(Section 4 of the Federal Data Protection Act, Section 13 of the German Telemedia Act, Articles 13, 14 GDPR)
In the following, we provide information on the processing of personal data in connection with our website www.schmidbauer-gruppe.de (“website”) pursuant to the General Data Protection Regulation (“GDPR”) applicable from 25/05/2018.
The terminology contained in the following, such as “controller”, is used in accordance with the meaning defined in Article 4 GDPR.
The Obligatory Information acc. to Art. 12 contd. GDPR you find below.
A. Name and contact details of the controller
The controller of this website is:
Schmidbauer GmbH & Co. KG
Tel: +49 89 898676-0
(hereinafter: “Schmidbauer” or “we”).
B. Contact details of our Data Protection Officer
Our Data Protection Officer is:
C. Categories and sources of personal data
We process the following categories of personal data:
Contact details of the person responsible
Company name: Schmidbauer GmbH & Co. KG
Name (CEO): Werner Schmidbauer
Address: Seeholzenstraße 1, 82166 Gräfelfing
Telephone: +49 89 898676-0
Contact details Data Protection Officer
Name: Peter Menneke
Company name: DATEV eG
Address: 90329 Nürnberg
From which source do we obtain your personal data?
In principle, the collection of your data takes place on your premises. The processing of personal data provided by you is necessary to fulfill the obligations arising from the contract you have concluded with us. Due to your duties to cooperate, it is inevitable to provide the personal data requested by us, otherwise, we will not be able to fulfill our contractual obligations.
Provision of your personal data is necessary within the framework of pre-contractual measures (e.g., master data entry in the interested party process). If the requested data is not provided by you, a contract cannot be concluded.
In order to provide our services, it may be necessary to process personal data that we have received from other companies or other third parties, e.g., revenue offices, your business partner, or the like, permissibly and for the respective purpose.
Furthermore, we may process personal data from sources that are publicly accessible, e.g., websites, which we use legitimately and only for the respective contractual purpose.
Purposes and legal bases of the processing
The personal data you provide to us will be processed in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):
Due to legal requirements (acc. to art. 6 para. 1 subpara. c GDPR) or public interest (acc. to art. 6 para. 1 subpara e GDPR)
The purposes of data processing result from legal requirements or lie in the public interest (e.g., compliance with retention obligations; proof of compliance with the tax consultant's notification and information obligations).
For the fulfillment of contractual obligations (acc. to art. 6 para. 1 subpara. b GDPR)
On the one hand, the purposes of the data processing result from the introduction of pre-contractual measures that precede a contractually regulated business relation, and on the other hand from the fulfillment of the obligations from the contract that was closed with you.
On the basis of consent (acc. to art. 6 para. 1 subpara. a GDPR)
The purposes of processing personal data result from giving consent. Your consent can be revoked at any time with effect for the future. Consents given before the GDPR took effect (25 May 2018) can also be revoked. Processing that took place before the revocation remains unaffected by the revocation. For example: Sending a newsletter; consent to data disclosure to third parties at your request (e.g., banks, insurances, shareholders, etc.).
Within the scope of balancing conflicting interests (acc. to art. 6 para. 1 subpara. f GDPR)
The purposes of the processing result from the protection of our legitimate interests. It may be necessary to process the data you have provided to us beyond the actual performance of the contract. Our legitimate interest may be used to justify further data processing that you have provided to us, subject to the condition that your interests or fundamental rights and freedoms do not prevail. Our legitimate interest may be in individual cases: enforcement of legal claims; defense of liability claims; prevention of criminal offenses.
Who receives the personal data you provide us with?
Within our company, only those divisions receive access to the personal data that you have provided to us, which are required to fulfill contractual and legal obligations and which are entitled to process this data.
In fulfillment of the contract that has been concluded with you, only those divisions receive the data that you have provided to us, which require this data for legal reasons, e.g., tax authorities; social insurance carriers; competent authorities and courts.
Other recipients will only receive the data you have provided to us at your request if you give us the necessary consent.
Within the scope of our services, we commission contractors who contribute to the fulfillment of contractual obligations, e.g., computer center service providers; EDP partners; companies who shredder documents, etc. These data processors are contractually bound by us to comply with the requirements of the GDPR and the BDSG.
Will the data you provide to us be transferred to third countries or international organizations?
Data that you provide to us will in no case be transferred to a third country or an international organization. If in individual cases, you wish the data you have provided to us to be transferred to a third country or an international organization, we will only do so with your written consent.
Does automated decision making, including profiling, take place?
No fully automated decision making (including profiling) according to art. 22 GDPR is applied to process the data you have provided to us.
Duration of processing (criteria for deletion)
The data you have provided to us will be processed for as long as it is necessary to achieve the contractually agreed purpose, in principle, as long as the contractual relationship with you exists. After the end of the contractual relationship, the data you have provided to us will be processed to comply with legal retention obligations or on the basis of our legitimate interests. After the legal retention periods have expired or our legitimate interests have ceased to exist, the data that you have provided to us will be deleted.
Expected periods of storage obligations and our legitimate interests are:
Fulfillment of commercial and tax retention periods: The periods for storage and documentation specified therein range from two to ten years.
Preservation of evidence under the statute of limitations: According to sections 195 contd. of the German Civil Code (BGB), the limitation period can be up to 30 years, whereas the standard limitation period is three years.
Information and access to personal data
Right to rectification acc. to art. 16 GDPR:
You have the right to request from the Data protection officer to correct your incorrect personal data without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
- Purposes shall cease to apply for which the personal data was collected.
- You are revoking your consent to the processing. There is no other legal basis for the processing.
- You object to the processing. There is no other legal basis for the processing.
- The personal data have been processed unlawfully.
- The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the Data protection officer is subject.
- The personal data has been collected in relation to information society services provided in accordance with article 8 para. 1.
- You doubt the accuracy of the personal data.
- The processing is unlawful, but you refuse to have it deleted.
- Personal data is no longer required for the purposes of processing; however, you will need the data to assert, exercise, or defend legal claims.
- You have filed an objection against the processing acc. to art. 21 para. 1 GDPR. As long as it has not yet been determined whether the legitimate reasons of the responsible person outweigh you, the processing will be restricted.
Right to data portability acc. to art. 20 GDPR:
You have the right to receive the data you provided from the person responsible in a structured, current, and machine-readable format. Forwarding it to another responsible person may not be hindered by us.
Right to lodge a complaint with a supervisory authority acc. to art. 13 para. 2 subpara. d, 77 GDPR in connection with art. 19 BDSG:
If you believe that the processing of your data violates the GDPR, you have the right to lodge a complaint with the supervisory authority. For this purpose, please contact the competent supervisory authority
Withdrawal of consent acc. to art. 7 para. 3 GDPR:
If the processing is based on your consent acc. to art. 6 para. 1 subpara. a or art. 9 para. 2 subpara. a (processing of special categories of personal data), you are at any time entitled to withdraw the appropriately bound consent without prejudice to the legality of the processing which has taken place on the basis of the consent until revocation.
D. Analysis tools
The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 lit. f DSGVO. With the tracking measures used, we want to ensure that our website is designed to meet the needs of our customers and is continuously optimised. On the other hand, we use the tracking measures to record the use of our website statistically and evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as justified in the sense of the aforementioned regulation. The respective data processing purposes and data categories can be found in the corresponding tracking tools.
1. Google Analytics
For the purpose of customizing and continually optimizing our pages, we use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.com/intl/en/about/) (1600 Amphitheater Parkway, Mountain View, CA 94043, USA, hereafter "Google"). In this context, pseudonymized usage profiles are created and cookies (see point 4) are used. Information generated by the cookie about your use of this website, such as
- Browser type / version,
- Operating system used,
- Referrer URL (the previously visited page),
- Host name of the accessing computer (IP address),
- Time of server request,
are transmitted to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and tailor-made website design. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of the company. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymized, so that an assignment is not possible (IP masking).
You can prevent the installation of cookies by setting the browser software accordingly; however, we point out that in this case not all features of this website may be fully exploited.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https: //tools.google.com/dlpage/gaoptout?hl=en)
As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics by clicking on this link: disable Google Analytics. An opt-out cookie will be set that will prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
For more information about privacy related to Google Analytics, see the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=en)
2. Google Adwords Conversion Tracking
E. Purpose and legal basis for the processing of personal data
We process the categories of personal data (see above under point C) for the following purposes and in accordance with the following legal bases.
If the processing is based on Article 6 (1) (f) GDPR, we also state the legitimate interests pursued by us or a third party.
F. Recipients of personal data
For the purposes described under point D above, we disclose personal data to the following (categories of) recipients:
1. Internal recipients (recipients within the controller)
- Data Protection Officer
2. External recipients (recipients outside the controller)
a. External recipients who receive personal data as the controller
The following recipients, alone or jointly with others, determine the purposes and means of the processing of personal data:
b. External recipients who receive personal data as processors
The following recipients process personal data on our behalf:
G. Transfer of personal data to a third country and/or to international organisations
No transfers of personal data to third countries (countries outside the European Economic Area) and/or to international organisations are intended
H. Automated decision-making including profiling
We do not use automated decision-making including profiling in accordance with Article 22 (1) and (4) GDPR.
I. Period for which the personal data will be stored
The period for which the personal data will be stored is listed below or is determined using the following criteria:
K. Rights of the data subject
1. Information, rectification, erasure, restriction, data portability
You have the following rights in respect of the processing of your personal data:
- to request information about your personal data from us in accordance with Section 34 of the Federal Data Protection Act / Article 15 GDPR;
- to request that we rectify your personal data in accordance with Section 35 of the Federal Data Protection Act / Article 16 GDPR;
- to request that we erase your personal data in accordance with Section 35 of the Federal Data Protection Act / Article 17 GDPR;
- to request that we restrict the processing of your personal data in accordance with Section 35 of the Federal Data Protection Act / Article 18 GDPR;
- the right to data portability in accordance with Article 20 GDPR.
2. Right to object
In accordance with Article 21 (1) GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on Article 6 (1) (e) or (f) GDPR (see point D above), including profiling.
In accordance with Article 21 (2) GDPR, where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
3. Right to withdraw consent
Where the processing is based on consent, in particular but not only in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR (see point 0 above), you have the right to withdraw your consent at any time; This, however, does not affect the lawfulness of processing based on consent prior to its withdrawal.
4. Right to lodge a complaint with a supervisory authority
In accordance with Article 57 (1) (f) GDPR, you have the right to lodge a complaint with a supervisory authority.
Last updated: 17/12/2019