How we handle your data and your rights – information according to Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR) This data protection information applies to the collection, processing and use of your personal information when using our website and its subpages, if you come to visit our premises or when you contact us in any other way.
Scheidt & Bachmann IoT Solutions GmbH (hereinafter "we" or "Scheidt & Bachmann") takes the protection of your personal information very seriously and adheres strictly to the rules set down by data protection legislation. The following statement provides an overview of how Scheidt & Bachmann ensures this protection and explains which types of data we collect for which purposes.
1. Responsibility for data processing
Responsibility for processing your personal information lies with:
Scheidt & Bachmann IoT Solutions GmbH, Lousbergstr. 51, 52072 Aachen; Telephone: +49 2166/266-0; Fax: +49 2166/266-375; E-mail: firstname.lastname@example.org
2. Data Protection Officer:
You can reach our Data Protection Officer as follows:
Scheidt & Bachmann GmbH, Data Protection Officer, Breite Straße 132, 41238 Mönchengladbach; Telephone: +49 2166/266-839; Fax: +49 2166/266-254; E-mail: email@example.com
3. Which data do we process and from what sources?
We process personal data which you provide to us vol-untarily or in the course of using one of our service like our website or the Scheidt & Bachmann swap-app. For further details, please refer to Parts II. – V.
4. For what purpose do we process your data and on what legal basis?
We process your personal data for various purposes in line with the relevant data protection laws, in particular the GDPR and the German Federal Data Protection Act ("Bundesdatenschutzgesetz", BDSG). The following generally apply in terms of the purpose of data processing: processing to perform contractual obligations (Art. 6 (1) lit. b GDPR), to protect legitimate interests (Art. 6 (1) lit. f GDPR), based on your consent (Art. 6 (1) lit. a GDPR) and/ or based on legal obligations (Art. 6 (1) lit. c GDPR).
For further details, please refer to Parts II. – V.
5. Who receives my data?
Service providers deployed by us and operating on our behalf (so-called "processors" cf. Art. 4 No. 8 GDPR) can receive personal data. We use the following processors or categories of processor:
- IT service providers
- Group companies
- Google Inc.
In addition, we pass on your personal data to our group companies, who also process personal data under their own responsibility (so-called "controllers", cf. Art. 4 No. 7 GDPR).
6. Transfer of personal data to third countries
In cases described in Parts II. to V., we transfer your personal data to countries outside the European Economic Area (EEA) to the following recipients in third countries:
- - Group companies in United Kingdom of Great Britain and Northern Ireland, Russia, Switzer-land, Tunisia, Israel, USA and Canada
With regard to all recipients, we have implemented suitable guarantees (standard data protection clauses in accordance with Art. 46 para. 2 GDPR) to guarantee the security of your personal data. You may request a copy of these appropriate warranties. For this purpose, please contact the bodies designated in Part I, clauses 1 and 2.
7. Storage of data
We only process your personal data for as long as is necessary to serve the respective purpose of processing.
In addition, we are subject to various storage and documentation obligations, including those arising from the German Commercial Code ("Handelsgesetzbuch" – HGB) and the German Fiscal Code ("Abgabenordnung" – AO). These obligations can apply for up to 10 years.
Finally, the duration of storage is also based on statutory limitation periods, which can be up to 30 years according to Sections 195 ff. of the German Civil Code ("Bürgerliches Gesetzbuch" – BGB), whereby the standard limitation period is three years.
8. Your rights
Any data subject has the right of access according to Art. 15 GDPR, the right to rectification according to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR and the right to data portability based on Art. 20 GDPR. In order to exercise the above rights, please use the contacts specified above in clauses 1 and 2 under Part I – General, clauses 1 and 2.
If you have issued your consent for us to process your data, you can withdraw this at any time without any particular formal requirements. If possible, the withdrawal should be sent to the contacts specified in clauses 1 and 2 under Part I – General.
Users are also legally entitled to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for Scheidt & Bachmann is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW) (State Data Protection and Freedom of Information Officer, North Rhine-Westphalia)
In order to make visiting our website more attractive and allow the use of certain functions, we use so-called cookies on various pages. Cookies are small text files which are stored on your end device. Cookies can be transmitted when a page is accessed, thereby allowing attribution of the user. Cookies help make it simpler for users to use web pages. Some of the cookies used by us are deleted when the browser session is finished, i.e. when the browser is closed (so-called session cookies). Other cookies remain on your end device and make it possible for us to recognise your browser again on your next visit (so-called persistent cookies).
You can set your browser so that you are informed when cookies are used and then decide in each individual case whether to accept them, or else you can rule out acceptance of cookies in certain cases or in general. You can delete cookies which have already been applied. If cookies are not accepted, the functionality of our website may be limited.
- Session ID
2. Automatic collection of access data/ server log files
When you visit our website, the following set of data is automatically stored relating to each access:
- IP address
- Browser type/ version
- Operating system used and resolution
- Previously visited website
- Time and frequency of server request
The personal data in log files is processed based on Art. 6 (1) lit. f GDPR. The purpose of data processing and our legitimate interest lie in the easier administration of our website and the possibility of identifying and pursuing hacking.
3. Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses so-called cookies – text files that are stored on your computer and allow analysis of your use of the website. The information generated by the cookie regarding your use of this website is generally transmitted to a Google server in the USA and stored there.
However, in case of the activation of IP anonymization on this website, your IP address is first abbreviated by Google within the member states of the European Union and in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is active on this website.
On behalf of the operator of this website, Google uses this information to analyse your use of the website so as to compile reports on website activities for website operators and provide other services for the website operator connected with website use and internet use. Google does not link the IP address transferred by your browser in connection with Google Analytics to other data.
Processing of personal data by Google Analytics is based on Art. 6 (1) lit. f GDPR. The purpose of data processing and our legitimate interest lie in the analysis and use of our website.
4. Google Maps
This website uses the Google product Google Maps. If you consent to the use of Google Maps on a subpage in which Google Maps is embedded and activate the plug-in, Google receives the information that you have accessed the relevant subpage of our website. In addition, data is collected which your browser sends to Google. This includes IP address, date and time of the request, amount of data transferred operating system and the user interface, language and version of the browser software.
This occurs regardless of whether Google provides a user account via which you are logged in or no user account exists. If you are logged into Google, your data is attributed directly to your account. If you do not want the data to be attributed to your Google profile, you have to log out before activating the button. Google saves your data as use profiles and uses it for the purpose of advertising, market research and/ or the needs-oriented design of its website. In order to exercise any rights such as a right to object to the creation of these user profiles, you must contact Google.
We have integrated YouTube videos in our website which are saved at www.youtube.com and can be played directly from our website. The videos are only activated if you specifically request this. These videos are also integrated in "extended data protection mode", i.e. no data about you as a user is sent to YouTube if you do not play the videos. Only when you play a video is the data transferred as specified in the next clause. We do not have any influence on this data transfer.
When you play the video, YouTube receives the information that you have accessed the relevant subpage of our website. In addition, data is collected which your browser sends to YouTube. This includes IP address, date and time of the request, amount of data transferred, operating system and the user interface, language and version of the browser software.
This occurs regardless of whether YouTube provides a user account via which you are logged in or no user account exists. If you are logged into Google, your data is attributed directly to your account. If you do not want the data to be attributed to your YouTube profile, you have to log out before activating the button. YouTube saves your data as use profiles and uses it for the purpose of advertising, market research and/or the needs-oriented design of its website. Such analysis (also in the case of users who are not logged in) serves the purpose of providing needs-oriented advertising and to inform other social network users about your activities on our website. In order to exercise any rights such as a right to object to the creation of these user profiles, you must contact Google.
On our website you will find contact forms which can be used to make contact electronically. Alternatively, it is possible to contact us via the e-mail addresses provided. If you contact us via one of these channels, we collect the personal data have entered and sent to us.
If you use the contact form, the personal data recorded comprises the master data entered (required fields: form of address, last name, e-mail address, country; voluntary fields: first name, company, telephone number) and potentially any other personal data entered by you in the field labelled "Message". If you contact us directly by e-mail, we record your e-mail address and any personal data included in the text of the e-mail.
Should it be necessary to answer your inquiry, we will pass on personal data to group companies.
Processing is carried out based on Art. 6 (1) lit. f GDPR. The purpose of data processing and our legitimate interest lie in customer care and the ability to reply to messages sent to us.
On our website you can sign up for various newsletters providing information on general company news, products, trade fairs and events.
In order to manage newsletters subscriptions we process the personal data sent to us via the registration form. This comprises master data (required fields: e-mail address, language, your interests; voluntary details: form of address, title, name, company, country).
The distribution of newsletters takes place on the basis of consent from the recipient in accordance with Art. 6 (1) (a), Art. 7 GDPR in conjunction with Section 7 (2) No. 3 German Act Against Unfair Competition or on the basis of legal permission in accordance with Section 7 (3) German Act Against Unfair Competition. The recording of the registration procedure is performed on the basis of our justified interests in accordance with Art. 6 (1) lit. f GDPR and serves as proof of consent to receipt of the newsletter. The purpose of data processing and our legitimate interest lie in customer care and direct advertising.
8. Job vacancies
Our website also enables you to sign up for a newsletter containing details of new job vacancies.
In order to manage newsletter subscriptions we process the personal data sent to us via the registration form. This consists of the e-mail address, the areas of work you are interested in, your postcode and the geographical region in which you are interested in vacancies.
The distribution of job vacancies takes place on the basis of consent from the recipient in accordance with Art. 6 (1) (a), Art. 7 GDPR. The recording of the registration procedure is performed on the basis of our justified interests in accordance with Art. 6 (1) lit. f GDPR and serves as proof of consent to receipt of the newsletter. The purpose of data processing and our legitimate interest lie in communicating job vacancies in our company to potential candidates.
We also occasionally carry out surveys, for example to assess customer satisfaction. Only customers invited by us are entitled to participate.
Surveys are always carried out anonymously. However, access codes are regularly sent out to customers for participation purposes. These can be attributed to the relevant customer. In the surveys themselves, some personal data is requested. If this is the case, however, submission of such details is voluntary and can be skipped. Processing of personal data is carried out based on Art. 6 (1) lit. f GDPR. The purpose and our legitimate interest is the analysis of customer satisfaction and product improvements.
10. Data area
We provide a data area in which we offer our customers and potential customers various documents for download. These include contract documents and product information, for example. Access is only provided for authorised users.
We process the following data for the purpose of access control: e-mail address, user name.
Processing of personal data is carried out based on Art. 6 (1) lit. b, f GDPR. The purpose and our legitimate interest are to enter into a contract, to make relevant documents available and to prevent of unauthorised access to uploaded documents.
11. Online applicant portal
We publish job offers on our homepage. You have the possibility to apply for a job offer by using the online form of our applicant portal.
We process the personal data transmitted using the form. This is master data (mandatory fields): First name, surname, street and house number, postal code, town, e-mail address; optional information: telephone, mobile phone number). In addition, the documents that you upload online in the application portal may contain other personal data, such as date of birth, data on school education, training and studies as well as previous career history, data on driving licences, data on possible impairments, curriculum vitae, certificates, photo. You are solely responsible for the content of the uploaded documents.
The processing is carried out on the basis of Art. 6 (1) lit. b DSGVO and Section 26 (1) S. 1 BDSG. The purpose of data processing is to check your suitability for the position or for another position in our group of compa-nies (or in the case of an unsolicited application for a position in our group of companies) and to carry out the application procedure as well as hiring decisions.
When we enter into an employment contract with you, we transfer your information to our personnel management system for employment purposes, to the extent necessary for its performance or termination. The legal basis for the described data processing is Art. 6 (1) lit. b GDPR and Section 26 (1) S. 1 BDSG (Carrying out the employment contract).
We store your data for as long as it is necessary for the decision on your application.
If no employment contract is established, we will store your data for as long as it is necessary to defend against possible legal claims. As a rule, your data will be deleted 180 days after notification of the rejection decision, unless longer storage is necessary due to legal disputes.
If an employment contract is established, we transfer your data from the online application portal to our personnel information system. Data that is not required for the performance of the employment relationship will be deleted 180 days after completion of the application process.
If an applicant is inactive in our applicant pool, we delete the applicant's data at the latest after 180 days after the pool promise, unless the applicant extends his membership in the applicant pool even after we have informed him of the imminent deletion.
III. Processing of personal data in connection with (incipient) business and order relationships or other communication relationships
Subject of our data processing is your contact data as well as any other personal data required for the provision of our services or communication with you, e.g. information typically contained in order documents and / or public registers, such as commercial registers, or the subject of our correspondence with you.
If you have not provided us with your personal data yourself, we have received it from business partners, service providers or cooperation partners for whom you may work as an employee or representative, or have taken the data from publicly accessible sources, such as company websites, participant lists of events or public directories.
The purpose of the data processing is
- to enter into or perform orders, contracts and other business relationships (including the execution of purchase orders, deliveries or payments) or to prepare or respond to requests for quotations and to determine the terms of the contractual relationship with our business partners, service providers or cooperation partners for whom you may be acting as an agent or employee;
- for internal administrative purposes (e.g. accounting);
- for the purpose of anti-terrorism and sanctions list screening, if any;
- to conduct court and official proceedings and/ or for the purpose of asserting/ exercising and defending against legal claims nationally and abroad;
- to send you our customer information to the extent relevant to your business activities, such as newsletters with references to current topics and events;
- for other communication purposes;
- to ensure the IT security and IT operation of our company;
- the use of service providers (e.g. external IT service providers) who support our business processes;
- to plan and conduct events to which you are invited, including reporting on such events on our website or intranet, which may include publishing images and video material on the internet or intranet where you are featured.
Legal basis for the processing of personal data is Art. 6 para. 1 lit. b GDPR when it comes to the fulfilment of contracts with or orders by individuals (natural persons) with whom we have business relationships. In all other cases, we have legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f GDPR in order to be able to guarantee smooth business processes and order processing. In addition, data processing may also be required by law (Art. 6 para. 1 lit. c GDPR).
Each of our employees or all employees of service providers who have or may have access to personal data in the course of their work are obliged to treat this data confidentially.
Your personal data will be deleted after termination of the contractual or business relationship or other contact and insofar as the data is no longer required for the fulfilment of contractual or statutory obligations or the legitimate interests stated in this data protection declaration.
Within the group of companies, we transfer your personal data to group companies as required - see Section I. Otherwise, we transfer your personal data only on the basis of statutory regulations or if you have given us your consent to do so.
We use technical and organisational security measures to adequately protect your personal data managed by us against accidental or intentional manipulation loss, destruction or against access by unauthorised persons.
12. Validity and timeliness of the data protection declaration
This Data Protection Declaration is dated as of Februrary 2020 and is effective for as long as no updated version replaces it.
Due to the further development of our website or the implementation of new technologies, it may become necessary to change this Data Protection Declaration. We reserve the right to change the Data Protection Declaration at any time with effect for the future. We recommend that you re-read the current Data Protection Statement from time to time.
Information on your right to object according to Art. 21 General Data Protection Regulation (GDPR)
You have the right at any time to object to personal data relating to you being processed based on Art. 6 (1) lit. f GDPR on grounds relating to your particular situation (data processing based on a balancing of interests); this also applies to any profiling based on this provision as defined by Art. 4 No. 4 GDPR.
If you file an objection, we will no longer process your personal data, unless we can prove compelling, legitimate grounds for processing which override your interests, rights and freedoms or if the processing serves the enforcement, exercise or defence of legal rights.
In individual cases, we process your personal data for the purpose of direct advertising. You have the right at any time to object to the processing of personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is has to do with such direct advertising.
If you object to the processing of data for the purpose of direct advertising, we will no longer process your personal data for this purpose.
There are no particular formal requirements for filing the objection; if possible it should be sent to the contacts specified above in clauses 1 and 2 under Part I – General of this data protection notice.