BetrAVG)), while civil claims normally expire after three years or 30 years at a maximum. After the end of this period, the data in question is routinely deleted to the extent that it is no longer required to perform a contract or for steps taken prior to entering into a contract and/or we have no legitimate interest in its continued storage.
(4) In some cases, we make use of external service providers (e.g. IT service providers) in order to process your data. These service providers are carefully selected and contracted by us, and they are bound by our instructions and are regularly inspected by us. If we make use of contracted service providers in order to provide individual functions of our service, or if we would like to use your data for marketing purposes, we will explain to you how these processes work.
(5) If you have not subscribed to our newsletter or signed up to receive marketing materials, or where there is no other legal basis under Art. 6(1)(f) GDPR, or where you have objected to the processing in accordance with Art. 21(2) GDPR, we will not use your data to inform you about our other services.
(6) Our website may contain links to websites of other providers or embedded content from external websites. If you click one of these links, the respective website operator may receive information on this. This Data Protection Statement only applies to our website. We have no influence on the data collected and processed, nor are we aware of the full extent of the data collection, the purposes of the processing or the retention periods on linked websites. We have to assume that the data protection statements provided on these websites are comprehensive and accurate.
(7) Please note that data transmission via the Internet, for example using a browser or by email, may be subject to security vulnerabilities. It is not possible to protect your data entirely against access by a third party.
3. Processing of personal data when you visit our website/via the Internet
(1) If you only use our website to obtain information, that is to say, you do not register or send us in-formation by any other means, we only collect the personal data that your browser transmits to our server. If you would like to view our website, we collect the following data that is technically required in order for us to display our website to you and ensure its stability and security (legal basis: Art. 6(1)(f) GDPR):
• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Volume of data transmitted in each case
• Website from which the request originated
• Operating system (e.g. Windows 10, Linux) and its interface (e.g. X-Windows)
• Language and version of your browser software
This data is recorded in log files. The log files contain IP addresses and other data that may be asso-ciated with an individual user. This may be the case for example if the link to the website from which you access the web page or the link to the website that you switch to contains personal data.
(2) We process the above data for the following purposes:
• To ensure website connections are made smoothly
• To ensure our website is convenient to use
• To evaluate system security and stability, and
• For other administrative purposes
Under no circumstances do we use the collected data in order to identify you as an individual except for where it is set out otherwise below.
(3) The data is deleted as soon as it is no longer required in order to achieve the purpose for which it was collected. Where data is collected in order to provide our website, this will be at the end of the session. Where data is stored in log files, this will be after seven days at the latest. Storage beyond these periods is also possible. In this case, users’ IP addresses are deleted or modified so that they can no longer be associated with the client that accessed our website.
(4) In addition to the data listed above, our website stores cookies on your computer when you use our website. Cookies are small text files that are stored on your hard drive in connection with the browser that you use and by means of which the body issuing the cookie (in this case us) receives certain in-formation. Cookies cannot run programs or infect your computer with a virus. They are used to enhance the overall user-friendliness of our online presence and to improve the quality of our website and its content. By analysing cookies, we can find out how the website is used, and this enables us to con-tinually improve our presence.
a) This website uses the following types of cookies or similar software. Their scope and functionality are explained below:
• Transient cookies (see b)
• Persistent cookies (see c)
• Flash cookies (see f)
• HTML5 storage objects (see f)
b) Transient cookies are automatically deleted when you close your browser. This includes session cookies in particular. They store a session ID, which is used to attribute different requests from your browser to the joint session. In this way, your computer can be recognised if you return to our website. Session cookies are deleted when you log out or close your browser.
c) Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete the cookies at any time using the security settings in your browser.
d) You can configure your browser so that you are notified when cookies are set and can decide in each case whether to accept them, or you can disable cookies in particular cases or completely. Each browser manages cookie settings in a different way. This is described in the browser’s help menu, which explains how you can change your cookie settings.
f) The Flash cookies used are not captured by your browser, but by your Flash plug-in. We also use HTML5 storage objects, which are stored on your device. These objects store the required data independently of the browser you are using and do not have an automatic expiration date. If you do not want Flash cookies to be processed, you must install a suitable add-on, for example Better Privacy for Mozilla Firefox (https://addons.mozilla.org/en-US/firefox/addon/BetterPrivacy/) or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage ob-jects by switching your browser to private browsing. We also recommend regularly deleting your cookies and browser history manually.
(5) We also use analysis services when you visit our website. Further information on this is provided below.
4. Processing of personal data when orders are placed and in other contractual relationships with us
(1) If you place an order with us, supply us or enter into any other kind of contractual relationship with us, it is necessary for the conclusion and performance of the contract for you to provide the personal data that we require for its administration. We process the following personal data:
• Title, first name, surname
• A valid email address
• Postal address
• Telephone number (landline and/or mobile number), fax number
• Further information that is required to administer the contractual relationship or to assert our rights and fulfil our duties
(2) This data is processed so that we can:
• Identify you as our contractual partner or as an employee of our contractual partner
• Provide you with appropriate advice, services and supplies
• Correspond with you
• Invoice you
• Process any warranty or liability claims and assert any claims against you
(3) We use your data within our company and record your data in our ERP system and our accounting systems. We share our accounting data with our tax advisor. We share address data with contracted delivery companies in order to deliver items, for example goods. We may also share your personal data with third parties if we offer the opportunity to conclude contracts with partners or where services are delivered with partners, and your data may be shared with suppliers, subcontractors or contractors performing a trade before or after us, and with credit institutes to the extent that this is necessary to administer the contract (manufacturing, supply, payment). You can obtain further information on this by providing your personal data or by referring to the description of our service.
(4) The data is collected, stored and shared in order to fulfil a contract. The legal basis for this is Art. 6(1)(b) GDPR. The data will only be processed beyond this scope if you have consented to it (Art. 6(1)(a) GDPR) or where it is permitted by law. If you choose not to provide your data, this may mean that we are unable to conclude a contract with you.
(5) As a matter of principle, we collect data directly from the individuals involved in the contractual relationship (data subjects within the meaning of Art. 13 GDPR).
As a general rule, we do not process personal data that we have obtained from third parties. In excep-tions to this, we provide the data subjects with separate information in accordance with Art. 14 GDPR and in particular with information on the source of the personal data. This does not apply in the following cases:
• The data subject already has the information;
• The provision of this information proves impossible or would involve a disproportionate effort within the meaning of Art. 14(5)(b) GDPR. In these cases, we take appropriate measures to protect the data subject’s rights and freedoms and legitimate interests;
• Obtaining or disclosure is expressly laid down by Union or Member State law to which we are subject and which provides appropriate measures to protect the data subject’s legitimate interests; or,
• The personal data must remain confidential subject to an obligation of professional secrecy regulated by Union or Member State law, including a statutory obligation of secrecy.
(6) Please refer to Section 2, Para. 3, for information on the duration of the storage and retention of your personal data.
We process personal data from applicants in order to administer the application process. The legal basis for this is Art. 6(1)(b) GDPR, Sec. 26, Para. 1 BDSG and Art. 6(1)(a) GDPR. This data may also be processed electronically, in particular if an applicant sends application documents to us electronically, for example by email or using an online form on our website. If an employment relationship is estab-lished as a result, the transmitted data will be stored in order to administer the employment relationship in compliance with the statutory regulations. If we do not enter into an employment contract with the applicant, we automatically delete the application documents six months after we have informed the applicant of our rejection provided that this does not conflict with any other legitimate interests. Another legitimate interest in this sense could be a burden of proof in proceedings under the German General Act on Equal Treatment (AGG).
6. Use of the contact form on our website, email contact
(1) We provide a contact form on our website, which can be used to contact us electronically. If you make use of this option, the data input in the entry form (name, email address, telephone number, content of the message) is transmitted to us and stored. The data specified in Section 3, Para. 1, is also recorded when you send the message. Alternatively, you can also contact us using the email address provided. In this case, the personal data transmitted with the email will be stored. Data is not shared with third parties in this context. The data is used solely to administer the conversation with you.
(2) The legal basis for the processing of this data is Art. 6(1)(a) GDPR where you have consented to this. The legal basis for the processing of data transmitted when sending an email is Art. 6(1)(f) GDPR. If the aim of the email contact is to conclude a contract, a further legal basis for the processing is Art. 6(1)(b) GDPR.
(3) We only process personal data from the entry form in order to administer the contact with you. If you contact us by email, this constitutes the required legitimate interest in processing the data. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our IT systems.
(4) The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For personal data input in the entry form for the contact form and personal data sent by email, this is the case when the conversation with you has ended. The conversation is deemed to have ended when it can be seen that the matter in question has been fully resolved. The additional personal data collected during the sending process is deleted after seven days at the latest.
(1) By granting your consent, you can subscribe to our newsletter and receive information on our latest interesting offers. If you make use of this option, the data input in the entry form (name, email address, telephone number, content of the message) is transmitted to us and stored.
The data specified in Point 3, Para. 1, is also recorded when you send the message. Alternatively, you can also contact us using the email address provided. In this case, the personal data transmitted with the email will be stored. Data is not shared with third parties in this context. The data is used solely in order to administer the conversation with you.
(2) The legal basis for the data processing after you subscribe to our newsletter is your consent in accordance with Art. 6(1)(a) GDPR.
(3) Your email address is collected in order to send the newsletter to you. The collection of other per-sonal data during the subscription process serves to prevent misuse of the services and the email address used.
(4) The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. Your email address is therefore stored for as long as your newsletter subscription remains active.
8. Objecting or withdrawing consent to the processing of your data
(1) If you have given your consent to the processing of your data, you can withdraw it at any time. Withdrawing consent in this way affects the lawfulness of the processing of your personal data after you have notified us of the withdrawal.
(2) If we are processing your personal data on the balance of interests, you can object to the pro-cessing. This applies in particular where the processing is not necessary to fulfil a contract with you. We explain this in the following description of the specific functions. If you are exercising your right to object, please set out the reasons why we should not process your personal data as we have been doing. If you have a legitimate objection, we will assess the situation and will either stop or change the data pro-cessing, or set out our compelling legitimate grounds for continuing the processing.
(3) You can, of course, object to the processing of your personal data for marketing purposes at any time.
(4) You can communicate your objection to us using the contact details provided in Section 1.
9. Your other rights
In your relationship with us, you have the following rights with regard to personal data relating to you:
• Right of access to your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information on the purposes of the processing, the categories of personal data processed, the categories of recipients to whom your personal data has been or will be disclosed, the envisaged period for which your personal data will be stored, the existence of a right to rectification and erasure, and the right to restrict the processing or to object to it, the existence of the right to complain, the source of your data where it is not collected by us, and the existence of au-tomated decision-making, including profiling, and where applicable, meaningful information as to its characteristics;
• Right to have inaccurate personal data stored by us rectified or completed without undue delay in accordance with Art. 16 GDPR;
• Right to have personal data stored by us erased in accordance with Art. 17 GDPR where the pro-cessing is not necessary to exercise the right of freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims;
• Right to have the processing of your personal data restricted in accordance with Art. 18 GDPR where you contest the accuracy of the data, or where the processing is unlawful, but you oppose its erasure, or we no longer need the data, but you require it in order to establish, exercise or defend legal claims, or you have objected to the processing in accordance with Art. 21 GDPR;
• Right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format or to have this data transmitted to another controller in accordance with Art. 20 GDPR;
• Right to withdraw a consent that you have granted us at any time in accordance with Art. 7(3) GDPR. As a consequence of this, we may not continue the data processing based on consent; and
• Right to complain to a supervisory authority in accordance with Art. 77 GDPR. As a general rule, you can contact the supervisory authority in your usual place of residence, your place of work or our place of business. You can use the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
10. Use of Google Analytics
(1) This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, text files that are stored on your computer to enable analysis of your use of the website. The information generated by the cookie about your use of this website (including your IP address) will generally be transmitted to a Google server in the USA and stored there. If IP anonymisation is activated on this website, your IP address will be truncated by Google prior to this within the Member States of the European Union or other countries that are parties to the Agreement on the European Economic Area. Only in exceptional cases is the complete IP address transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to prepare reports on website activities and to fulfil other services in connection with website use and Internet use for the website operator.
(2) Google will not associate your IP address communicated by your browser during the use of Google Analytics with any other data held by Google.
(3) You can prevent the installation of cookies by selecting the appropriate setting in your browser; however, please note that in this case, you may not be able to use the full functionality of this website. You can also prevent the collection and processing of data generated by the cookie related to your use of the website (including your IP address) by Google by downloading and installing the browser plug-in available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
(4) This website uses Google Analytics with the extension “_anonymizeIP()”. This means that IP ad-dresses are truncated before further processing so that they cannot be related to a specific individual. Any possibility of relating the data collected on you to you as an individual is immediately excluded, and the personal data is deleted instantly.
(5) We use Google Analytics to analyse use of our website and improve it on a regular basis. By using the statistics generated, we can improve our service and make it more interesting for you as a user. In the exceptional cases in which personal data is transmitted to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6(1)(f) GDPR.
(7) This website also uses Google Analytics to enable cross-device analysis of visitor flows, which is performed by means of a user ID. You can deactivate the cross-device analysis of your use by going to your customer account and selecting My data > Personal data.
11. Online advertising, Google AdSense
(1) This website uses the online advertising service Google AdSense, which enables the display of advertising tailored to your interests. Our interest in doing so lies in displaying advertising to you that might interest you in order to make our website more interesting for you. To this end, statistical infor-mation on you is collected and processed by our advertising partners. These adverts can be identified by the information “Google Ads” in the advert. The legal basis for this data collection is Art. 6(1)(f) GDPR.
(2) When you visit our website, Google receives the information that you have accessed our website. For this purpose, Google uses a web beacon to set a cookie on your computer. In addition, the data specified in Section 4 of this Statement will be transmitted. We have no influence on the data collected, nor are we aware of the full extent of the data collection or the retention periods. Your data is transmitted to the USA and evaluated there. If you are logged into your Google account, your data can be directly associated with it. If you do not want to be associated with your Google profile, you must log out. This data may be shared with Google’s contractual partners, third parties and the authorities. The legal basis for this processing of your data is Art. 6(1)(f) GDPR. This website has also activated Google AdSense adverts from third-party vendors. The data specified above may be transmitted to these third-party vendors (listed here: https://support.google.com/dfp_sb/answer/94149).
(3) There are different ways in which you can prevent the installation of Google AdSense cookies:
a) By configuring the settings in your browser software. If you disable third-party cookies, adverts from third-party vendors will not be displayed to you.
b) By deactivating interest-based advertising by Google via the following link: http://www.google.com/ads/preferences. Please note that this setting will be deleted when you delete your cookies.
c) By deactivating interest-based advertising by vendors that have signed up to the self-regulation campaign “About Ads” at the following link: http://www.aboutads.info/choices. Please note that this setting will be deleted when you delete your cookies.
d) By permanently deactivating advertising in your browser (Firefox, Internet Explorer or Google Chrome) at the following link: http://www.google.com/settings/ads/plugin Please note that, in this case, you may not be able to use the full functionality of this service.
(4) You can obtain further information on the purpose and scope of the data collection and its processing and further information on your rights in connection with this and the configuration options to protect your privacy from Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA; privacy terms for advertising: https://policies.google.com/technologies/ads. Google has submitted to the EU-US Privacy Shield: http://www.privacyshield.gov/EU-US-Framework.
12. Social media, Google Maps
(1) We do not use any social media plug-ins, such as Facebook, Twitter, etc.
(2) We use the Google Maps service on this website. The legal basis for the collection of data relating to the following measures is Art. 6(1)(f) GDPR.
a) By using Google Maps, we can display interactive maps directly on our website, and you are able to use the map function for your convenience.
b) When you visit our website, Google receives the information that you have accessed the corre-sponding subpage of our website. In addition, the data specified in Section 3 of this Statement will be transmitted. This occurs regardless of whether Google provides a user account that you are logged into or if such a user account is non-existent. If you are logged into Google, your data will be directly asso-ciated with your account. If you do not want to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and utilises them for the pur-poses of advertising, market research and/or the needs-based design of its website. Such an evaluation is conducted in particular (even if users are not logged in) in order to support needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles; to exercise it, you must contact Google.
c) You can find further information on the purpose and scope of the data collection and its processing by the plug-in provider in the provider’s data protection statement. This statement also contains further information on your rights in this context and the configuration options to protect your privacy: https://policies.google.com/privacy. Google also processes your personal data in the US and has submitted to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
13. Data security
(1) Within this website, in particular on the Contact page, we use the widely established SSL (Secure Socket Layer) protocol in conjunction with the highest level of encryption that your browser supports. Generally this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can see whether a specific page of our website is transmitted in encrypted form by looking for the key or locked padlock symbol in your browser’s status bar.
(2) In addition to this, we have implemented appropriate technical and organisational safeguards to protect your data against accidental or intentional manipulation, partial or complete loss or destruction, and unauthorised access by third parties. Our safeguards are continually updated as the technology evolves.
Walter Schneider GmbH