1. Area of Application
1.2 Protecting your personal data, and particularly your personality rights, while processing and using this information is very important to us. Here we inform you about the collection of personal data when using our website. Personal data is all data that personally identifies you, such as name, address, e-mail addresses and user behavior.
2. Automatic Data Collection and Processing by the Browser
2.1 As with any website, our server automatically and temporarily collects information in the server log files transmitted by the browser, unless you have disabled this. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to guarantee stability and security (Art. 6 (1) (f) of the GDPR forms the legal basis for such data processing):
- IP address of the computer making the request
- Client’s data request
- HTTP response code
- Internet page from which you are visiting us (referrer URL)
- Time of the server request
- Browser type and version
- Operating system used on the computer making the request
The server log files are not evaluated in a way that could result in personal identification. At no point in time can the provider attribute this data to a specific person. This data is not combined with other sources of data.
2.2 This website uses Google Analytics, a web analytics service from Google Inc. (“Google”). Google Analytics uses “cookies,” i.e. text files that are stored on your computer and allow analysis of your use of the website. The information about your use of this website generated by the cookie is generally sent to and stored on one of Google’s servers in the U.S. However, if IP anonymization is activated on this website, Google will first truncate your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area. The full IP address is only sent to one of Google’s servers in the U.S. and truncated there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with further services associated with website and Internet use.
The IP address transmitted by your browser within the framework of Google Analytics is not merged with other Google data in accordance with relevant statements made by Google.
You can set your browser to prevent cookies from being stored; however, doing so will prevent you from being able to fully use all of the website’s functions. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en
This website uses Google Analytics with the extension "_anonymizeIp()". IP addresses are then further processed in truncated form, so that users are not personally identifiable. If the data collected about you is considered personal, it will be immediately excluded and the personal data will be immediately deleted.
We use Google Analytics to analyze and regularly improve the use of our website. We can improve our services and make them more interesting for you as a user. For the exceptional cases in which personal data is transferred to the U.S., Google is subject to the EU-US Privacy Shield found at: https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 (1) S. 1 lit. f of the GDPR.
Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore can only provide you with information according to our level of knowledge: By integrating DoubleClick, Google receives information that you have accessed the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google may associate your visit with your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.
You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly. The suppression of third-party cookies, in particular, prevents you from receiving ads from third-party providers; b) by deactivating cookies for conversion tracking by setting your browser to block cookies from the domain „www.googleadservices.com“ c) by deactivating the interest-based ads of providers that are part of the "About Ads" self-regulation campaign via the following link: http://www.aboutads.info/choices This setting will be deleted when your cookies are deleted; d) by permanently deactivating cookies in your web browser (Firefox, Internet Explorer, Google Chrome, etc.) via the following link: http://www.google.com/settings/ads/plugin. Please note that in this case you may not be able to use all functions of our website in full.
The legal basis for the processing of your data is Art. 6 para. 1 sentence 1 lit. f of the GDPR. For more information about DoubleClick by Google, please visit https://www.google.de/doubleclick and http://support.google.com/adsense/answer/2839090.
2.7 We also use Bing Ads, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). This service enables us to track the activities of users on our website when they come to our website via ads from Bing Ads. If you access our website via such an advertisement, a cookie is stored on your computer. A Bing tag is integrated on our website. This is a code used in connection with the cookie to store some non-personal data about the use of the website. This includes the time spent on the website, which areas of the website were accessed and through which ads the users accessed the website. Information about your identity is not collected. The legal basis for the use of Bing Ads is Art. 6 Para. 1 S. 1 lit f of the GDPR.
The information collected may also be transferred to Microsoft servers in the United States and stored there for a maximum of 180 days. If Microsoft transfers data to the USA in this context, Microsoft is subject to the EU-US Privacy Shield found at: https://www.privacyshield.gov/EU-US-Framework. You can prevent data collection generated by the cookie and related to your use of the website as well as the processing of this data by deactivating cookies. This may restrict the functionality of the website. In addition, Microsoft may be able to track your usage across multiple electronic devices through cross-device tracking, enabling Microsoft to display personalized advertising on or in Microsoft web pages and apps. http://choice.microsoft.com/de-de/opt-out
2.8 To optimize our website according to the needs of our visitors, we use the products and services of WiredMinds GmbH, Lindenspürstr. 32, 70176 Stuttgart (www.wiredminds.de). The legal basis for this is Art. 6 para. 1 sentence 1 lit f of the GDPR. Data is collected, processed, stored and subsequently used to create user profiles under a pseudonym. Where possible and reasonable, user profiles are completely anonymized. Cookies (see section 5) may be used for this purpose. The collected data, which may also contain personal data, is transmitted to or collected directly by WiredMinds. WiredMinds is permitted to use information obtained from previous website visits to create anonymous user profiles. The data obtained in this way will not be used to personally identify the website user without the separate consent of the user and will not be combined with personal data about the bearer of the pseudonym. If IP addresses are collected, they will be immediately anonymized after collection by deleting the last block of numbers. If you do not agree with this, click on the following link to object to the use of the data from your website visit and to completely prevent website tracking: Exclude from tracking.
2.9 The "Trusted Shops Trustbadge" provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, is integrated into this website. The Trusted Shops Trustbadge aggregates reviews of our shop. With respect to weighing interests, our legitimate interest in the best possible marketing of our services takes precedence. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f of the GDPR.
When you select the trust badge, the web server automatically saves a so-called server log file with the information mentioned in section 2.1. This data is not evaluated and is automatically overwritten within seven days following your visit to the web page.
No further personal data will be transferred to Trusted Shops without your express consent. Further information on data protection at Trusted Shops can be found at: https://www.trustedshops.de/impressum/?utm_content=menu_all_dataprotection__trustmark_and_reviews&utm_campaign=trustbadge_maximised.
2.10 We use the Facebook Connect plug-in provided by Facebook Inc, 1601 Willow Road, Menlo Park, California, 94025, USA ("Facebook") on our website, which connects this website to Facebook's social network. Further information can be found at: http://developers.facebook.com/plugins
By activating (see section 4.2) a Facebook plug-in, your browser establishes a direct connection to the Facebook servers. The content of the Facebook plug-in is transmitted directly from Facebook to your browser. At the same time, certain data is transmitted from your browser to Facebook. This happens regardless of whether you use the Facebook plug-ins or not. We have no control over the amount of data Facebook collects in this way. According to our current state of knowledge, this data includes:
- Pages visited on our website that contain the Facebook plug-in
- The data generally transmitted by your browser (IP address, browser type and version, operating system, time)
- The respective Facebook identification number of Facebook users who are registered and logged into Facebook
For the purpose and scope of data collection and for further processing and use of the data by Facebook as well as your privacy rights and settings options, please refer to Facebook's data protection information at: http://www.facebook.com/policy.php. You have the right to object to the creation of user profiles. You must contact Facebook to exercise this right. The legal basis for using the Facebook plug-in is Art. 6 Par. 1 S. 1 lit. f of the GDPR.
If you are a Facebook member and do not want Facebook to collect data about you via our website and link it to your user data stored on Facebook, you must log out of Facebook before visiting our website and possibly delete existing Facebook cookies.
The Facebook plug-ins can also be blocked using add-ons for your browser. For more information, see the add-ons pages for your browser.
2.11 When you contact us via the chat function of this website, Userlike, a live chat software provided by Userlike UG (limited liability), Probsteigasse 44-46, 50670 Cologne, is used. The legal basis for the integration of Userlike is Art. 6 Par. 1 S. 1 lit. f of the DS-GVO, whereby our legitimate interest is to provide you with a technically reliable live chat function to improve service on our website.
The following data is collected, processed and stored: Content of the chat, date and time of the call, browser type/version, operating system used, URL of the previously visited website as well as the amount of data sent. The data collected is not combined with personal data. The data will also be stored at Userlike UG. We delete the data after six weeks.
Further information on data protection at Userlike UG can be found at: http://www.userlike.de/privacy_policy.
2.12 We use SurveyMonkey (SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland) to create and evaluate online surveys. Usage is based on Art. 6 para. 1 lit. f of the GDPR. Our legitimate interest lies in the analysis and optimization of our services. Participation in online surveys is voluntary.
If you click on the link to the survey, your IP address is saved. In addition, we ask you to provide your first and last name and e-mail address in order to clarify any queries you may have. This information is voluntary. The results are used by us for analysis and as a basis for improving our services. Survey participants can contact us at any time to request the deletion of their survey data, including personal data. It is not possible to correct answers after the survey has been sent.
SurveyMonkey will process this information on our behalf to generate customer satisfaction analysis reports. SurveyMonkey may also evaluate the information for its own purposes. SurveyMonkey collects cookies, usage data, device and browser data, log data, and third party integration data where applicable. Pseudonymous user profiles can be created from the processed data. Respondents' contact information may also be used to resolve a concern, provided that person has contacted SurveyMonkey.
2.14 We use Google Maps on this website. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function. The legal basis for the use of Google Maps is Art. 6 Par. 1 S. 1 lit. f of the GDPR.
By visiting the website, Google receives the information that you have accessed from the corresponding subpage of our website. In addition, the data referred to in section 2.1 of this policy will be transmitted. This is regardless of whether Google provides a user account into which you are logged in, or whether no user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your Google profile, you must log out before clicking the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and/or user-oriented design of its website. Such evaluation takes place (even for users who are not logged in) particularly for the purpose of providing user-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. You must contact Google to exercise this right.
2.16 We use Google reCAPTCHA to check for and prevent interactions being carried out on our website by automated means of access, or “bots.” Google reCAPTCHA is a service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). If Google transfers data to the U.S. in this context, then Google is subject to the EU-US Privacy Shield found at: https://www.privacyshield.gov/EU-US-Framework.
This service enables Google to determine which website a request is sent from and the IP address that you use to respond to the “reCAPTCHA” query box. In addition to your IP address, Google may also collect other information required to provide and guarantee this service.
The legal basis for the use of Google reCAPTCHA is Art. 6, Para. 1, Clause 1(f) of the GDPR. Our legitimate interest lies in the security of our website and in our need to defend against unwanted automated access in the form of spam and similar attacks.
2.17 LinkedIn Analytics and LinkedIn Ads
- We use the conversion tracking technology and retargeting feature of LinkedIn Corporation on our website.
- This technology allows visitors to this site to play personalized ads on LinkedIn. It also provides the ability to create anonymous reports on ad performance and website interaction information. To do this, the LinkedIn Insight tag is included on this website, which connects you to the LinkedIn server when you visit this website and are logged into your LinkedIn account at the same time.
3. Data Collection and Processing of Voluntarily Provided Data
3.1 General contact
If you provide us with personal data by e-mail or via our website (last name, first name, e-mail address, street address), it is generally on a voluntary basis. This data is used to process contractual obligations as well as your inquiries or orders, market or opinion research and advertising, by post and also, provided applicable legal requirements are met, by e-mail and telephone. The use for market or opinion research and advertising is based on our legitimate interest as recognized in Art. 6 para. 1 lit. f of the GDPR, in the context of the required balancing of interests. No other use of the data will be made; nor will we pass it on to third parties for advertisement, marketing or polling purposes. We delete the data gathered in this context after storage is no longer necessary, or limit the processing if statutory retention obligations exist. The legal basis is Art. 6 para. 1 lit. b of the GDPR or Art. 6 para. 1 lit. f of the GDPR.
3.2 Customer account
To use our web shop and to subscribe to our newsletter, you must create a user account in our web shop. You must provide your contact details when registering. These are used for managing the customer relationship (legal basis is Art. 6 para. 1 lit. b of the GDPR and Art. 6 para. 1 lit. f of the GDPR). We store your data in this account for future purchases. When you create a user account, the data you provide will be stored in such a way that it can be revoked. All other data, including your user account, can always be deleted in the customer area.
With your consent, you can subscribe to our newsletter, which we use to inform you about our current services. The advertised goods and services are named in the consent.
For newsletter registration, we use the so-called double opt-in procedure. This means that after your registration we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you would like the newsletter to be sent. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP addresses and the time of registration and confirmation. This makes it possible for us to prove your registration and, if necessary, to investigate possible misuse of your personal data.
After your confirmation, we will save your data for the purpose of sending you the newsletter (legal basis is Art. 6 Par. 1 S. 1 lit. a of the GDPR).
You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can unsubscribe by clicking on the link provided in each newsletter e-mail.
3.4 Web shop
If you would like to place an order in our web shop, it is necessary that you enter your personal data in order to conclude the contract, which we need for the completion of your order. Information required to conclude the contract is clearly marked. All other information is voluntary. Your data is used to process your order. For this purpose, we can pass on your payment data to our bank or to an online payment service used. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b of the GDPR.
For payments with a German credit card, we use the payment module of BS PAYONE GmbH, Lyoner Straße 9, D-60528 Frankfurt/Main. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b of the GDPR. Your credit card data is collected and processed directly by BS PAYONE and is not stored by us. Further information on data protection at BS PAYONE GmbH is available via the following link: https://www.payone.com/datenschutz/.
For orders from the USA, we use the payment terminal provided by Verosa, Inc, 1499 SE Tech Center Place, Suite 170, Vancouver, WA 98683. The legal basis for this is Art. 6 para. 1 sentence 1 lit. b of the GDPR. For payment processing, we transmit order data, which also contains personal references, to Verosa Inc., which, according to them, stores the data on servers in the USA, Europe or Asia. For more information on data processing and privacy at Verosa Inc., please visit http://www.verosa.com/verosa_docs.cfm.
We may also process the information you provide to inform you of other interesting products in our portfolio or to send you e-mails containing technical information. If you have a customer account, we will evaluate your activity in our online shop and may pass it on to our sales department for information related to our products and for contact purposes (legal basis is Art. 6 Para. 1 lit f of the GDPR).
Your data will be used only as long as made necessary by the existing customer relationship. Irrespective of this, we are obliged by commercial and tax law to store your address, payment and order data for a period of ten years.
As a registered user, you can send your shopping cart to third parties by e-mail. In this case, your e-mail address will be used as the sender address. The processing of your data as well as the recipient's e-mail address is based on our and your legitimate interests in simplifying the ordering of goods for you and the e-mail recipient (Art. 6 para. 1 lit. f of the GDPR). We do not use the data for advertising purposes.
3.5 Career page
Within the scope of our career page, you can apply for speculative or current job offers. We offer you the opportunity to use our application portal for this purpose. You also have the opportunity to register on our application portal. Your data (name, e-mail address, contact details, application documents) will only be processed within the scope of the respective job advertisement (Art. 6 para. 1 lit. b of the GDPR, § 26 BDSG) or within the scope of your consent for use for further job offers (Art. 6 para. 1 lit. a of the GDPR). If you have given us your consent to process your application data, you can revoke it at any time.
Note on sensitive data: We expressly draw your attention to the fact that applications, in particular CVs, certificates and other data you submit to us, may contain particularly sensitive information about mental and physical health, racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in a trade union or political party, or sex life.
The transmitted data will be deleted in the event of rejection or negative outcome of your application within 3 months at the earliest after the end of the application process. This does not apply if legal provisions restrict deletion or if further storage is necessary for evidential purposes, or if you have agreed to longer storage.
4. Disclosure to Third Parties
4.1 In so far as you have provided us with personal data, it will not be passed on to third parties. We only disclose this data:
- if you have given your consent (cf. Section 3.2). When the data is collected, you will be informed of the recipients or categories of recipients.
- in the context of processing your inquiries, orders and the use of our services by commissioned subcontractors and trading partners who only receive the data necessary to carry out the order or inquiry and who use it only for the specified purpose.
- in the context of order data processing in accordance with Art. 28 of the GDPR for external service providers. These service providers have been carefully selected and commissioned by us, are obligated to adhere to our provisions and the provisions of the GDPR and are regularly monitored.
- in order to fulfill legal obligations vis-a-vis authorities entitled to this information.
4.2 Social plug-ins are used on this website. Social plug-ins are web applications that connect this website to selected social networks. However, the social plug-ins are not directly integrated, but must first be clicked on to activate them. Activation is required to establish a connection to the social network, regardless of whether you actually click on the social plug-ins. Through this connection, your IP address and user data of the respective social network can be transmitted. For details on the social plug-ins used, please refer to section 6.
- Transient cookies (see 5.2)
- Persistent cookies (see 5.3)
5.2 Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different browser requests can be assigned to the common session. This will allow your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.
5.3 Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
5.4 You can configure your browser settings according to your preferences and can refuse to accept third party cookies or all cookies. Please note that you may not be able to use all functions of this website.
6. Social Networks
On our website, you will find links to Facebook, Twitter, YouTube, LinkedIn and Xing. These are only links, not social plug-ins. A data transfer is not initiated by these links.
Please refer to sections 2.6 and 2.10 for information on the use of social plug-ins and analysis services provided by Facebook, Inc.
7. Duration of Storage
Your data will only be used for as long as necessary with respect to the existing customer relationship, unless you have given us your consent to the contrary or we have a legitimate interest in further processing. In this case, we process your data until you revoke your consent or until you object to our legitimate interests. Irrespective of this, we are obliged by commercial and tax law to store your address, payment and order data for a period of ten years.
8. Your Rights
8.1 You have the following rights with respect to your personal data:
- Right to information,
- Right to correction or deletion,
- Right to limitation of processing,
- Right to oppose the processing,
- Right to data transferability.
You may object to data processing based on the safeguarding of our legitimate interests pursuant to Art. 6 para. 1 lit. f of the GDPR at any time.
Please send your written request to J. Schmalz GmbH, Johannes-Schmalz-Str. 1, 72293 Glatten, Germany or via e-mail to firstname.lastname@example.org.
8.2 You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
The supervisory authority responsible for the German state of Baden-Württemberg:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (the state data protection commissioner for Baden-Württemberg, Germany)
PO Box 10 29 32, 70025 Stuttgart, Germany
Königstraße 10a, 70173 Stuttgart, Germany
Tel.: 0711/61 55 41 – 0
Fax: 0711/61 55 41 – 15
You can find more supervisory authorities here.