Privacy information

(Section 4 of the Federal Data Protection Act, Section 13 of the German Telemedia Act, Articles 13, 14 GDPR)


In the following, we provide information on the processing of personal data in connection with our website www.schmidbauer-gruppe.de (“website”) pursuant to the General Data Protection Regulation (“GDPR”) applicable from 25/05/2018.

The terminology contained in the following, such as “controller”, is used in accordance with the meaning defined in Article 4 GDPR.

The Obligatory Information acc. to Art. 12 contd. GDPR you find below.

 

A. Name and contact details of the controller

The controller of this website is:

Schmidbauer GmbH & Co. KG
Seeholzenstraße 1
82166 Gräfelfing
Germany
info@schmidbauer-group.com
Tel: +49 89 898676-0

(hereinafter: “Schmidbauer” or “we”).

 

B. Contact details of our Data Protection Officer

Our Data Protection Officer is:

Peter Menneke
DATEV  eG
90329 Nuremberg
Germany
dsb@remove-this.schmidbauer-gruppe.de

 

C. Categories and sources of personal data

We process the following categories of personal data:

Obligatory Information acc. to Art. 12 contd. GDPR

Contact details of the person responsible  

Company name: Schmidbauer GmbH & Co. KG 

Name (CEO): Werner Schmidbauer 

Address: Seeholzenstraße 1, 82166 Gräfelfing  

Telephone: +49 89 898676-0 

Email: info@schmidbauer-gruppe.de 

 

Contact details Data Protection Officer  

Name: Peter Menneke 

Company name: DATEV eG  

Address: 90329 Nürnberg 

Email: dsb@schmidbauer-gruppe.de 

 

From which source do we obtain your personal data?  

In principle, the collection of your data takes place on your premises. The processing of personal data provided by you is necessary to fulfill the obligations arising from the contract you have concluded with us. Due to your duties to cooperate, it is inevitable to provide the personal data requested by us, otherwise, we will not be able to fulfill our contractual obligations. 

Provision of your personal data is necessary within the framework of pre-contractual measures (e.g., master data entry in the interested party process). If the requested data is not provided by you, a contract cannot be concluded. 

In order to provide our services, it may be necessary to process personal data that we have received from other companies or other third parties, e.g., revenue offices, your business partner, or the like, permissibly and for the respective purpose. 

Furthermore, we may process personal data from sources that are publicly accessible, e.g., websites, which we use legitimately and only for the respective contractual purpose. 

 

Purposes and legal bases of the processing 

The personal data you provide to us will be processed in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG): 

Due to legal requirements (acc. to art. 6 para. 1 subpara. c GDPR) or public interest (acc. to art. 6 para. 1 subpara e GDPR) 

The purposes of data processing result from legal requirements or lie in the public interest (e.g., compliance with retention obligations; proof of compliance with the tax consultant's notification and information obligations). 

 

For the fulfillment of contractual obligations (acc. to art. 6 para. 1 subpara. b GDPR) 

On the one hand, the purposes of the data processing result from the introduction of pre-contractual measures that precede a contractually regulated business relation, and on the other hand from the fulfillment of the obligations from the contract that was closed with you. 

 

On the basis of consent (acc. to art. 6 para. 1 subpara. a GDPR) 

The purposes of processing personal data result from giving consent. Your consent can be revoked at any time with effect for the future. Consents given before the GDPR took effect (25 May 2018) can also be revoked. Processing that took place before the revocation remains unaffected by the revocation. For example: Sending a newsletter; consent to data disclosure to third parties at your request (e.g., banks, insurances, shareholders, etc.). 

 

Within the scope of balancing conflicting interests (acc. to art. 6 para. 1 subpara. f GDPR) 

The purposes of the processing result from the protection of our legitimate interests. It may be necessary to process the data you have provided to us beyond the actual performance of the contract. Our legitimate interest may be used to justify further data processing that you have provided to us, subject to the condition that your interests or fundamental rights and freedoms do not prevail. Our legitimate interest may be in individual cases: enforcement of legal claims; defense of liability claims; prevention of criminal offenses. 

 

Who receives the personal data you provide us with?  

Within our company, only those divisions receive access to the personal data that you have provided to us, which are required to fulfill contractual and legal obligations and which are entitled to process this data. 

In fulfillment of the contract that has been concluded with you, only those divisions receive the data that you have provided to us, which require this data for legal reasons, e.g., tax authorities; social insurance carriers; competent authorities and courts. 

Other recipients will only receive the data you have provided to us at your request if you give us the necessary consent. 

Within the scope of our services, we commission contractors who contribute to the fulfillment of contractual obligations, e.g., computer center service providers; EDP partners; companies who shredder documents, etc. These data processors are contractually bound by us to comply with the requirements of the GDPR and the BDSG. 

 

Will the data you provide to us be transferred to third countries or international organizations? 

Data that you provide to us will in no case be transferred to a third country or an international organization. If in individual cases, you wish the data you have provided to us to be transferred to a third country or an international organization, we will only do so with your written consent. 

Does automated decision making, including profiling, take place? 

No fully automated decision making (including profiling) according to art. 22 GDPR is applied to process the data you have provided to us. 

 

Duration of processing (criteria for deletion) 

The data you have provided to us will be processed for as long as it is necessary to achieve the contractually agreed purpose, in principle, as long as the contractual relationship with you exists. After the end of the contractual relationship, the data you have provided to us will be processed to comply with legal retention obligations or on the basis of our legitimate interests. After the legal retention periods have expired or our legitimate interests have ceased to exist, the data that you have provided to us will be deleted. 

 

Expected periods of storage obligations and our legitimate interests are: 

  • Fulfillment of commercial and tax retention periods: The periods for storage and documentation specified therein range from two to ten years. 

  • Preservation of evidence under the statute of limitations: According to sections 195 contd. of the German Civil Code (BGB), the limitation period can be up to 30 years, whereas the standard limitation period is three years. 

 

Information and access to personal data 

  • Right of access acc. to art. 15 GDPR: 
    Upon request, you have the right to receive information free of charge as to whether and what data about you is stored and for what purpose it is stored. 

  • Right to rectification acc. to art. 16 GDPR: 
    You have the right to request from the Data protection officer to  correct your incorrect personal data without delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration. 

  • Right to erasure ("Right to be forgotten") acc. to art. 17 GSPR: 
    You have the right to demand from the Data protection officer to delete your data immediately. The person responsible is obliged to delete personal data immediately, if one of the following reasons applies:  

  1. Purposes shall cease to apply for which the personal data was  collected. 
  2. You are revoking your consent to the processing. There is no other legal basis for the processing. 
  3. You object to the processing. There is no other legal basis for the processing. 
  4. The personal data have been processed unlawfully. 
  5. The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which the Data protection officer is subject.  
  6. The personal data has been collected in relation to information society services provided in accordance with article 8 para. 1. 
  • Right to restriction of processing according to art. 18 GDPR and art. 35 BDSG: 
    You have the right to request a limitation of the processing, if one of the following conditions is given: 

  1. You doubt the accuracy of the personal data. 
  2. The processing is unlawful, but you refuse to have it deleted. 
  3. Personal data is no longer required for the purposes of  processing; however, you will need the data to assert, exercise, or defend legal claims. 
  4. You have filed an objection against the processing acc. to art. 21 para. 1 GDPR. As long as it has not yet been determined whether the legitimate reasons of the responsible person outweigh you, the processing will be restricted. 
  • Right to data portability acc. to art. 20 GDPR: 
    You have the right to receive the data you provided from the person responsible in a structured, current, and machine-readable format. Forwarding it to another responsible person may not be hindered by us. 

  • Right to object acc. to art. 21 GDPR: 
    In this case, please contact the person responsible for processing (see above).  

  • Right to lodge a complaint with a supervisory authority acc. to art. 13 para. 2 subpara. d, 77 GDPR in connection with art. 19 BDSG: 
    If you believe that the processing of your data violates the GDPR, you have the right to lodge a complaint with the supervisory authority. For this purpose, please contact the competent supervisory authority 

  • Withdrawal of consent acc. to art. 7 para. 3 GDPR: 
    If the processing is based on your consent acc. to art. 6 para. 1 subpara. a or art. 9 para. 2 subpara. a (processing of special  categories of personal data), you are at any time entitled to withdraw the appropriately bound consent without prejudice to the legality of the processing which has taken place on the basis of the consent until revocation. 

 

 

Categories of personal data undergoing processing Types of personal data within the category Source of personal data (and, if applicable, whether the source is publicly available) Categories of personal data undergoing processing Types of personal data within the category Source of personal data (and, if applicable, whether the source is publicly available) Source of personal data (and, if applicable, whether the source is publicly available)
     
Contact details Name and surname Data subject
  Company name  
  Address  
  E-mail address  
  Phone number  
Data about individual requests   Data subject
Order data   Data subject
Website usage data   Data subject
Data that is stored in "system" cookies*   Data subject
     

* Cookies are small text files containing information that are placed on the user's device by their browser when they visit a website.
When the website is visited again using the same device, the cookie and the information stored in it can be retrieved.

D. Analysis tools

The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 lit. f DSGVO. With the tracking measures used, we want to ensure that our website is designed to meet the needs of our customers and is continuously optimised. On the other hand, we use the tracking measures to record the use of our website statistically and evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as justified in the sense of the aforementioned regulation. The respective data processing purposes and data categories can be found in the corresponding tracking tools.

1. Google Analytics

For the purpose of customizing and continually optimizing our pages, we use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.com/intl/en/about/) (1600 Amphitheater Parkway, Mountain View, CA 94043, USA, hereafter "Google"). In this context, pseudonymized usage profiles are created and cookies (see point 4) are used. Information generated by the cookie about your use of this website, such as

  • Browser type / version,
  • Operating system used,
  • Referrer URL (the previously visited page),
  • Host name of the accessing computer (IP address),
  • Time of server request,

are transmitted to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purposes of market research and tailor-made website design. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of the company. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymized, so that an assignment is not possible (IP masking).
You can prevent the installation of cookies by setting the browser software accordingly; however, we point out that in this case not all features of this website may be fully exploited.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https: //tools.google.com/dlpage/gaoptout?hl=en)
As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics by clicking on this link: disable Google Analytics. An opt-out cookie will be set that will prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
For more information about privacy related to Google Analytics, see the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=en)

2. Google Adwords Conversion Tracking

To statistically record the use of our website and to evaluate it for the purpose of optimizing our website, we also use Google conversion tracking. In doing so, Google Adwords will set a cookie (see paragraph 5) on your computer if you have reached our website via a Google ad. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of the Adwords customer's website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page. Every Adwords customer receives a different cookie. Cookies can not be tracked via the websites of Adwords customers. The information gathered using the conversion cookie is used to generate conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers are informed of the total number of users who clicked on their ad and were redirected to a conversion tracking tag page. However, they do not receive information that personally identifies users. If you do not want to participate in the tracking process, you can also refuse the required cookie setting - for example, via a browser setting that generally disables the automatic setting of cookies. You can also disable cookies for conversion tracking by setting your browser to block cookies from the domain "www.googleadservices.com". Google's privacy policy on conversion tracking can be found here (https://services.google.com/sitestats/en.html).

 

E. Purpose and legal basis for the processing of personal data

We process the categories of personal data (see above under point C) for the following purposes and in accordance with the following legal bases.

If the processing is based on Article 6 (1) (f) GDPR, we also state the legitimate interests pursued by us or a third party.

Purpose of processing (and, if applicable, the legitimate interests in the processing) (Categories of) personal data (for details of the respective categories, see point C above) Legal basis for processing according to the GDPR (from 25/05/2018)
     
Display of our website at the request of the user Website usage data Article 6 (1) (f) GDPR
Processing of your contact requests Contact details Article 6 (1) (f) GDPR
  Contact details  
Processing and execution of your orders in our Online Shop Contact details Article 6 (1) (b) GDPR
  Data about individual requests  
  Order data  

F. Recipients of personal data

For the purposes described under point D above, we disclose personal data to the following (categories of) recipients:

1. Internal recipients (recipients within the controller)

  • Marketing
  • Data Protection Officer
  • Administration

2. External recipients (recipients outside the controller)

a. External recipients who receive personal data as the controller

The following recipients, alone or jointly with others, determine the purposes and means of the processing of personal data:

  • none

b. External recipients who receive personal data as processors

The following recipients process personal data on our behalf:

 

G. Transfer of personal data to a third country and/or to international organisations

No transfers of personal data to third countries (countries outside the European Economic Area) and/or to international organisations are intended

 

H. Automated decision-making including profiling

We do not use automated decision-making including profiling in accordance with Article 22 (1) and (4) GDPR.

 

I. Period for which the personal data will be stored

The period for which the personal data will be stored is listed below or is determined using the following criteria:

Categories of personal data (for details of the respective categories, see point C above) Period for which the personal data will be stored / Criteria for determining this period
   
Contact details 10 years, if necessary to fulfil statutory retention obligations
Data about individual requests 10 years, if necessary to fulfil statutory retention obligations
Order data 10 years, if necessary to fulfil statutory retention obligations
Website usage data 7 days
Data that is stored in "system" cookies* 7 days

J. Requirement / obligation to provide personal data and possible consequences of the non-provision of such data

The provision of the following personal data is required by law or contract or necessary for the conclusion of a contract:

(Categories of) personal data (for details of the respective categories, see point C above) Requirement / obligation Possible consequences of the non-provision of such data
     
Contact details Required to conclude a sales contract in our Online Shop. A contract cannot be concluded if this data is not provided.
Order data    

K. Rights of the data subject

1. Information, rectification, erasure, restriction, data portability

You have the following rights in respect of the processing of your personal data:

  • to request information about your personal data from us in accordance with Section 34 of the Federal Data Protection Act / Article 15 GDPR;
  • to request that we rectify your personal data in accordance with Section 35 of the Federal Data Protection Act / Article 16 GDPR;
  • to request that we erase your personal data in accordance with Section 35 of the Federal Data Protection Act / Article 17 GDPR;
  • to request that we restrict the processing of your personal data in accordance with Section 35 of the Federal Data Protection Act / Article 18 GDPR;
  • the right to data portability in accordance with Article 20 GDPR.

2. Right to object

In accordance with Article 21 (1) GDPR, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data which is based on Article 6 (1) (e) or (f) GDPR (see point D above), including profiling.
In accordance with Article 21 (2) GDPR, where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

3. Right to withdraw consent

Where the processing is based on consent, in particular but not only in accordance with Article 6 (1) (a) or Article 9 (2) (a) GDPR (see point 0 above), you have the right to withdraw your consent at any time; This, however, does not affect the lawfulness of processing based on consent prior to its withdrawal.

4. Right to lodge a complaint with a supervisory authority

In accordance with Article 57 (1) (f) GDPR, you have the right to lodge a complaint with a supervisory authority.

 

Last updated: 17/12/2019