Privacy Policy

1. Scope of application

1.1 The following Privacy Policy applies to the use of the website and the services offered through it. This website is an offer of J. Schmalz GmbH, Johannes-Schmalz-Str. 1, 72293 Glatten, Germany, schmalz@schmalz.de, as the controller within the meaning of Art. 4 of the EU General Data Protection Regulation ("GDPR"). You can contact our data protection officer at datenschutz@schmalz.de or at our postal address with the addition “Data Protection Officer”.

1.2 The protection of your personal data is important to us, especially with regard to the protection of your personal rights when processing and using this information. In the following, we provide information about the collection of personal data when using our website. Personal data is all data that can be related to you personally, such as your name, address, e-mail addresses, and user behavior.

2. Automated data collection and processing by the browser

2.1 As with every website, our server automatically and temporarily collects information in the server log files that are transmitted by the browser, unless you have deactivated this. If you wish to view our website, we collect the following data, which are technically necessary for us in order to display our website to you and to ensure stability and security (legitimate interests - legal basis Art. 6 para. 1 lit. f GDPR):

• IP address of the requesting computer
• file request from the client
• the http response code
• the website from which you visit us (referrer URL),
• the time of the server request
• browser type and version
• operating system used by the requesting computer

The server log files are not analysed on a personal basis. This data cannot be assigned to specific persons by the provider at any time. This data is not merged with other data sources.

The server log files are stored for a period of one month.

3. Data collection and processing of voluntarily provided data

3.1 General contact

If you provide us with personal data by e-mail or via our website (surname, first name, e-mail address, address), this is generally done on a voluntary basis; there is neither a legal nor a contractual obligation to provide your personal data. The data you provide will be processed to handle your enquiry or to process the contractual relationship. The legal basis for the processing for performance of a contract is Art. 6 para. 1 lit. b GDPR and for the processing on the basis of the above-mentioned legitimate interests is Art. 6 para. 1 lit. f GDPR.

3.2 Customer account

Registration

To use our webshop, you have to create a customer account in our webshop. As part of the registration process, you have to provide your contact details and select a password. These are used to process the customer relationship (legal basis Art. 6 para. 1 lit. b GDPR).

To ensure that you are the owner of the e-mail address, we will send an activation link to your e-mail address. If this user account is not activated, the non-activated profile will be deleted after four weeks.

We store your data in this customer account for future purchases. When you create a customer account, the data you provide will be saved. You can delete all other data, including your customer account, at any time in the customer area. If we are legally obliged to store the information, we will store it for the duration of the legal obligation.

Advertising by e-mail newsletter and telephone

In addition, when registering for a customer account, you can decide whether you would like to be contacted by telephone or e-mail (newsletter, see section 3.3 below) for advertising purposes by clicking on the corresponding check box.

By consenting to receive promotional e-mails, you also give your consent to the measurement of the opening and click rates of links and their further processing.

The legal basis for the processing of your telephone number for the purpose of advertising and of your e-mail address for the purpose of sending newsletters and measuring opening and click rates is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent to being contacted for advertising purposes at any time via the following link: https://www.schmalz.com/en/retractionform/. With regard to newsletters, you can withdraw your consent to receiving advertising or to the measurement of opening and click rates by changing your newsletter settings, which can be accessed via a link in every newsletter.

3.3 Newsletter

You can subscribe to our newsletter, which we use to inform you about our current interesting offers or to send you market and opinion research content (e.g. customer satisfaction surveys).

We use the so-called double opt-in procedure to register for our newsletter: To ensure that you are the owner of the e-mail address, we send a confirmation link to your e-mail address. If you do not confirm your registration within 24 hours, no newsletter will be sent to you and your e-mail address will be deleted after four weeks. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.

After your confirmation, we will store the data you have provided for the purpose of sending you the newsletter (legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR).

You can withdraw your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your withdrawal of consent by clicking on the link provided in every newsletter e-mail.

The newsletters contain a so-called "web-beacon", i.e. an invisible pixel-sized file that is retrieved from our server when the newsletter is opened or, if we use a dispatch service provider, from their server. As part of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and the time of retrieval, is initially collected. All links in the e-mail newsletters are so-called tracking links that can be used to count your clicks.

The collection of this data enables us to analyse the behaviour of newsletter recipients and statistically evaluate the information. The analysis includes determining how many recipients have opened our newsletter, how many recipients have clicked on a link and how many clicks the individual links have received. The analyses help us to recognise the usage habits of our newsletter recipients and adapt our content accordingly.

By registering for the newsletter, you also give your consent to the measurement of open rates and click rates of links and their further processing. You can withdraw your consent to the analysis of opening and click rates at any time by changing your newsletter settings, which can be accessed via a link in every newsletter.

We use the Evalanche service to send our newsletter. The provider is SC-Networks GmbH. Evalanche is a service that can be used to organise the sending of newsletters and to analyse the newsletters sent and interactions on other channels. We have concluded a data processing agreement with SC-Networks GmbH in accordance with Art. 28 GDPR, in which we oblige SC-Networks GmbH to protect our customers' data and not to pass it on to third parties.

We may also process the data you provide in order to inform you by post about other interesting products from our portfolio. The legal basis is our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR.

3.4 Webshop

Order

If you wish to place an order in our webshop, it is necessary for the conclusion of the contract that you provide your personal data, which we need in order to process your order. Mandatory information required for the performance of the contract is marked separately, other information is voluntary. We process the data you provide to process your order. The legal basis is Art. 6 para. 1 sentence 1 lit. b GDPR.

Your data will only be used for as long as is necessary for the existing customer relationship. Irrespective of this, we are obliged by commercial and tax law to store your address, payment and order data for a period of ten years.

Payment processing

For this purpose, we may pass on your payment data to our main bank or an online payment service of our use. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b GDPR.

If you decide in favour of a payment method offered via the payment processing platform "Stripe", payment processing is carried out via Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provide during the ordering process in addition to the information about your order. The following payment methods are integrated via Stripe: Credit card and Kobini (only available in Japan).

Your data will only be passed on for the purpose of payment processing with the respective provider and only to the extent that it is necessary for this purpose.

Shopping basket dispatch by e-mail

As a registered user, you have the option of sending your shopping basket to third parties by e-mail. Your e-mail address will be used as the sender address. The processing of your data and the recipient's e-mail address (this is not actively stored by us, but can be seen from the log files) is based on our and your legitimate interests in order to simplify the ordering of goods by you or the recipient of the e-mail (Art. 6 para. 1 lit. f GDPR). We do not use the data for advertising purposes.

Direct advertising, market and opinion research

If you order in our webshop, we will evaluate your orders placed in our webshop and may use them to optimise our products and our shopping experience, provide you with tailored information about our offer or our company, or otherwise contact you (legal basis Art. 6 para. 1 lit f. GDPR). Our legitimate interests lie in optimising the shopping experience and the product portfolio on our website. We will only contact you by e-mail and telephone if you have given us your consent to do so.

We use your address data for direct marketing purposes by post. The legal basis is our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR to send you offers that are relevant to you.

3.5 Career page

On our careers page, you can submit unsolicited applications or apply for specific vacancies. We offer you the opportunity to use our application portal for this purpose. You also have the option of registering in our application portal. Your data (name, e-mail address, address, contact details, application documents) will only be processed within the scope of the respective job advertisement (Art. 6 para. 1 lit. b GDPR, § 26 BDSG) or within the scope of the consent you have given for use for further job offers (Art. 6 para. 1 lit. a GDPR). If you have given us your consent to process your application data, you can withdraw this at any time.

Note on sensitive data: We expressly draw your attention to the fact that applications, in particular CVs, certificates, and other data you submit to us, may contain particularly sensitive information about mental and physical health, racial or ethnic origin, political opinions, religious or philosophical beliefs, membership of a trade union or political party, or sex life.

If you provide us with such data in your online application, you expressly agree that we may process this data for the purpose of processing your application. This data will be processed in accordance with this Privacy Policy and other relevant legislation.

The data transmitted will be deleted 6 months after the end of the application process in the event of rejection or a negative decision on your application. This does not apply if statutory provisions prevent deletion or if further storage is necessary for the purpose of providing evidence or if you have consented to longer storage.

We use the application platform "Concludis" from the provider concludis GmbH, Auenweg 3, 50679 Cologne, Germany, to process online applications. We have concluded a Data Processing Agreement with Concludis.

The recipient of your data within the meaning of Art. 13 (1) (e) GDPR is concludis GmbH, Auenweg 3, 50679 Cologne. As part of data processing, we transfer personal data that you transmit to us in the online application process to Concludis as a processor.

4. Use of services and content requiring consent

4.1 Consent Management

We use Usercentrics as a Consent Management tool in the context of the use of content and services requiring consent.

The recipient of your data within the meaning of Art. 13 para. 1 lit. e GDPR is Usercentrics GmbH. As part of data processing, we transmit personal data (consent data) to Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich as processor. Consent data includes the following data: Date and time of the visit or consent / refusal, device information.

The data is processed for the purpose of compliance with a legal obligation (obligation to provide evidence pursuant to Art. 7 para. 1 GDPR) and the associated documentation of consent and thus on the basis of Art. 6 para. 1 lit. c GDPR. Local storage is used to store the data.

The consent data is stored for 1 year. The storage location is the European Union. Further information on the data collected and contact options can be found at https://usercentrics.com/privacy-policy/.

4.2 Content/services integrated via Consent Management

In the Consent Management tool, you can choose whether you only accept the use of technically necessary services or whether you also agree to the use of services for marketing purposes or other functions such as the display of third-party content (maps, videos). You can select individual categories (Essential, Functional, Marketing ) or decide on individual services within the categories.

The following services are included in the respective categories:

Essential

• Hosting
• Content Delivery Networks (e.g. scripts)
• Guarantee of security on the website

The legal basis for the use of essential services is our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR in a functional and secure website.

Marketing

• Analysis of user behaviour
• Placement of adverts

The legal basis for the use of marketing services is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future.

Functional

• Survey tools
• Social network content
• Third-party content that improves the user experience (e.g. videos, maps, etc.)

The legal basis for the use of functional services is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future by making a new selection in the Consent Management Tool.

You can make or change a selection under the following link. There you will also find a detailed overview and information for the end user about the services and cookies used and their storage period: Cookie Consent Manager

5. Disclosure to third parties

If you have provided us with personal data, this will not be passed on to third parties. It will only be passed on

• within the scope of your consent. When the data is collected, you will be informed of the recipients or categories of recipients.
• in the context of processing your enquiries, your orders and the use of our services to commissioned subcontractors and trading partners, who only receive the necessary data for the execution of this order or enquiry and use it for the intended purpose.
• to external service providers as part of data processing in accordance with Art. 28 GDPR. These service providers have been carefully selected and commissioned by us, are bound by our instructions and the provisions of the GDPR and are regularly monitored.
• in the context of the fulfilment of legal obligations to bodies entitled to receive information.

6. Cookies

6.1 The website uses cookies. Cookies are small text files that are stored locally in the cache of your browser. The following types of cookies, the scope and function of which are explained below, are used on this website:

• Transient cookies (see 6.2)
• Persistent cookies (see 6.3).

6.2 Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.

6.3 Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies at any time in the security settings of your browser.

6.4 You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may not be able to use all functions of this website.

6.5 We use cookies to identify you for subsequent visits if you have an account with us. Otherwise, you would have to log in again for each visit.

7. Social networks

We maintain publicly accessible profiles ("fan pages") on the following social networks.

When you visit our fan pages, the provider of the social network generally analyses your user behaviour and records your device information. This takes place regardless of whether you are logged in to the social network or not. Most providers provide us with an evaluation of the analysis of interactions with our fan page. Further information can be found in the links to the respective social network.

Insofar as we have concluded a Joint Controller Agreement with the provider of the social network, this is linked below. Such an agreement specifies who is responsible for which data processing operations when you visit our fan pages.

• YouTube
  Data protection information: https://policies.google.com/privacy?hl=en, https://policies.google.com/technologies/partner-sites?hl=en&gl=en, https://policies.google.com/technologies/cookies?hl=en&gl=en#how-google-uses-cookies
• LinkedIn
  Data protection information: https://www.linkedin.com/legal/privacy-policy?trk=content_footer-privacy-policy/
  Joint Controller Agreement: https://legal.linkedin.com/pages-joint-controller-addendum
• Facebook
  Data protection information: https://www.facebook.com/privacy/policy/?entry_point=facebook_page_footer
  Joint Controller Agreement: https://www.facebook.com/legal/terms/page_controller_addendum
• X (formerly Twitter)
  Data protection information: https://x.com/en/privacy
• Instagram
  Data protection information: https://help.instagram.com/155833707900388?locale=en_GB&cms_id=155833707900388&force_new_ighc=false
  Joint Controller Agreement: https://www.facebook.com/legal/terms/page_controller_addendum
• Xing
  Data protection information: https://privacy.xing.com/en/privacy-policy

The legal basis is our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR to provide an appealing and up-to-date online presence. Please note that the provider of the respective social network may base its processing of personal data on a different legal basis.

We delete the data arising in this context after the storage is no longer necessary, unless there are legal storage obligations, or limitation periods must be observed.

Insofar as we are joint controllers with the social network for the processing of personal data, you can assert your rights both against us and against the provider of the social network. Please note, however, that depending on the processing operation, we do not have full influence on the processing of personal data, as this is mainly carried out by the provider of the social network.

8. Marketing

LinkedIn Analytics, LinkedIn Ads and Matched Audiences

We use the conversion tracking technology and the retargeting function of the LinkedIn Corporation on our website.

With the help of this technology, visitors to this website can be shown personalized advertisements on LinkedIn. Furthermore, it is possible to create anonymous reports on the performance of the advertisements and information on website interaction. For this purpose, the LinkedIn Insight tag is integrated on this website, which establishes a connection to the LinkedIn server if you visit this website and are logged into your LinkedIn account at the same time.

Matched Audiences:

We use the Linkedin service Matched Audiences to stay in contact with corporate customers (companies, individuals) with whom we have already made contact via our website, contact or account lists in marketing campaigns and to be able to offer you products. Via Matched Audiences, our contact information collected from you is now compared with the data you have provided in Linkedin (with your consent to Linkedin in accordance with Art. 6 para. 1 lit. a GDPR). No personal data is processed in the area of company targeting. This is not the case for contact targeting, where the target group is individuals; here the following data is processed Email address, first and last name, company name, country, mobile device IDs.

The comparison of your contact data, which we have, is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) to maintain the customer relationship with existing customers and interested parties and to be able to make you targeted offers. If you do not wish to be contacted here, please let us know via schmalz@schmalz.de and you will be removed from the contact lists for matched audiences.

The data we use is stored in the Linkedin data center and the e-mail addresses are hashed (encrypted). The data stored there is then used for matching. Uploaded contact list data is only stored for 30 days, after which it is deleted. The target groups defined by us are deleted after 90 days if they are not edited or used in active campaigns. There is a data processing agreement with the provider LinkedIn.

In LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy you will find further information on data collection and data use as well as the options and rights to protect your privacy. If you are logged in to LinkedIn, you can deactivate data collection at any time using the following link: https://www.linkedin.com/psettings/enhanced-advertising.

J. Schmalz uses LinkedIn Sales Navigator to improve the identification and management of potential business contacts on the LinkedIn platform. For this purpose, the contacts in the network are used by us and by followers of our company to find contacts corresponding to our target group and to match them with our customer management system. The information you provide on LinkedIn (profile) is used for this purpose. The data is provided by LinkedIn and used on the basis of your consent to LinkedIn's terms of use when you register your LinkedIn membership. The use of this data is based on our legitimate interest in the effective use of LinkedIn contacts via LinkedIn Sales Navigator to promote our own business activities. Providing this information is linked to your LinkedIn membership. If you do not want this, as a member you can decide for yourself which messages you receive by adapting your communication settings in the privacy settings or by using the unsubscribe link in the footer of messages (e.g. in Sales Navigator-InMails).

For your rights as a data subject vis-à-vis J. Schmalz GmbH, please refer to section 12. Your rights.

9. ControlRoom App

With this data protection information, we inform you about the handling of your personal data when using the Schmalz ControlRoom app.

With the free ControlRoom app, data and messages from the intelligent Schmalz components can be transmitted and read out wirelessly via NFC or QR code. The components can also be conveniently parameterized via the mobile device.

The processing of data serves the following purposes:

• Identification of Schmalz products via NFC tags (using the NFC function of the mobile device) and QR codes (using the camera)
• Access to the complete technical documentation of the products
• Diagnosis and parameterization of intelligent components via NFC
• For registered users: access to further product-specific information such as service dates (UVV), direct contacts and a company-wide device library for the user

a) If the ControlRoom app is used via the web application available on the Internet at https://myproduct.schmalz.com, we will only process your data if this is necessary for the performance of the contract (Art. 6 para. 1 lit. b GDPR). Furthermore, we collect personal data if it is necessary for the functionality of the app and your interest in the protection of your personal data does not outweigh the collection (Art. 6 para. 1 lit. f GDPR).

For these purposes, we also process the data that you provide to us via the web application: To display any data or information about our products, it is necessary to provide an NFC tag, QR code or item/serial number.

When using the web application, we otherwise process your data as described in sections 2-9 of this privacy policy.

b) If you download and use the ControlRoom app as a mobile application (hereinafter referred to as mobile app) from an app store, the following data protection information applies:

Data Collected When Downloading the Mobile App

(1) When you download the mobile app, certain personal data required for this purpose will be transmitted to the relevant app store (e.g. Apple App Store).

(2) In particular, the e-mail address, the username, the customer number of the downloading account, the individual device identification number, payment information and the time of the download are transmitted to the App Store during the download.

(3) We have no influence on the collection and processing of this data; it is carried out exclusively by the app store you have selected. Accordingly, we are not responsible for this collection and processing; the responsibility for this lies solely with the app store.

Data Collected When Using the Mobile App

(1) We only collect data via the mobile app if this is necessary for the fulfillment of the contract (Art. 6 para. 1 lit. b GDPR). Furthermore, we collect personal data if this is necessary for the functionality of the app and your interest in the protection of your personal data does not outweigh the collection (Art. 6 para. 1 lit. f GDPR).

(2) We collect and process the following data from you:

• Device information: The access data includes the IP address, device ID, device type, device-specific settings, and app settings as well as app characteristics, the date and time of the retrieval, the time zone, the amount of data transferred and the notification whether the data exchange was complete, app crash, browser type and operating system. This access data is processed to enable the technical operation of the app.
• Registration data: For registered or logged-in users, the username, name, e-mail, company name and address, customer number and the time of registration are also processed.
• Data that you provide to us: To display any data or information about our products, it is necessary to provide an NFC tag, QR code or item/serial number.

Use of Cookies

(1) We use cookies when operating the mobile app. Cookies are small files that are stored on the device memory of your mobile device, and which are assigned to the mobile app you are using. Certain information flows through the cookie to the entity that sets it. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make our mobile app more user-friendly and effective overall, thus more convenient for you.

(2) Cookies may contain data that makes it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that are not relatable to persons. However, cookies cannot directly identify a user.

(3) A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. In terms of their function, a distinction is made between cookies:

• Technical cookies: These are absolutely necessary to move within the app, use basic functions and ensure the security of the app; they do not collect information about you for marketing purposes, nor do they store which websites you have visited;
• Performance cookies: These collect information about how you use our app, which pages you visit and, for example, whether errors occur when using the app; they do not collect any information that could identify you - all information collected is anonymous and is only used to improve our app and find out what our users are interested in.

(4) Any use of cookies which is not absolutely technically necessary constitutes data processing that is only permitted with your explicit and active consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

When using the mobile app, we otherwise process your data as described in sections 2 - 9 of this privacy policy.

10. Duration of storage

The personal data processed by us will be deleted in accordance with the legal requirements as soon as the consents allowing the processing are withdrawn or other authorisations no longer apply (e.g. if the purpose of processing this personal data no longer applies or it is not required for the purpose).

Irrespective of this, we are obliged by commercial and tax law to store your address, payment and order data for a period of ten years.

11. Profiling

Automated decision making within the meaning of Art. 22 GDPR does not take place.

12. Your rights

12.1 You have the following rights vis-à-vis us with regard to your personal data:

• right of access,
• right of rectification or erasure,
• right to restriction of processing,
• right to object to processing,
• right to data portability.

You can object at any time to the processing of personal data that is carried out to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR.

Our legitimate interests are presented by us in each case in the description of the processing of personal data. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either discontinue or adapt the processing of personal data or point out to you our compelling legitimate grounds on the basis of which we will continue the processing.

You can object to the processing of your personal data for direct marketing purposes and related profiling at any time without giving reasons. Your personal data will then no longer be processed for these purposes.

Please send your written enquiry to J. Schmalz GmbH, Johannes-Schmalz-Str. 1, 72293 Glatten, Germany, or to the following e-mail address: datenschutz@schmalz.de.

12.2 You also have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data. The supervisory authority responsible for Baden-Württemberg:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
P.O. Box 10 29 32, 70025 Stuttgart
Lautenschlagerstraße 20, 70173 Stuttgart
Phone: 0711/61 55 41 – 0
Fax: 0711/61 55 41 – 15
E-Mail: poststelle@lfdi.bwl.de
Internet: https://www.baden-wuerttemberg.datenschutz.de

Further supervisory authorities can be found here:

https://www.baden-wuerttemberg.datenschutz.de/die-aufsichtsbehorden-der-lander/