Data Protection Statement
The protection of your data is our concern
We appreciate your interest in our company and our products and services and would like you to feel secure when visiting our website with regard to the protection of your personal data. Because we take the protection of your personal data very seriously. Compliance with the provisions of the General Data Protection Regulation and the new BDSG (Federal Data Protection Act) goes without saying for us.
We want you to know when we collect data and how the information will be used. We have taken technical and organisational measures to ensure that data protection regulations are respected by both us and our external service providers.
Personal information is information about your identity. These include e.g. information such as name, address, telephone number, e-mail address. This information is always processed in accordance with General Data Protection Regulation requirements and other data protection regulations applicable to our company.
For use of our website, it is generally not necessary for you to disclose personal data. In certain cases, however, the processing of personal data may be necessary, for example to provide you with particular services you may require.
The same applies for example to sending information material and ordered goods or answering individual questions. We will inform you accordingly when necessary.
If there is no legal basis for the processing of this personal data, we will obtain your consent.
In addition, we only store and process data that you voluntarily provide to us and, if necessary, data that we collect automatically when you visit our internet pages (e.g. your IP address and the name of the pages you have accessed, the browser you use and your operating system, date and time of access, search engines used, names of downloaded files).
If you make use of our services, generally only such data will be collected for the purpose of providing the services. If we ask you for more detailed data, the information in question is voluntary. The processing of personal data takes place exclusively for the fullfilment of the requested service and, if necessary, for the protection of one's legitimate business interests.
- Master data (names, addresses, etc.)
- Other personal data provided by you (personal interests, etc.)
- Contract data (customer number, contract number, etc.)
- Content data (texts, photos, videos, etc.)
- Contact details (e-mail, phone numbers, etc.)
- Meta data (IP addresses, device information, etc.)
- Usage data (visited content, access times, etc.)
- Concerned persons are thereby users/prospective customers of our offers.
Name and address of the responsible person
The person responsible within the scope of the General Data Protection Regulation, other data protection laws in the EU Member States and other data protection provisions is:
Fritz SCHÄFER GmbH & Co KG
Fritz SCHÄFER Str. 20
Data Protection Officer contact details
Our data protection officer’s contact details are:
Herr Christian Volkmer
Projekt 29 GmbH & Co. KG
Our data protection officer is always available for any questions and suggestions on data protection.
Reason for personal data
We use the personal information you provide to respond to your requests, to process your orders, or to give you access to specific information or offers. Customer Relationship Management may also require that we or a service provider contracted by us use this personal information to inform you about product offerings or conduct online surveys to better serve our customers' needs and requirements. Legal basis for these types of processing. Art. 6 para. 1 lit. b, f) GDPR.
Of course, we respect if you do not want to give us your personal data to support our customer relationship (especially for direct marketing or for market research purposes). We will not sell or otherwise market your personal information to third parties.
We will collect, process and use the personal data you provide online only for the purposes indicated. Your personal data will not be transferred to third parties without your explicit consent.
The collection of personal data and the transmission of such data to state institutions and authorities that are entitled
to receive such information shall only be carried out within the scope of the relevant laws or if we are obliged due to a judicial ruling. Our employees and the service companies commissioned by us are obliged to maintain confidentiality and to comply with the provisions of the General Data Protection Regulation.
Legal basis for processing
If you have given us consent to process your personal data for a specific purpose, the processing is performed on the basis of Art. 6 para. 1 a GDPR. If such processing is necessary in order to fulfil or initiate a contract with you, the processing is based on Art. 6 para. 1 b GDPR. In some cases, e.g. in order to fulfil tax obligations, for example, we may be subject to a legal obligation to process personal data. In such cases, the legal basis for this is Article 6 para. 1 c GDPR. In rare cases, processing may also be done to protect your vital interests or another natural person. In this exceptional case, processing will take place on the basis of Art. 6 para. 1 d GDPR. Lastly, processing operations may also be based on Art. 6 para. 1 f GDPR. This is the case if processing takes place in order to safeguard a legitimate interest for our company or a third party, provided your interests, fundamental rights and fundamental freedoms do not predominate. Such a legitimate interest can already be accepted if you are our customer. If the processing of personal data is based on Article 6 para. 1 f GDPR, our legitimate interest is the performance of our business activities
Data that is automatically collected when you visit our website
When using our website, the following information will be stored for organisational and technical reasons: the names of the pages you accessed, the browser you used and your operating system, the date and time of access, search engines used, the names of files downloaded and your IP address.
The information collected is required to deliver the contents of our website correctly. In addition, we evaluate this technical data anonymously and only for statistical purposes in order to be able to continually improve our website and make our internet services more attractive, and to provide law enforcement authorities with the information required for prosecution in the event of a cyber attack. This data is stored separately from other personal information on secure systems. It cannot be used to infer the identity of individuals. Processing is done based on our legitimate interest in efficient, secure provision of our website pursuant to Art. 6 (1) f within the meaning of Art. 28 of the GDPR.
Due to statutory regulations, our website contains information that makes quick electronic contact and direct communication with us possible. This includes the indication of an e-mail address and, where applicable, a contact form. Processing of the user’s information in this respect is done pursuant to Art. 6 (1) b of the GDPR.
If you contact us by e-mail or by using a contact form, the personal information transmitted by you will be stored automatically. The information voluntarily transmitted by you to us will be stored for the purposes of processing your request or for contacting you accordingly, and then deleted immediately. It will not be shared with third parties.
Erasure and restriction of processing of personal data
We process the personal data of data subjects in accordance with Art. 17 and 18 of the GDPR, only insofar as it is necessary to achieve the underlying purpose or where provided for under legal obligations to which our company is subject. If the purpose of data storage no longer applies or if a legal retention period is designated, e.g. due to specifications of the revenue code or the commercial code under commercial or tax law, personal data will be erased according to statutory regulations unless we are legally obliged to continue storing this data. In such cases, the processing of personal data will be restricted.
As a responsible company, we refrain from automated-decision making and profiling.
Personal data will be erased after the statutory retention period has expired if it is no longer required for contractual fulfilment or initiation.
Provision of personal data
Provision of personal data is required by law or by the contract in some cases. For this reason, it may be necessary for you to provide us with personal information that must be processed by us, such as when concluding a contract. For example, you will be required to provide personal information for the formation of a contract. Failure to do so may have the result that the contract cannot be concluded.
You may contact our data protection officers before providing personal data. They will clarify whether the provision of personal data is required by law or by the contract in a given case and what the consequences of failure to provide this data would be.
As the data controller responsible for processing, we have taken technical and organisational security measures pursuant to Art. 32 of the GDPR. This includes in particular measures to ensure the confidentiality, integrity and availability of the data. Furthermore, we have established processes to guarantee that the rights of the data subject, erasure of personal data and immediate response to threats to such data are ensured. We also ensure the protection of personal data as early as the development and selection of hardware and software in accordance with the principles of Art. 25 of the GDPR. All of our employees and persons involved in data processing are bound to compliance with the General Data Protection Regulation and other laws related to data protection as well as the confidential handling of personal data.
If personal data is collected and processed, the information will be transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures will be updated continuously according to the development of technology.
However, internet-based data transfers may have holes in security generally, so absolute protection cannot be guaranteed.
If you use external links that are provided on our website, these are not covered by this data privacy statement. If we provide links, we will ensure that no violations of applicable law can be found on the linked websites at the time the link is established. However, we have no influence on the compliance of other providers with the regulations of data protection and security. Therefore we ask that you read the data privacy statements of other providers on their websites.
When you visit one of our websites, it may be that we store information in the form of a cookie on your computer. Cookies are small text files sent from a web server to your browser and stored on your computer's hard drive.
Besides the internet protocol address, no personal data from the user are stored. This information is intended to automatically recognise you on your next visit to our websites and to make navigation easier for you. Cookies allow us, for example, to customise a website according to your interests or to store your password so that you do not have to re-enter it every time.
Of course, you can also view our websites without cookies. If you do not want us to recognize your computer, you can prevent cookies from being stored on your hard drive by selecting “Do not accept cookies” in your browser settings. Even cookies that have already been set can be deleted via your browser. Please find the details on how to do this in the instructions from your browser's manufacturer. If you do not accept cookies, this may lead to functional restrictions of our offers.
Children and adolescents
Persons under the age of 16 should not submit any personal data to us without the consent of their parents or guardians. We do not solicit personal information from children and adolescents, do not collect them and do not share them with third parties.
Your data entered in the newsletter registration will remain with us until you unsubscribe from our newsletter. Unsubscribing is possible at any time by using the link provided in the newsletter or a corresponding message to us. With the unsubscription you object to the use of your e-mail address. Your e-mail address, your last name as well as other data transmitted in connection with the newsletter registration will be deleted immediately.
The processing takes place on the basis of a consent by the respective recipient in accordance with Art. 6 para. (1) (a), Art. 7 GDPR i. V. m. § 7 para. 2 No. 3 UWG or § 7 para. 3 UWG. The proof of the user's registration for our newsletter is based on our legitimate interest in accordance with. Art. 6 para. 1 lit. f) GDPR, as this allows us to prove consent. The e-mail address, which must absolutely be specified by the user, is stored for this purpose until the user revokes their consent to receive the newsletter.
E-commerce customer account
We set up a password protected direct access to their stored stock data (customer account) for each customer who registers accordingly. Here you can view data about your completed, open and recently sent orders and manage their address details, bank details and newsletter. You agree to treat the personal access data as confidential and to not make it accessible to unauthorised third parties. We cannot accept liability for misused passwords unless we are responsible for the misuse.
With the function “remain logged in” we would like to make your visit of our web pages as pleasant as possible. This feature allows you to use our services without having to log in again each time. For security reasons, however, you will be asked again to enter your password, for example, if you want to change your personal information or if you want to place an order. We recommend that you do not use this feature if the computer is shared by multiple users. Please note that if you use a setting that automatically deletes stored cookies after each session, the “remain logged in” feature will not be available.
You can send us your data via contact form, as long as it is still available on our online offer. This is done by means of a state of the art appropriate encryption method. If you send us your application data via e-mail, please note that e-mails are not sent in encrypted form and that you as the applicant must provide encryption yourself. For this reason we can take no responsibility for the transmission of your data in this way and recommend for this reason postal delivery, because apart from transmitting your documents by e-mail or if necessary through an online form, you still have the possibility to send documents via postal delivery.
If the application for one of our job offers is unsuccessful, your data will be deleted after six months, unless you have declared a legitimate revocation prior to expiration of this period or have given us consent to store your data for a longer period. This is necessary in order to be able to fulfil our obligations under the General Equal Treatment Act if necessary. If you have submitted invoices for reimbursement of travel costs with us, these will be stored in accordance with the statutory provisions and will be deleted after the expiry of the statutory periods of storage.
We will process your data for the sole purpose of processing for the application process. This is done on the basis of Art. 6 para. 1 lit. b) GDPR, or if processing in legal proceedings becomes necessary, based on Art. 6 para. 1 lit. f) GDPR and § 26 BDSG (Federal Data Protection Act). Should you also provide us with special personal data, such as: e.g. when submitting health data voluntarily, we process this data on the basis of Art. 9 para. 2 lit. a) GDPR. If this is necessary for the intended profession, we require special categories of personal data on the basis of Art. 9 para. 2 lit. b) GDPR.
Use of products from Salesforce Germany GmbH
For customer service and to improve the user experience, we use the CRM module of Salesforce.com, represented in Germany by: Salesforce.com Germany GmbH, Erika-Mann-Str. 63, 80636 Munich, Germany. The address of the US parent company is: The Landmark @ One Market Street, Suite 300, San Francisco, CA 94105, United States.
Users' personal information will be used by Salesforce to process the requests and will not be shared with third parties. It may be necessary for the processing of the request, that the following data will be processed, e.g. e-mail address, name, address. If you contact us via the contact form on our website, the data collected there will be stored in Salesforce.
If users do not wish Salesforce to process their personal data, we offer alternative communication options for inquiries (post, e-mail, telephone, fax).
Legal basis for processing are our legitimate interests in an efficient processing of user requests in accordance with Art. 6 para. 1 lit. f) GDPR.
Salesforce.com, Inc. itself is certified under the EU US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000KzLyAAK&status=Active), thereby ensuring compliance with the requirements of European Data Protection Law.
Transfer to logistics service providers
For the dispatch of your order, we will forward your address data and, if applicable, your e-mail address and telephone number for an appointment to the logistics company commissioned with the delivery. The transfer of your data occurs for the execution of the contract on the basis of Art. 6 para. 1 lit. b) GDPR.
Transfer to reseller/manufacturer
Some products are shipped directly from the manufacturer to you. In this case, we will pass on your address data to the manufacturer for the delivery of your ordered goods. The transfer of your data occurs for the execution of the contract on the basis of Art. 6 para. 1 lit. b) GDPR.
In order to be able to provide you with advance payments (payment on account, instalments, etc.), we must ensure that this type of payment transaction does not lead to misuse and protects consumers from economic overload. Our company is therefore affiliated with the credit reporting system of the credit bureau for protection against insolvency-based defaults, abuses due to unwillingness to pay as well as improper use by third parties (SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Association of Clubs Creditreform eV, Hellersbergstraße 12, 41460 Neuss; CRIF Bürgel GmbH, Radlkoferstraße 2, 81373 Munich; Bundesanzeiger Verlag GmbH, Amsterdamer Strasse 192, 50735 Cologne).
Due to our legitimate interests in accordance with Art. 6 para. 1 lit. f) GDPR to communicate and inform the users and interested parties of our services, we maintain various presences on social networks. To the extent that the providers of the respective platform obtain the consent of the users in the processing of personal data, this is done on the basis of Art. 6 para. 1 lit. a), Art. 7 GDPR.
It is not impossible that personal data of users outside the European Union or the European Economic Area can be processed. This may make it difficult for those affected to enforce their services. Some social media platform providers are certified under the EU US Privacy Shield, which requires them to comply with European privacy standards.
The processing of personal user data takes place regularly for market research and advertising purposes. Based on the user data, profiles are created that make it possible, for example, to display advertisements that correspond to the alleged interests of the respective user. This is done regularly by placing cookies on the device used by the user.
Requests for information and the assertion of your rights should be made directly to the respective providers listed below, as only they have access to personal data of the users and can take appropriate measures and provide information.
If you still need help in exercising your rights, you can of course contact us.
We maintain a presence on the following social media sites:
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland (Facebook), Data Policy https://www.facebook.com/about/privacy/, Opt-Out Possibilities https://www.facebook .com/ads/preferences/? entry_product = ad_settings_screen or http://www.youronlinechoices.com/, EU US Privacy - Shield https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Use includes the Universal Analytics mode; this allows data, sessions and interactions across multiple devices to be assigned to a pseudonymous user ID so that the activities of a user can be analysed across devices.
Google Analytics uses what are called “cookies.” These are text files that are stored on your computer and allow your use of the website to be analysed. The information about your use of the website generated by the cookie is generally transmitted to a Google Server in the United States and stored there. If IP anonymisation is activated on this website, however, your IP address will be truncated in advance within member states of the European Union or in other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. Please note that Google Analytics has been expanded to include IP anonymisation on this website to guarantee that IP addresses are collected in anonymised form (“IP masking”). The IP address transmitted from your browser in the context of Google Analytics will not be conflated with other Google data. For more information about terms and conditions of use and data protection, please see https://www.google.com/analytics/terms/de.html and https://policies.google.com/?hl=de
Google will use this information on our behalf to evaluate your use of the website, compile reports about website activity and render other services for us, the website operator, associated with website and internet use.
Data will be processed based on your consent pursuant to Art. 6 (1) (1) a of the GDPR.
The recipient of the processed data is Google.
The personal data will be transmitted to the United States under the EU-US Privacy Shield based on the adequacy decision by the European Commission. You can view the certificate at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.
The data sent by us and linked to cookies, usernames (such as user ID) or advertising IDs will be automatically erased after 14 months. Data for which the retention period has expired will be automatically erased once per month.
You may revoke your consent at any time with effect for the future by preventing the storage of cookies through the appropriate setting on your browser software; however, please be aware that if you do so, you may not be able to use all the functions of this website to their full extent.
In addition, you can prevent the data generated by the cookie related to your use of the website (including your IP address) from being collected and processed by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
You can also prevent your data from being collected during future visits to this website by using opt-out cookies. To prevent Universal Analytics from collecting data across different devices, you will need to perform the opt-out on all systems you use.
The opt-out cookie will be set by clicking here:
YouTube in expanded data protection mode
By using our website, you agree to the processing of data collected about you will be processed by Google and to the methods of data processing described above as well as the purpose specified. You can prevent the storage of cookies through the appropriate setting on your browser software; however, please be aware that if you do so, you may not be able to use all the functions of this website to their full extent. In addition, you can prevent the data generated by the cookies related to your use of the website (including your IP address) from being collected and processed by Google by downloading and installing the browser plug-in available under the following link below the heading DoubleClick Expansion Deactivation. Alternatively, you can disable the Doubleclick cookies with this opt-out.
Rights of the data subject
Right of access
Pursuant to Art. 15 of the GDPR, you can obtain from us information and a copy of the personal data about you stored and processed by us at any time, free of charge.
This right of access includes information about the purposes of processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data has been or will be disclosed, where possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period, the existence of the right to request the rectification or erasure of personal data concerning you or restriction of processing by us or to object to such processing, the existence of the right to lodge a complaint with a supervisory authority and, where personal data is not collected from you, any available information as to its source and the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) of the GDPR and - at least in those cases - meaningful information about the logic involved, as well as the significant and the envisaged consequences of such processing.
You also have the right to obtain information as to whether your personal data is transferred to a third country or to an international organisation and which appropriate safeguards are in place relating to the transfer.
Right to rectification
In addition, pursuant to Art. 16 of the GDPR, you have the right to obtain without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed.
Right to erasure
Pursuant to Art. 17 of the GDPR, you also have the right to obtain the erasure of data stored by us concerning you without undue delay where one of the following grounds applies: The personal data is no longer necessary for the purposes for which it was collected or otherwise processed; you withdraw your consent on which processing is based according to Art. 6 (1) a or Art. 9 (2) a of the GDPR and where there is no other legal ground for processing; you object to the processing pursuant to Art. 21 (1) of the GDPR and there are no overriding legitimate grounds for processing, or you object to processing pursuant to Art. 21 (2); the personal data has been unlawfully processed; the personal data must be erased for compliance with a legal obligation in Union or Member State law to which we are subject; the personal data was collected in relation to the offer of information society services referred to in Art. 8 (1).
Where we have made the personal data public and are obliged pursuant to Art. 17 (1) of the GDPR to erase it, we shall take reasonable measures to inform other controllers who are processing the personal data that you have requested the erasure of any links to, or copies or replication of, this personal data.
Right to restriction of processing
Pursuant to Art. 18 of the GDPR, you have the right to obtain restriction of processing of your personal data where one of the following applies: You contest the accuracy of the personal data, and for a period enabling us to verify the accuracy of the personal data;
Processing is unlawful and you oppose erasure of the personal data and request the restriction of its use instead; we no longer need the personal data for the purposes of processing, but you require it for the establishment, exercise or defence of legal claims; or you have objected to processing pursuant to Art. 21 (1) pending the verification of whether the legitimate grounds of our company override yours.
Right to data portability
Pursuant to Art. 20 of the GDPR, you have the right to receive the personal data concerning you that you have provided to us at any time, in a commonly used and machine-readable format. Furthermore, you have the right to transmit this data to another controller without hindrance from us, where processing is based on consent pursuant to Art. 6 (1) a or Art. 9 (2) a of the GDPR or on a contract pursuant to Art. 6 (1) b of the GDPR and the processing is carried out by automated means, insofar as processing is not necessary for performing a task carried out in the public interest or in the exercise of official authority vested in us.
In addition, you may the personal data stored by you transmitted directly from us to another controller, where technical feasible and where this does not affect the rights and freedoms of others.
Right to object
Pursuant to Art. 20 of the GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) e or f. This also applies to profiling based on these provisions.
If you object, we shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights or freedoms or serves the establishment, exercise or defence of legal claims.
Where we process your personal data for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, we shall no longer process the personal data for such purposes.
You have the right to object, on grounds related to your particular situation, to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) of the GDPR, unless such processing is required to perform a task carried out for reasons of public interest.
It is within your discretion to exercise your right to object to automated procedures in which technical specifications are used that relate to the use of services of the information society and irrespective of Directive 2002/58/EC.
Right to revocation
You may revoke consent to processing of your personal data at any time with effect for the future, pursuant to Art. 7 (3) of the GDPR.
Right to confirmation
You have to right to obtain confirmation as to whether or not personal data concerning you is being processed.
To exercise any of the rights specified, you can contact our data protection officer directly at firstname.lastname@example.org or +49 2735 70-619 or any other employee.
Right to lodge a complaint
In addition, you have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 of the GDPR. You can generally contact the supervisory authority in your regular place of residence or workplace or our headquarters.