Data Protection Statement
This data protection statement provides you with information on the nature, scope and purpose of the processing of personal data within our online presence and the websites, functions, and content associated with it. With regard to the terms used, please see the definitions in Article 4 of the EU General Data Protection Regulation (GDPR).
A. Controller
The controller within the meaning of data protection laws, particularly the EU General Data Protection Regulation (GDPR), is:
Peter Schröder GmbH
Georg-Ohm-Straße 5
74235 Erlenbach
Germany
Tel.: +49 (0) 71 32 – 99 60-0
Fax: +49 (0) 71 32 – 99 60 60
e-mail: info(at)schroederschrauben.de
B. General information on data processing
1. Definition
“Personal data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Scope of processing of personal data
As a basic principle, we process our users’ personal data only to the extent that this is necessary in order to provide a functional website and provide our content and services. As a general rule, the processing of our users’ personal data takes place only after the user has consented. An exception applies in cases in which it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by provisions of law.
3. Legal basis for the processing of personal data
We process your personal data only for the purposes mentioned in this data protection statement. To the extent that we obtain consent from the data subject for processing operations, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
In the case of processing of personal data that is necessary for the performance of a contract to which the data subject is party, this takes place based on Article 6(1)(b) GDPR. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
The legal basis for the processing of data to fulfill our legal obligations is Article 6(1)(c) GDPR. Article 6(1)(d) GDPR serves as the legal basis in the event that the vital interests of the data subject or another natural person render the processing of personal data necessary.
If the processing of data is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1)(f) GDPR constitutes the legal basis.
4. Erasure of data
The personal data of the data subject are erased and removed as soon as the purpose for which they were stored no longer applies. Data will only be stored beyond that if this has been set down by the European or national legislatures in regulations under Union law or in laws or other regulations to which we are subject. The erasure of the personal data also takes place when a storage time limit stipulated by the abovementioned provisions expires unless there is a need to store the data for longer in order to enter into or perform a contract.
C. Collection of general information when users visit our website
1. Nature and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the computer system/device accessing it (termed “server logfiles”). The following data are collected in this process:
· Information on the browser type and the version used
· The user’s operating system that is used
· The domain name of the user’s Internet service provider
· The user’s IP address
· Date and time of access to our website
· Websites from which the user’s system reaches our website
· Websites that are accessed by the user’s system via our website
The data collected are also stored in our system’s logfiles. They are not stored together with other personal data of the user.
2. Legal basis for the data processing
The legal basis for this temporary storage of the abovementioned data and of the logfiles is Article 6(1)(f) GDPR.
3. Purpose of data processing
The temporary storage of the abovementioned data, particularly the IP address, is necessary in technical terms in order to enable correct delivery of the website to the user’s computer. To achieve this, the user’s IP address must be stored for the duration of the session.
Storage in logfiles takes place in order to ensure the website’s functionality. We also use these data to optimize the website and ensure the security of our IT systems. The data are not analyzed for marketing purposes in this context.
The aforementioned purposes constitute our legitimate interest in data processing pursuant to Article 6(1)(f) GDPR. We do not use the data to draw conclusions about the user personally. The only recipients of the data are the controller and processors, if any.
We may engage in statistical analysis of anonymous information in order to optimize our website and the technology behind it.
4. Duration of data storage
The data collected are deleted as soon as they are no longer necessary for the purpose for which they were collected. Where data are collected in order to provide the website, this is considered to be the case when the respective session is ended.
Data stored in logfiles are deleted after seven days at the latest. Storage beyond that is possible. In this case, the IP addresses of users are erased or anonymized in such a way that it is no longer possible to attribute them to the user accessing the site.
5. Possibility of objecting
Collecting the data to provide the website and storing the data in logfiles are necessary in order to operate the website. There is thus no right to object.
D. Use of cookies
1. Nature and scope of data processing
Our website uses “cookies.” Cookies are small text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses the website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic sequence of characters that enables unique identification of the browser the next time the website is accessed.
a) Cookies necessary for technical reasons
We use cookies to make our website user-friendly. Some elements of our website require that the browser accessing the site be identifiable even after the site is changed.
The following data are stored and transferred in the cookies as part of this process:
· Language settings
· Items in shopping cart
b) Cookies not necessary for technical reasons
We also use cookies that enable analysis of users’ Internet browsing behavior on our website.
The following data are stored and transferred in the cookies as part of this process:
· Frequency of access to sites
The user data collected in this way are pseudonymized through technical precautions within the meaning of Article 4(5) GDPR. As a result, it is no longer possible to attribute the data to the user accessing the site. The data are not stored together with other personal data of users.
When our website is accessed, the user is notified of the use of cookies for analysis purposes and referred to this data protection statement. By clicking the “OK” button, the user consents to the processing of the personal data used in this context.
2. Legal basis for the data processing
The legal basis for the processing of personal data using cookies that are necessary in technical terms is Article 6(1)(f) GDPR.
The legal basis for the processing of personal data using cookies that are not necessary in technical terms for analysis purposes is the user’s consent that is granted by clicking the “OK” button, pursuant to Article 6(1)(a) GDPR.
3. Purpose of data processing
The purpose of the use of cookies that are necessary in technical terms is to simplify the use of websites for users. Some functions of our website, such as the shopping cart, cannot be offered without the use of cookies. For these functions, it is necessary to recognize the browser even after the site is changed.
The user data collected by cookies that are necessary in technical terms are not used to generate user profiles.
Cookies that are not necessary in technical terms are used for analysis purposes in order to improve the quality and content of our website on an ongoing basis. Through these cookies, we learn how the website is used, which allows us to optimize our site and services to the user’s benefit.
The aforementioned purposes constitute our legitimate interest in data processing pursuant to Article 6(1)(f) GDPR.
4. Duration of data storage and possibility of elimination
Cookies are stored on the user’s computer and transmitted by the computer to our website. Therefore, you as the user also have full control over the use of cookies. Internet browsers are typically set up to accept cookies. As a basic principle, the use of cookies can be deactivated or restricted at any time by changing your Internet browser settings. Please use your browser’s help function to learn how you can change these settings.
Cookies that are already stored can be deleted at any time. This can be done automatically. Please note that individual functions of our website may not function if you have deactivated the use of cookies.
E. Contact form and e-mail contact
1. Nature and scope of data processing
Our website contains a contact form that can be used to contact us electronically. If a user uses this feature, the data entered in the entry screen are transferred to us and stored. These data are:
· Company name
· Address
· First and last name of contact person
· Valid e-mail address
The following data are also stored in addition at the time when the contact data are transmitted:
· User’s IP address
· Date and time when the data were sent
Your consent to the processing of the data is obtained during the transmission process, and reference is made to this data protection statement.
Alternatively, you can contact us at the e-mail address provided, info(at)schroederschrauben.de. In this case, the personal data of the user that are transferred with the e-mail are stored.
The data are not shared with third parties in this context. The data are used exclusively to process the conversation.
2. Legal basis for the data processing
The legal basis for the processing of these data is Article 6(1)(a) GDPR, provided that the user has consented.
The legal basis for the processing of the data that are transferred in the course of transmitting an e-mail is Article 6(1)(f) GDPR. If the e-mail contact is aimed at entering into a contract, Article 6(1)(b) GDPR is an additional legal basis for processing.
3. Purpose of data processing
The processing of the personal data from the entry screen serves solely to process the contact that is made. In the event that contact is made by e-mail, this also constitutes the necessary legitimate interest in the data processing.
The other personal data processed during the transmission procedure serve to prevent abuse of the contact form and ensure the security of our IT systems.
4. Duration of data storage
The data are erased as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the entry screen in the contact form and those that have been transferred by e-mail, this is considered to be the case when the relevant conversation with the user is ended. The conversation is considered to be ended if it is apparent from the circumstances that the matter in question has been clarified on a final basis.
The personal data collected on an additional basis during the transmission procedure are deleted after a period of seven days at the latest.
5. Possibility of withdrawing consent / objecting
The user has the possibility of withdrawing consent to the processing of his/her personal data at any time. If the user contacts us by e-mail, he/she can object to the storage of his/her personal data at any time. In such a case, the conversation cannot be continued.
Withdrawal of consent and objections can be declared to the controller in text form via e-mail sent to info(at)schroederschrauben.de.
All personal data that have been stored in the course of making contact are deleted without undue delay in this case.
F. Performance of paid services
In order to perform paid services, we request the following personal data in addition to the data mentioned in Sec. E hereof:
· Bank information
· Credit card information
The legal basis for the processing of these data is Article 6(1)(a) GDPR, provided that the user has consented.
The legal basis for the processing of the data that are transmitted in the course of entering into a contract is also Article 6(1)(b) GDPR.
The provision of the personal data serves to enter into a contract or take initial steps toward a contract. The processing of contracts and performance of orders also constitutes the necessary legitimate interest in data processing.
The data are erased as soon as they are no longer necessary to achieve the purpose for which they were collected and the statutory storage periods have elapsed.
G. Use of Google services
[insert from existing data protection statement]
H. Rights of data subjects
If your personal data are processed, you are a data subject within the meaning of the GDPR, and you have the following rights toward the controller:
1. Right of access
You can obtain information from the controller regarding whether personal data concerning you are being processed by us.
Where this is the case, you can request information from the controller on the following:
· the purposes for which the personal data are processed;
· the categories of personal data that are processed;
· the recipients or categories of recipient to whom the personal data concerning you have been or will be disclosed;
· the envisaged period for which the personal data concerning you will be stored, or, if it is not possible to provide concrete information on this, the criteria used to determine that period;
· the existence of the right to request from the controller rectification or erasure of personal data concerning you or restriction of processing thereof or to object to such processing.
You have the right to obtain information on whether the personal data concerning you are transferred to a third country or an international organization. In this context, you can request to be informed of the appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer of data.
2. Right to rectification
To the extent that the personal data concerning you that are being processed are incorrect or incomplete, you have a right to obtain from the controller the rectification and/or completion thereof. The controller must perform the rectification without undue delay.
3. Right to restriction of processing
You have the right to obtain from the controller restriction of processing of the personal data concerning you where one of the following applies:
· you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
· the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
· the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; or
· you have objected to processing pursuant to Article 21(1) GDPR pending the verification of whether the legitimate grounds of the controller override your own.
Where the processing of the personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
If you have obtained restriction of processing under the conditions detailed above, you will be informed by the controller before the restriction of processing is lifted.
4. Right to erasure
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay, and the controller is obligated to erase these data without undue delay where one of the following grounds applies:
· The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
· You withdraw consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.
· You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
· The personal data concerning you have been unlawfully processed.
· The personal data concerning you have to be erased for compliance with a legal obligation in European Union or Member State law to which the controller is subject.
· The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
5. Right of information
If you have asserted a right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obligated to notify all recipients to which the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing thereof unless this proves impossible or would involve a disproportionate effort.
You have the right vis-à-vis the controller to be informed of these recipients.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
· the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
· the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.
The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR including profiling based on those provisions.
The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Where the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
8. Right to withdraw the declaration of consent under data protection law
You have the right to withdraw your consent under data protection law at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. The competent supervisory authorities within the Federal Republic of Germany are the data protection officers or commissioners of the respective states.
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.
I. SSL encryption
J. Amendments to this data protection statement
