Man and woman are discussing in an office with people sitting on a desk

Privacy

Data Protection Statement

Protecting your data is our concern

We are pleased that you are interested in our company, our products, and our services, and want you to feel secure when visiting our website and when it comes to the protection of your personal data. Because we take this matter very seriously. Compliance with the provisions of the General Data Protection Regulation (GDPR) and the new Federal Data Protection Act (BDSG) is a matter of course for us.

We want you to know when we collect data about you, which data we collect, and how we use them. We have put in place technical and organizational measures to ensure that the regulations regarding data protection are fulfilled by us, as well as by any external service providers commissioned by us.

Personal data

Personal data are information about your identity, including your name, address, telephone number, and e-mail address. This information is always processed in accordance with the requirements of the General Data Protection Regulation and with other regulations under data protection law applicable to our company.

In principle, there is no requirement for you to disclose your personal data when using our website. However, there are some cases where we need to process your personal data to enable us to provide you with the services you require.

The same applies, for example, if we need to send you information material or goods you have ordered or if we need to answer your specific questions. Where this is necessary, we advise you accordingly.

If there is no legal basis for processing these personal data, we request your consent to do so.

Furthermore, we only store and process data that you have provided to us voluntarily and, where applicable, data that we collect automatically when you visit our website (e.g., your IP address and the name of the pages accessed, the browser you used and your operating system, the date and time of access, search engines used, and names of downloaded files).

If you use our services, we only usually collect the data that we require to provide you with those services. If we ask you for other data, this information is optional. Personal data are only processed to provide the services requested and to protect our own legitimate interests.

The following categories of personal data may be collected when you visit our website or through other processing described in this privacy policy:

  • Master data (names, addresses, etc.)

  • Other personal data provided by you (personal interests, etc.)

  • Contract data (customer number, contract number, etc.)

  • Content data (texts, photos, videos, etc.)

  • Contact details (e-mail, phone numbers, etc.)

  • Metadata (IP addresses, device information, etc.)

  • Usage data (visited contents, access times, etc.)

Affected persons are users/interested parties of our offers.

Name and address of the body responsible for processing

Within the context of the General Data Protection Regulation, other data protection legislation applicable in EU Member States, and other data protection provisions, the responsible body is:

SSI SCHÄFER FRITZ SCHÄFER GMBH

Fritz-Schäfer-Straße 20

57290 Neunkirchen/Siegerland, Germany

Tel. +49 2735 70-1

Fax: +49 2735 70-396

E-mail: datenschutzbeauftragter@ssi-schaefer.com

Website: www.ssi-schaefer.com (http://www.ssi-schaefer.com)

Data Protection Officer contact details

The contact details for our Data Protection Officer are as follows:

Herr Christian Volkmer

Projekt 29 GmbH & Co. KG

Ostengasse 14

93047 Regensburg

Tel. 0941-2986930

Fax 0941-29869316

Mail: anfragen@projekt29.de

Web www.projekt29.de

Our Data Protection Officer is available at all times for any questions or concerns you may have regarding data protection.

Intended use of personal data

We use the personal data provided by you to answer your questions, process your orders, or to provide you with access to certain information or services. When it comes to maintaining customer relationships, it may also be necessary for us, or a service provider commissioned by us, to use these personal data to provide you with information about product offers or to conduct online surveys to better satisfy our customers' questions and requirements. The legal basis for these types of processing is Article 6 para 1b, f) GDPR.

Naturally, we respect your wish not to provide us with your personal data in matters that are not related to supporting our customer relationship (particularly for direct marketing or market research purposes). We shall not sell or otherwise distribute your personal data to third parties.

Specific use

We shall only collect, process, and use the personal data you provide us with for the purposes communicated to you. We shall not forward your personal data to third parties without your express consent to do so.

The collection of personal data and their transmission to state institutions or authorities entitled to receive such information shall only take place to the extent required by law and/or if we are obliged to do so as a result of a court ruling. Our employees and those of service providers commissioned by us are obliged to comply with a duty of confidentiality to us and to abide by the provisions of the General Data Protection Regulation.

Data that are automatically captured when visiting our websites:

When using our websites, the following data are stored for organizational and technical reasons: The name of the pages accessed by you, the browser you used and your operating system, the date and time of access, search engines used, names of downloaded files, and your IP address.

The information captured is required in order to provide you with valid content on our website. Furthermore, these technical data are analysed anonymously and purely for statistical purposes, to continuously optimize our website and to enable us to enhance the design of our website, and to provide the necessary information to the law enforcement authorities for criminal prosecution in the event of a cyber-attack. These data are stored separately from other personal information on secure systems. Individual people are not identified.

Legal grounds for processing

If you have given your consent for your personal data to be processed for a specific purpose, processing is completed based on Article 6, para. 1 a GDPR. If such processing is necessary to fulfil or initiate a contract with you, processing is based on Article 6, para. 1 b GDPR. In some cases, e.g. for the fulfilment of tax obligations, we may be subject to a legal obligation to process personal data. The legal grounds in such cases are stated in Article 6, para. 1 c GDPR. In rare cases, data may also be processed to protect the vital interests of you or another individual. In this exceptional case, processing is based on Article 6. para. 1 d GDPR. Finally, processing may also be based on Article 6, Para. 1 f GDPR. This is the case if processing is for the purpose of safeguarding a legitimate interest for our company or a third party, as long as these interests are not outweighed by your interests, civil rights, and fundamental freedoms. Such a legitimate interest may be assumed if you are a customer of ours. If the processing of personal data is based on Article 6, para. 1 f GDPR, our legitimate interest is the execution of our daily business.

Data that is automatically collected when you visit our website

When using our Internet pages, the following data is stored for organizational and technical reasons: The names of the pages you access, the browser you use and your operating system, date and time of access, search engines used, names of downloaded files and their IP address.

The information collected is required to correctly deliver the contents of our website. In addition, we evaluate this technical data anonymously and for statistical purposes only in order to be able to continuously optimize our Internet presence and make our Internet offerings even more attractive, and to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack. This data is stored separately from other personal information on secured systems. No conclusions are drawn about individual persons. The processing is carried out based on our legitimate interest in an efficient and secure provision of our website, in accordance with Article 6 para. 1 f, Article 28 GDPR.

               

Contact opportunities

Due to statutory obligations, our website contains information to enable you to make electronic contact with us quickly and communicate with us directly. This information includes an e-mail address and, where necessary, a contact form. The processing of the user's data is carried out in accordance with Article 6 para. 1 b GDPR.

If you contact us via e-mail or a contact form, the personal data you provide us with are stored automatically. These data, that you have voluntarily communicated to us, are used for the purpose of dealing with your request or making any relevant contact. No data will be forwarded to third parties.

Deletion and restriction of personal data

We only process the personal data of the individuals concerned in accordance with Articles 17 und 18 GDPR for as long as it is necessary to achieve the underlying purpose or for as long as was intended by statutory obligations governing our organization. In accordance with the legal regulations, personal data will be deleted if they are no longer required or upon expiry of the legally prescribed term, unless we are bound by law to retain these data, e.g. due to commercial or tax regulations of the AO or the HGB (German Commercial Code). In these cases, data is restricted.

Automated decision-making

As a responsible organization, we do not engage in automated decision-making or profiling.

Retention period

Personal data are deleted after expiry of the statutory retention period, as long as they are no longer required for the purposes of contract fulfilment or initiation.

Provision of personal data

To some extent, the provision of personal data is stipulated by law or by contract. For this reason, you may need to provide us with personal data for subsequent processing in order for us to conclude a contract with you, for example. An example is when concluding a contract, you are obliged to provide personal data. Non-provision of these data would mean that it would not be possible to conclude the contract.

Before providing us with your personal data, you may consult our Data Protection Officer. They will explain whether the provision of personal data in your particular case is stipulated by law or by contract and what the consequences would be if these data were not provided.

Security

As an organization responsible for processing personal data, we have taken technical and organizational security measures to protect your personal data from loss, deletion, manipulation, and unauthorized access in accordance with Article 32 GDPR. This includes in particular measures to ensure the confidentiality, integrity and availability of data. Furthermore, we have set up processes that guarantee the protection of rights of data subjects, the deletion of personal data and an immediate reaction to the endangerment of such data. Furthermore, we ensure the protection of personal data already during the development and selection of hardware and software in accordance with the principles of Article 25 GDPR. All our employees and persons involved in data processing are obliged to comply with the General Data Protection Regulation and other laws relevant to data protection as well as to handle personal data confidentially.

Where personal data are collected and processed, information is encrypted before being transmitted to avoid any misuse of data by third parties. Our security measures are continuously reviewed in line with technological developments. Nevertheless, the security of Internet-based data transmission is essentially vulnerable, such that absolute protection cannot be guaranteed.

Amendment of our data protection provisions

We reserve the right to amend our security and data protection measures, where this is necessary because technical developments. In these cases, we shall also amend our data protection information accordingly. Therefore, please refer to the current version of our data protection statement.

Links

If you use external links made available on any of our websites, this data protection statement does not extend to these links. In providing any links, we ensure that, at the time of creating the link, there was no apparent breach of applicable law on the linked website. However, we have no influence on other service providers' compliance with data privacy and security regulations. Therefore, please refer to the other service providers' websites and their own data protection statements.

Cookies

If you visit one of our websites, we may store information on your computer in the form of a cookie. Cookies are small text files sent by a web server to your browser and stored on your computer's hard drive.

Other than storing your Internet protocol (IP) address, cookies do not store any other form of a user's personal data. This information is used to automatically recognize you when you visit our website again and to facilitate your website navigation. For example, cookies enable us to modify a website in line with your interests or to save your password, so that you do not have to enter it every time you visit the website.

Naturally, you can also view our websites without cookies. If you do not want us to be able to recognize your computer, you can decline the storage of cookies on your hard drive by selecting the "Do not accept cookies" option in your browser settings. You can also delete cookies already on your computer via your browser. To find out how to do this, please refer to your browser provider's support information. If you do not accept any cookies, this may result in limiting some of our service functionality.

Children and adolescents (minors)

Persons under the age of 18 should not communicate any personal data to us without the agreement of a parent or guardian. We do not request any personal data from children and adolescents, nor do we collect such data or forward these to third parties.

Newsletter

Your data entered during the newsletter registration will remain stored until you unsubscribe from our newsletter. You can unsubscribe at any time via the link provided in the newsletter or by sending us a corresponding message. By unsubscribing you object to the use of your e-mail address. Your e-mail address, your last name and other data transmitted in connection with the newsletter registration will then be deleted immediately.

The processing is carried out based on the consent of the respective recipient in accordance with Article 6 para. 1 a), Article 7 GDPR in combination with § 7 para. 2 No. 3 UWG or § 7 para. 3 UWG. Proof of the user's registration for our newsletter is provided based on our legitimate interest pursuant to Article 6 para. 1 letter f) GDPR, as this enables us to provide proof of consents. The e-mail address necessarily provided by the user will be stored for this purpose until the user withdraws his consent to receive the newsletter.

Candidatures

You can send us your data, if available on our online offer, via contact form. This is done by means of a state-of-the-art encryption process. If you send us your applicant data via e-mail, please note that e-mails are not sent in encrypted form and that you as an applicant must ensure that they are encrypted yourself. For this reason, we cannot accept any responsibility for the transmission of your data in this way and therefore recommend that you use the postal way, since in addition to sending the documents by e-mail or, if applicable, using the online form, it is still possible to send us documents in this way.

If the application to one of our job offers is not successful, your data will be deleted after six months, unless you have given us a justified revocation before the end of this period or have given us your consent to the data being stored for a period beyond this. This is necessary in order to be able to fulfil our obligations under the General Equal Treatment Act if necessary. If you have submitted invoices for travel reimbursement to us, these will be stored in accordance with the statutory provisions and deleted after expiry of statutory storage periods.

We will process your data provided exclusively for the purpose of handling the application procedure. This is done based on Article 6 para. 1 b) GDPR, or, if processing in legal proceedings becomes necessary, on the basis of Article 6 para. 1 f) GDPR and § 26 GDPR. If you also voluntarily provide us with special personal data, such as health data, we process this data based on Article 9 para. 2 a) GDPR. If this is necessary for the intended professional practice, we request special categories of personal data based on Article 9 para. 2 b) GDPR.

Data protection declaration for the use of products of the Salesforce Germany GmbH

We use the CRM module of Salesforce.com, represented in Germany, for customer service and to improve the user experience: Salesforce.com Germany GmbH, Erika-Mann-Str. 63, 80636 Munich, Germany. The address of the US parent company is: The Landmark @ One Market Street, Suite 300, San Francisco, CA 94105, USA.

Users' personal information is used by Salesforce to process requests and is not shared with third parties. It may be necessary to process the following data when processing the request, e.g. e-mail-address, name, address. When you contact us using the contact form on our website, the data collected there is stored in Salesforce.

If users do not want Salesforce to process their personal data, we offer alternative communication options (mail, e-mail, telephone, fax).

The legal basis for processing is our legitimate interest in an efficient processing of user enquiries pursuant to Article 6 para. 1 f) GDPR.

Salesforce's privacy policy applies and can be found at the following URL:
https://www.salesforce.com/company/privacy/

Salesforce.com, Inc. itself is certified according to the EU US Privacy-Shield (https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active) and thereby guarantees compliance with the requirements of European data protection law.

Passing on to logistic service providers

For the dispatch of your order we pass on your address data and if necessary your e-mail address and telephone number to the logistics company commissioned with the delivery for appointment coordination. Your data will be passed on for contract execution based on the Article 6 para. 1 b) GDPR.

Passing on to direct shipper/manufacturer

Some products are delivered directly from the manufacturer to you. In this case we will pass on your address data to the manufacturer for delivery of your ordered goods. Your data will be passed on for contract execution based on the Article 6 para. 1 b) GDPR.

Credit assessment

In order to be able to provide you with advance payments (payment on account, payment by instalments, etc.), we must ensure that this type of payment processing is not abused and that consumers are protected from economic overload. Our company is therefore connected to the creditworthiness warning system of the credit agency (SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden; Verband der Vereine Creditreform e.V., Hellersbergstraße 12, 41460 Neuss; CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 München; Bundesanzeiger Verlag GmbH, Amsterdamer Straße 192, 50735 Köln) to protect against payment defaults based on insolvency, abuses due to unwillingness to pay and misuse by third parties.

Social-Networks

On the basis of our legitimate interests pursuant to Article 6 para. 1 f) GDPR in communication and information of users and interested parties of our services, we maintain various presences in social networks. If the providers of the respective platform obtain the users' consent to the processing of personal data, this is done based on the Article 6 para. 1 a), Article 7 GDPR.

It is not excluded that personal data of users outside the European Union or the European Economic Area may be processed. This can make it difficult for those affected to enforce their services. Some social media platform providers are certified according to the EU US Privacy-Shield, which obliges them to comply with European data protection standards.

Personal user data is processed regularly for market research and advertising purposes. Based on the user data, profiles are created that make it possible, for example, to display advertising that corresponds to the presumed interests of the respective user. This is done regularly by placing cookies on the device used by the user.

Requests for information and the assertion of your rights should be made directly to the respective providers listed below, as only they have access to personal data of the users and can take appropriate measures and provide information.

Should you nevertheless need help in exercising your rights, you can also contact us.

We can maintain a presence on the following social media presences:

  • Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Facebook), Data policy https://www.facebook.com/about/privacy/, Opt-Out-possibilities https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen or http://www.youronlinechoices.com/, EU US Privacy - Shield https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active

  • Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (Twitter), Data policy https://twitter.com/de/privacy, Opt-Out-possibilities https://twitter.com/personalization, EU US Privacy-Shield https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active

  • Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (Googl or Youtube), Data policy https://policies.google.com/privacy, Opt-Out-possibilities https://adssettings.google.com/authenticated, EU US Privacy-Shield https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

  • LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland (LinkedIn) - Data policy https://www.linkedin.com/legal/privacy-policy, Opt-Out-possibilities https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, EU US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

  • XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany (Xing) - Data policy and Opt-Out-possibilities https://privacy.xing.com/de/datenschutzerklaerung

Google Analytics

This website uses Google Analytics; a web analysis service provided by Google Inc. ("Google"). Usage includes the Universal Analytics mode, which makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyse a user's activities across devices.

Google Analytics uses so-called cookies. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website is usually transferred to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. We would like to point out that on this website Google Analytics has been extended to include IP anonymization in order to ensure anonymous collection of IP addresses (so-called IP masking). The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. Further information on terms of use and data protection can be found at https://www.google.com/analytics/terms/gb.html or at https://policies.google.com/?hl=en-GB

On our behalf, Google will use this information to evaluate your use of the website, compile reports on website activity and provide other services to us, the website operator, in connection with website use and internet usage.

Processing is carried out in accordance with Article 6 para. 1 sentence 1 a) GDPR based on your consent.

The recipient of the processed data is Google.

Personal data will be transferred to the USA under the EU-US Privacy Shield based on the European Commission's adequacy decision. You can retrieve the certificate at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

The data sent by us and linked with cookies, user IDs (e.g. user ID) or advertising IDs are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

You can revoke your consent at any time with effect for the future by preventing the storage of cookies by a corresponding setting of your browser software; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en-GB.

You may also use opt-out cookies to prevent future collection of your data when you visit this website. To prevent Universal Analytics from collecting data across different devices, you must opt-out on all systems used.

If you click here, the opt-out cookie will be set:

http://tools.google.com/dlpage/gaoptout?hl=en 

Rights of people concerned

a. Right of access

You may in accordance with Article 15 GDPR, at any time, have free-of-charge access to and copies of personal data processed and stored by us.

This right of access includes information about the purpose of processing, categories of personal data processed, recipients or categories of recipients to whom personal data have been or are to be disclosed, the intended period for which personal data will be stored (as far as this is possible), or where this is not possible, the criteria for defining this period, the existence of the right to amendment or deletion of personal data relating to you or to restriction of processing by others or an objection to this processing, the existence of a right of appeal to a regulatory authority and, if the data were not collected from you, all available information regarding the origin of the data and the existence of any automated decision-making, including profiling, in accordance with Article 22, Para. 1 and 4 and - at least in these cases - compelling information regarding the logic involved and the intended effects of such processing.

You also have the right to request information regarding whether your personal data have been communicated to a third country or an international organization and what appropriate safeguards exist regarding this communication.

b. Right of rectification

You also have the right to request immediate rectification of any incorrect personal data concerning you. Furthermore, you have the right to request completion of any incomplete personal data, having regard to the purpose of processing.

c. Right of deletion

You also have the right in accordance with Article 17 GDPR to request the immediate deletion of data concerning you, stored by us, in the event of one of the following conditions existing: The personal data have been collected for purposes or processed in some other way for which they are no longer required; you revoke your consent, on which processing relies, in accordance with Article 6, para. 1 a GDPR or Article 9, para. 2 GDPR, and there are no other legal grounds for processing; you file an objection against processing in accordance with Article 21, para. 1 GDPR and there are no overriding legitimate reasons for processing, or you file an objection against processing in accordance with Article 21, para. 2 GDPR; the personal data have been processed unlawfully; deletion of the personal data is required to satisfy a legal obligation in accordance with European Union law or the right of Member States, to which we are subject; the personal data were collected with respect to services offered by the information society in accordance with Article 8, para. 1.

If we have made personal data public and we are obliged to delete these in accordance with Article 17, para. 1 GDPR, we shall take the appropriate measures to inform other responsible parties who process the disclosed personal data that you have requested the deletion of all links to these personal data, as well as any copies or replications.

d. Right of processing restriction

You have the right in accordance with Article 18 GDPR  to request that the processing of your personal data be restricted in the event of one of the following conditions existing: The accuracy of personal data is contested by you and indeed for a period that enables us to check the accuracy of the personal data; processing is unlawful and you refuse the deletion of personal data, instead requesting that use of these personal data be restricted; we no longer require personal data for the purpose of processing, however you require them for assertion, exercise, or defence of legal claims, or you have filed an objection against processing in accordance with Article 21, para. 1, as long as it remains to be determined whether the legitimate reasons put forward by our company prevail over yours.

e. Right of data portability

You may in accordance with Article 20 GDPR, at any time, request that any data concerning you, that you have provided to us, be published in a common and machine-readable format. Furthermore, you have the right to communicate these data to another responsible person without any obstruction by us, if processing is based on consent in accordance with Article 6, Para. 1 a GDPR or Article 9, Para. 2 a GDPR or on a contract in accordance with Article 6, Para. 1 b and processing is completed by means of an automatic procedure, if processing is not required for administering a task assigned to us, which is completed in the public interest or in exercising official authority.

You may also request that we send personal data stored by us on your instruction to another responsible party, as long as this is technically feasible and that, in so doing, it does not compromise the rights or liberties of other persons.

f. Right to object

You have the right in accordance with Article 20 GDPR, for reasons arising from your particular situation, to file an objection to the processing of personal data relating to you, where processing is in accordance with Article 6, para. 1 e or f GDPR. This also applies to any profiling based on these provisions.

In the event of an objection, we shall cease to process any personal data, unless we can prove legitimate grounds for processing that predominates over your interests, rights, and liberties, or where processing supports the enforcement, exercise, or defence of legal claims.

If we process your personal data to engage in direct advertising, you have the right to file an objection at any time to the processing of personal data relating to you for the purposes of this type of publicity; this also applies to profiling, insofar as it is associated with this type of direct publicity. If you object to our processing your personal data for the purposes of direct advertising, we shall cease to process your personal data for these purposes.

You have the right, for reasons arising from your specific situation, to file an objection against your personal data being processed for the purposes of research, or historical research or statistics, in accordance with Article 89, para. 1 GDPR, unless such processing is necessary to fulfil a purpose that is in the public interest.

In connection with the use of the information society's services and notwithstanding the Regulation (EC) No. 2002/58, you are free to exercise your right of objection by means of an automatic procedure, in which technical specifications are used.

g. Right of revocation

You may, at any time, withdraw any consent granted for the processing of your personal data in future in accordance with Article 7 para. 3 GDPR.

h. Right of confirmation

You have the right to request confirmation regarding whether personal data relating to you are processed.

To exercise any of the aforementioned rights, please contact our Data Protection Officer directly at datenschutzbeauftragter@ssi-schaefer.com or +49 2735 70-619 or contact any of our other employees.

i. Right of appeal

Furthermore, you have the right to complain to a supervisory authority pursuant to Article 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at our company headquarters.