How we handle your data and your rights – information according to Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR) This data protection information applies to the collection, processing and use of your personal information when using our website and its subpages, if you come to visit our premises or when you contact us in any other way.
Scheidt & Bachmann GmbH (hereinafter "we" or "Scheidt & Bachmann") takes the protection of your personal information very seriously and adheres strictly to the rules set down by data protection legislation. The following statement provides an overview of how Scheidt & Bachmann ensures this protection and explains which types of data we collect for which purposes.
1. Responsibility for data processing
Responsibility for processing your personal information lies with:
Scheidt & Bachmann GmbH, Breite Straße 132, 41238 Mönchengladbach, Germany; Telephone: +49 2166/266-0; Fax: +49 2166/266-375; E-mail: email@example.com
2. Data Protection Officer:
You can reach our Data Protection Officer as follows:
Scheidt & Bachmann GmbH, Data Protection Officer, Breite Straße 132, 41238 Mönchengladbach, Germany; Telephone: +49 2166/266-839; Fax: +49 2166/266-254; E-mail: firstname.lastname@example.org
3. Which data do we process and from what sources?
We process personal data which you provide to us vol-untarily or in the course of using one of our service like our website or the Scheidt & Bachmann swap-app. For further details, please refer to Parts II. – V.
4. For what purpose do we process your data and on what legal basis?
We process your personal data for various purposes in line with the relevant data protection laws, in particular the GDPR and the German Federal Data Protection Act ("Bundesdatenschutzgesetz", BDSG). The following generally apply in terms of the purpose of data processing: processing to perform contractual obligations (Art. 6 (1) lit. b GDPR), to protect legitimate interests (Art. 6 (1) lit. f GDPR), based on your consent (Art. 6 (1) lit. a GDPR) and/ or based on legal obligations (Art. 6 (1) lit. c GDPR).
For further details, please refer to Parts II. – V.
5. Who receives my data?
Service providers deployed by us and operating on our behalf (so-called "processors" cf. Art. 4 No. 8 GDPR) can receive personal data. We use the following processors or categories of processor:
- IT service providers
- Group companies
- Google Inc.
In addition, we pass on your personal data to our group companies, who also process personal data under their own responsibility (so-called "controllers", cf. Art. 4 No. 7 GDPR).
6. Transfer of personal data to third countries
In cases described in Parts II. to V., we transfer your personal data to countries outside the European Economic Area (EEA) to the following recipients in third countries:
- - Group companies in United Kingdom of Great Britain and Northern Ireland, Russia, Switzer-land, Tunisia, Israel, Ukraine, USA and Canada
With regard to all recipients, we have implemented suitable guarantees (standard data protection clauses in accordance with Art. 46 para. 2 GDPR) to guarantee the security of your personal data. You may request a copy of these appropriate warranties. For this purpose, please contact the bodies designated in Part I, clauses 1 and 2.
7. Storage of data
We only process your personal data for as long as is necessary to serve the respective purpose of processing.
In addition, we are subject to various storage and documentation obligations, including those arising from the German Commercial Code ("Handelsgesetzbuch" – HGB) and the German Fiscal Code ("Abgabenordnung" – AO). These obligations can apply for up to 10 years.
Finally, the duration of storage is also based on statutory limitation periods, which can be up to 30 years according to Sections 195 ff. of the German Civil Code ("Bürgerliches Gesetzbuch" – BGB), whereby the standard limitation period is three years.
8. Your rights
Any data subject has the right of access according to Art. 15 GDPR, the right to rectification according to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR and the right to data portability based on Art. 20 GDPR. In order to exercise the above rights, please use the contacts specified above in clauses 1 and 2 under Part I – General, clauses 1 and 2.
If you have issued your consent for us to process your data, you can withdraw this at any time without any particular formal requirements. If possible, the withdrawal should be sent to the contacts specified in clauses 1 and 2 under Part I – General.
Users are also legally entitled to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for Scheidt & Bachmann is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW) (State Data Protection and Freedom of Information Officer, North Rhine-Westphalia)
In order to make visiting our website more attractive and allow the use of certain functions, we use so-called cookies on various pages. Cookies are small text files which are stored on your end device. Cookies can be transmitted when a page is accessed, thereby allowing attribution of the user. Cookies help make it simpler for users to use web pages. Some of the cookies used by us are deleted when the browser session is finished, i.e. when the browser is closed (so-called session cookies). Other cookies remain on your end device and make it possible for us to recognise your browser again on your next visit (so-called persistent cookies).
You can set your browser so that you are informed when cookies are used and then decide in each individual case whether to accept them, or else you can rule out acceptance of cookies in certain cases or in general. You can delete cookies which have already been applied. If cookies are not accepted, the functionality of our website may be limited.
- Session ID
2. Automatic collection of access data/ server log files
When you visit our website, the following set of data is automatically stored relating to each access:
- IP address
- Browser type/ version
- Operating system used and resolution
- Previously visited website
- Time and frequency of server request
The personal data in log files is processed based on Art. 6 (1) lit. f GDPR. The purpose of data processing and our legitimate interest lie in the easier administration of our website and the possibility of identifying and pursuing hacking.
3. Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses so-called cookies – text files that are stored on your computer and allow analysis of your use of the website. The information generated by the cookie regarding your use of this website is generally transmitted to a Google server in the USA and stored there.
However, in case of the activation of IP anonymization on this website, your IP address is first abbreviated by Google within the member states of the European Union and in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is active on this website.
On behalf of the operator of this website, Google uses this information to analyse your use of the website so as to compile reports on website activities for website operators and provide other services for the website operator connected with website use and internet use. Google does not link the IP address transferred by your browser in connection with Google Analytics to other data.
You can prevent the saving of cookies by making the appropriate setting in your browser software; however, we would like to point out that if you do so, you will not be able to use the full range of functions offered by this website. You can also prevent the data generated by the cookie relating to your use of the website (incl. your IP address) from being transmitted to Google and you can prevent the processing of this data by Google by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=de)
You can also prevent data collection by Google Analytics on our website by clicking on the following link. An opt-out cookie is applied which will prevent your data from being collected when visiting this website: Disable Google Analytics
Processing of personal data by Google Analytics is based on Art. 6 (1) lit. f GDPR. The purpose of data processing and our legitimate interest lie in the analysis and use of our website.
4. Google Maps
This website uses the Google product Google Maps. If you consent to the use of Google Maps on a subpage in which Google Maps is embedded and activate the plug-in, Google receives the information that you have accessed the relevant subpage of our website. In addition, data is collected which your browser sends to Google. This includes IP address, date and time of the request, amount of data transferred operating system and the user interface, language and version of the browser software.
This occurs regardless of whether Google provides a user account via which you are logged in or no user account exists. If you are logged into Google, your data is attributed directly to your account. If you do not want the data to be attributed to your Google profile, you have to log out before activating the button. Google saves your data as use profiles and uses it for the purpose of advertising, market research and/ or the needs-oriented design of its website. In order to exercise any rights such as a right to object to the creation of these user profiles, you must contact Google.
We have integrated YouTube videos in our website which are saved at www.youtube.com and can be played directly from our website. The videos are only activated if you specifically request this. These videos are also integrated in "extended data protection mode", i.e. no data about you as a user is sent to YouTube if you do not play the videos. Only when you play a video is the data transferred as specified in the next clause. We do not have any influence on this data transfer.
When you play the video, YouTube receives the information that you have accessed the relevant subpage of our website. In addition, data is collected which your browser sends to YouTube. This includes IP address, date and time of the request, amount of data transferred, operating system and the user interface, language and version of the browser software.
This occurs regardless of whether YouTube provides a user account via which you are logged in or no user account exists. If you are logged into Google, your data is attributed directly to your account. If you do not want the data to be attributed to your YouTube profile, you have to log out before activating the button. YouTube saves your data as use profiles and uses it for the purpose of advertising, market research and/or the needs-oriented design of its website. Such analysis (also in the case of users who are not logged in) serves the purpose of providing needs-oriented advertising and to inform other social network users about your activities on our website. In order to exercise any rights such as a right to object to the creation of these user profiles, you must contact Google.
On our website you will find contact forms which can be used to make contact electronically. Alternatively, it is possible to contact us via the e-mail addresses provided. If you contact us via one of these channels, we collect the personal data have entered and sent to us.
If you use the contact form, the personal data recorded comprises the master data entered (required fields: form of address, last name, e-mail address, country; voluntary fields: first name, company, telephone number) and potentially any other personal data entered by you in the field labelled "Message". If you contact us directly by e-mail, we record your e-mail address and any personal data included in the text of the e-mail.
Should it be necessary to answer your inquiry, we will pass on personal data to group companies.
Processing is carried out based on Art. 6 (1) lit. f GDPR. The purpose of data processing and our legitimate interest lie in customer care and the ability to reply to messages sent to us.
On our website you can sign up for various newsletters providing information on general company news, products, trade fairs and events.
In order to manage newsletters subscriptions we process the personal data sent to us via the registration form. This comprises master data (required fields: e-mail address, language, your interests; voluntary details: form of address, title, name, company, country).
The distribution of newsletters takes place on the basis of consent from the recipient in accordance with Art. 6 (1) (a), Art. 7 GDPR in conjunction with Section 7 (2) No. 3 German Act Against Unfair Competition or on the basis of legal permission in accordance with Section 7 (3) German Act Against Unfair Competition. The recording of the registration procedure is performed on the basis of our justified interests in accordance with Art. 6 (1) lit. f GDPR and serves as proof of consent to receipt of the newsletter. The purpose of data processing and our legitimate interest lie in customer care and direct advertising.
8. Job vacancies
Our website also enables you to sign up for a newsletter containing details of new job vacancies.
In order to manage newsletter subscriptions we process the personal data sent to us via the registration form. This consists of the e-mail address, the areas of work you are interested in, your postcode and the geographical region in which you are interested in vacancies.
The distribution of job vacancies takes place on the basis of consent from the recipient in accordance with Art. 6 (1) (a), Art. 7 GDPR. The recording of the registration procedure is performed on the basis of our justified interests in accordance with Art. 6 (1) lit. f GDPR and serves as proof of consent to receipt of the newsletter. The purpose of data processing and our legitimate interest lie in communicating job vacancies in our company to potential candidates.
We also occasionally carry out surveys, for example to assess customer satisfaction. Only customers invited by us are entitled to participate.
Surveys are always carried out anonymously. However, access codes are regularly sent out to customers for participation purposes. These can be attributed to the relevant customer. In the surveys themselves, some personal data is requested. If this is the case, however, submission of such details is voluntary and can be skipped. Processing of personal data is carried out based on Art. 6 (1) lit. f GDPR. The purpose and our legitimate interest is the analysis of customer satisfaction and product improvements.
10. Data area
We provide a data area in which we offer our customers and potential customers various documents for download. These include contract documents and product information, for example. Access is only provided for authorised users.
We process the following data for the purpose of access control: e-mail address, user name.
Processing of personal data is carried out based on Art. 6 (1) lit. b, f GDPR. The purpose and our legitimate interest are to enter into a contract, to make relevant documents available and to prevent of unauthorised access to uploaded documents.
11. Online applicant portal
We publish job offers on our homepage. You have the possibility to apply for a job offer by using the online form of our applicant portal.
We process the personal data transmitted using the form. This is master data (mandatory fields): First name, surname, street and house number, postal code, town, e-mail address; optional information: telephone, mobile phone number). In addition, the documents that you upload online in the application portal may contain other personal data, such as date of birth, data on school education, training and studies as well as previous career history, data on driving licences, data on possible impairments, curriculum vitae, certificates, photo. You are solely responsible for the content of the uploaded documents.
The processing is carried out on the basis of Art. 6 (1) lit. b DSGVO and Section 26 (1) S. 1 BDSG. The purpose of data processing is to check your suitability for the position or for another position in our group of compa-nies (or in the case of an unsolicited application for a position in our group of companies) and to carry out the application procedure as well as hiring decisions.
When we enter into an employment contract with you, we transfer your information to our personnel management system for employment purposes, to the extent necessary for its performance or termination. The legal basis for the described data processing is Art. 6 (1) lit. b GDPR and Section 26 (1) S. 1 BDSG (Carrying out the employment contract).
We store your data for as long as it is necessary for the decision on your application.
If no employment contract is established, we will store your data for as long as it is necessary to defend against possible legal claims. As a rule, your data will be deleted 180 days after notification of the rejection decision, unless longer storage is necessary due to legal disputes.
If an employment contract is established, we transfer your data from the online application portal to our personnel information system. Data that is not required for the performance of the employment relationship will be deleted 180 days after completion of the application process.
If an applicant is inactive in our applicant pool, we delete the applicant's data at the latest after 180 days after the pool promise, unless the applicant extends his membership in the applicant pool even after we have informed him of the imminent deletion.
1. Video surveillance
A video surveillance system is operated to monitor the company premises. The purpose of the video surveillance of the employee/ company parking spaces, the entrances and exits to the company premises, the forecourt of the dispatch department, the entrances for persons, the factory roads as well as the construction sites located on the company premises is the protection of the house right, the protection of the company premises and its facilities, the people and the objects which are on them but also to document the changes on the company premises for the company history. This right is fundamentally covered by the householder's right. In addition, the purpose of video surveillance is to increase the sense of security of the people staying at these places, to deter people who are willing to commit vandalism, to prevent crime and to preserve evidence for the effective prosecution and enforcement of criminal and civil claims of both the responsible person and the employees.
Video surveillance is carried out on the basis of our legitimate interest within the meaning of Art. 6 (1) lit. f GDPRand Sections 4, 26 (4) BDSG: exercise the right to determine who shall be allowed or denied access, protection of property, people, objects and facilites located on the company premises; protection against criminal offences; assertion of civil law claims for damages by the controller and his employees; documentation of changes on the company premises for the company history; on the basis of a collective agreement in the case of processing personal data of employees.
However, it must be assumed that the interest of the person responsible or of a third party in video surveillance does not unduly interfere with the rights and freedoms of natural persons, in particular since the latter are made aware of video surveillance. Video surveillance is necessary and suitable to fulfil the intended purpose and is also the mildest means in this respect. Video surveillance is quite suitable to deter possible disturbers/ perpetrators. The video surveillance is well recognizable for everyone; in addition signs refer to the video surveillance. The video surveillance supplies usable pictures, which support the conversion of the house right or a criminal prosecution. An equally suitable, milder means is not recognizable. If this function were to be performed by security personnel, this would require staff around the clock. Also the use of camera dummies might cause only a comparable deterrence in the short term, since it cannot be excluded that this becomes known. The observation boundary ends at the boundary of the property.
The data will be deleted 5 working days after production if not used.
2. Access to the company premises
When we grant you access to our premises, we need personal information for communication, the provision of information and services, and for the purposes associated with the relationship. Your personal information will be collected either directly from you by the gatekeeper or through your contact person with us.
The following data categories can be collected and processed:
- Identification data such as surname, first name, company, license plate number, special authorizations (for truck drivers) to identify you as an authorized visitor,
- Addresses and contact data such as postal address, e-mail addresses, telephone number and, if applicable, organizational data such as company, department, function, in order to be able to contact you if, for example, questions need to be clarified, information needs to be exchanged, appointments need to be made or access to the Internet is set up for you.
- Time recording, e.g. on company premises or for the provision of services in order to be able to bill services.
- IP address and voucher code if a temporary access to the Internet via LAN (local aera network) or WLAN (wireless local aera network) has been set up for you as a visitor via a captive portal.
- Video/image data, e.g. for monitoring the publicly accessible areas of the company premises and certain areas on the company premises, in order to monitor our domestic rights and to secure our property and that of third parties.
- Name and address, as export control law requires that visitors to the S&B group companies located at the Mönchengladbach site (natural and legal persons) be subjected to a sanctions list screening at the latest before entering the company premises. The basis for this is the legal obligation on the part of the responsible entity and its subsidiaries to ensure that the requirements of foreign trade laws and regulations are met, including Art. 2 para. 1 lit. B of Regulation (EC) No. 2580/2001, Art. 2 para. 2 of Regulation (EC) No. 881/2002 and Art. 3 para. 2 of Regulation (EU) No. 753/2011. Within the scope of this screening, the person and/ or the company (firm) are checked against the current sanctions lists of the Federal Republic of Germany, the European Union and the USA. In the event of a verified hit, the person and/ or company is to be banned from entering the company premises. The results of the check are stored in the system for 365 days. Furthermore, a sanctions list check is carried out before each new visit.
The legal basis for the processing of personal data is the protection of our legitimate interest on the basis of Art. 6 (1) lit. f GDPR: Enforcement of our right to determine who shall be allowed or denied access rights; granting access to the company premises only to authorized visitors; protection of property, people, objects and facilities located on the company premises; protection against criminal offences; assertion of civil law claims for damages by the person responsible and by third parties, compliance with legal requirements.
3. Voluntary self-disclosure due to Covid-19 virus
Due to the current coronavirus pandemic, visitors to our company premises are asked to fill out a self-disclosure form. In doing so, we collect not only your name and contact data (e.g. e-mail address, telephone number, address) but also health data. We need this data in order to be able to carry out a risk assessment for ac-cess to our company premises and thus for contact with our employees. The legal basis for this is Art. 6 (1) lit. a and Art. 9 (2) lit. a GDPR, as they have expressly con-sented to the collection of the data. In addition, pro-cessing (e.g. also forwarding to third parties) may be necessary in order to protect your vital interests or those of other natural persons (Art. 6 (1) lit. d GDPR) or be-cause there is a public interest (Art. 9 (2) lit. i GDPR in conjunction with § 22 (1) No. 1 lit. c BDSG). In addition, we could be legally obliged to do so (Art. 6 (1) lit. c and Art. 9 (2) lit. b DS-GVO).
The data will be deleted regularly, at the latest by the end of the pandemic.
4. License plate recognition
The entrances and exits to the company premises are equipped with barriers and TCP/IP-connected cameras for vehicle license plate recognition. The image capture is triggered by driving over an induction loop embedded in the lane, whereby the vehicle license plate is captured in an image file and read out together with the entry and exit time.
Due to the constant observation of a detection area and the repeated short-term image capture, the license plate recognition of motor vehicles could represent video surveillance in the sense of § 4 BDSG.
Video surveillance is carried out on the basis of our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR as well as §§ 4, 26 (4) BDSG for the following purposes: exercising the right of domicile; protection of property, people, property and installations located on the company premises; protection against criminal offences; assertion of civil damage claims by the re-sponsible person and his employees; on the basis of a collective agreement in the case of processing personal data of employees.
Video surveillance is a suitable means of safeguarding the house right of the controller by giving the controller the opportunity to decide who is allowed to drive on the company premises and/ or who is allowed to use the parking space located there. In addition, license plate recognition can be used for preventive purposes, such as deterrence from committing violations of the law within the traffic area, or for repressive purposes, such as the preservation of evidence for the enforcement of civil law claims by the responsible party. A milder means of achieving the objective is not discernible.
The data will be deleted 5 working days after production if not used.
IV. Processing of personal data in connection with (incipient) business and order relationships or other communication relationships
Subject of our data processing is your contact data as well as any other personal data required for the provision of our services or communication with you, e.g. information typically contained in order documents and / or public registers, such as commercial registers, or the subject of our correspondence with you.
If you have not provided us with your personal data yourself, we have received it from business partners, service providers or cooperation partners for whom you may work as an employee or representative, or have taken the data from publicly accessible sources, such as company websites, participant lists of events or public directories.
The purpose of the data processing is
- to enter into or perform orders, contracts and other business relationships (including the execution of purchase orders, deliveries or payments) or to prepare or respond to requests for quotations and to determine the terms of the contractual relationship with our business partners, service providers or cooperation partners for whom you may be acting as an agent or employee;
- for internal administrative purposes (e.g. accounting);
- for the purpose of anti-terrorism and sanctions list screening, if any;
- to conduct court and official proceedings and/ or for the purpose of asserting/ exercising and defending against legal claims nationally and abroad;
- to send you our customer information to the extent relevant to your business activities, such as newsletters with references to current topics and events;
- for other communication purposes;
- to ensure the IT security and IT operation of our company;
- the use of service providers (e.g. external IT service providers) who support our business processes;
- to plan and conduct events to which you are invited, including reporting on such events on our website or intranet, which may include publishing images and video material on the internet or intranet where you are featured.
Legal basis for the processing of personal data is Art. 6 para. 1 lit. b GDPR when it comes to the fulfilment of contracts with or orders by individuals (natural persons) with whom we have business relationships. In all other cases, we have legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f GDPR in order to be able to guarantee smooth business processes and order processing or to maintain the business relationship. In addition, data processing may also be required by law (Art. 6 para. 1 lit. c GDPR).
Each of our employees or all employees of service providers who have or may have access to personal data in the course of their work are obliged to treat this data confidentially.
Your personal data will be deleted after termination of the contractual or business relationship or other contact and insofar as the data is no longer required for the fulfilment of contractual or statutory obligations or the legitimate interests stated in this data protection declaration.
Within the group of companies, we transfer your personal data to group companies as required - see Section I. Otherwise, we transfer your personal data only on the basis of statutory regulations or if you have given us your consent to do so.
When the SWAP app is downloaded, the required information is transmitted to the respective App Store, in particular user name, email address, customer number at the App Store and the individual device ID. We have no influence on this data processing. The operator of the respective App Store is responsible for this. We only process the data required to operate the app on your device.
The processing of the IP address is a technical precondition for the use of the app.
The provider commissioned by us automatically collects and stores information in so-called server/ app log files, which your browser/ app transmits to us. These are:
- Browser type and browser version
- used operating system
- the origin page, if your browser transmits it
- time of the server request
- anonymised IP address
In order to continually optimize this service, your access data will be evaluated anonymously for statistical purposes. In addition, the processing serves to ensure the proper operation of the app, in particular the correction of errors. These data are not merged with other data sources. Basis for the data processing is the protection of our legitimate interests according to art. 6 para. 1 lit. f GDPR.
Personal data will not be passed on to third parties.
We commission service providers, so-called processors, to maintain and service the app software. These service providers are contractually obliged to comply with the provisions of data protection law and are not considered third parties within the meaning of data protection law. All contents of the app are stored in the content management system of Staffbase GmbH, Germany, and hosted by the external providers 1&1 IONOS Cloud GmbH, Germany, and SysEleven GmbH, Germany. These companies are ISO 27001 certified.
The provision of media (images, video, files) within our app (Content Delivery Network) is carried out via a network of regionally distributed servers of Amazon Web Services Inc., US, which are connected via the Internet and may be located in the US and other third countries. This data processing by Amazon Web Services Inc. is carried out on the basis of suitable guarantees in accordance with Art. 46 Para. 2 DSGVO.
As an external tool we have integrated Google Maps. For more information please refer to Part II.4.
2. Services without login
The public area of the app can be used without registra-tion and login. The public area contains public infor-mation/ news of the Scheidt & Bachmann Group as well as links to further offers.
3. Services with login
The app enables the provision of internal and external company information/ news as well as links for employees, shareholders and corporate bodies of the Scheidt & Bachmann Group and, in individual cases, third parties who have been given the opportunity to register in the swap app by the controller (hereinafter referred to as the "User"). Thus, information from the intranet can also be made available outside the office. The swap-app represents a flexible communication platform that can be individually adjusted to the respective information needs of the User.
The data is used for authentication checks, for displaying the User's comments/ likes, for listing in the employee directory of the swap-app and for communication between Users and with us.
The basis for data processing is Art. 6 Para. 1 lit. a GDPR (consent), and if applicable in conjunction with § 26 Para. 2 BDSG. In principle, employees and employers have an equal interest in the provision of company information and communication on privately used terminal equipment. The information required for the performance of the employment relationship is provided to the employee in parallel via company communication channels. The voluntariness of the consent to data processing required for the use of the services is therefore given. The User can revoke this consent at any time. The email address used and the profile picture, if any, will be deleted from the database of the system. The data will then be backed up for another 30 days. Content created by the User is anonymized. The contents created by the User (in particular texts, images, graphics, audio files, video files, links) remain without link on the now no longer existing user profile. At the request of the User, these created contents are deleted by the administrator.
When registering in the app
After downloading the app from the app store you have to register to use it. This requires an e-mail address, your first and last name and a password of your choice. Optionally, a photo as a profile picture as well as futher personal details can also be stored as a profile picture. This data is stored on the servers hosted for us as long as the user account exists and can be viewed by others users of the app. If the account is deleted, the data will also be deleted.
When using the app
When you use the app, servers temporarily record the IP address of your device and other technical features, such as the requested content.
There is no way to participate anonymously in the content of the app. The name is visible in all activities. Every User who posts content to the app (e.g. chat messages, comments or likes) is saved as the associated author of the content (name, first name, time, profile picture if applicable) and is visible to all other Users. This information will be kept for the lifetime of the app, except the respective content or the user account will be deleted by the User himself or by the app administrator.
If a post is only read, this is only registered anonymously by the app and cannot be evaluated via the app on a personal basis.
Posts, e.g. comments made by the User himself and which are not anonymous, can only be evaluated for statistical purposes (e.g. number of comments/ likes on an article, number of active Users, last activity and newest comments of the User, most popular articles). The number of logins are stored by the app for maintenance purposes and security measures. The technical possibilities of the app to anonymously evaluate the usage behavior serve the purpose to improve the offered content of the app.
The app provides limited access to the contents of the Scheidt & Bachmann intranet, such as the S&B telephone directory.
As an external tool we have integrated Google Maps. For more information please refer to Part II.4.
To be able to use the app on your device to its full extent, the app must be able to access various functions and data of the device. This requires that certain permissions are granted.
The permission categories can vary depending on the manufacturer of the device, so Android combines individual permissions into permission categories and you can only agree to permission categories as a whole.
If you disagree, it is possible that not all functions of the app are available.
If you have granted us permission, we will use access to the camera and the photos/ videos of the device to upload them to the app. This access must be initially confirmed by the User.
Push notifications are messages that are sent from the app to the device, where they are prioritized and displayed. When delivered, the app uses push notifications, provided you agreed to them when installing the app or the first time you used it. The device ID is processed for this.
You can deactivate the receipt of push notifications in the settings of your device or within the user account at any time.
Evaluation of usage behaviour
In order to make the app as user-friendly as possible, we analyse your usage behaviour anonymously or pseudonymised. Within the limits of legal regulations, we or companies contracted by us to process data are able to create user profiles. A direct conclusion to an individual Uuser of the app is not possible.
The app offers a translation service, which is technically implemented by Microsoft Corporation. Only data that you have entered as text or sound for translation will be processed. This data will only be stored temporarily for the purpose of performing the translation, data are not written to persistent storage. There will be no record of the submitted text, or portion thereof, in any Microsoft data center. The audio and text will not be used for training purposes either. Micrososft Corporation is certified under the US-European “Privacy Shield” data protection agreement
We use technical and organisational security measures to adequately protect your personal data managed by us against accidental or intentional manipulation loss, destruction or against access by unauthorised persons.
12. Validity and timeliness of the data protection declaration
This Data Protection Declaration is dated as of Februrary 2020 and is effective for as long as no updated version replaces it.
Due to the further development of our website or the implementation of new technologies, it may become necessary to change this Data Protection Declaration. We reserve the right to change the Data Protection Declaration at any time with effect for the future. We recommend that you re-read the current Data Protection Statement from time to time.
Information on your right to object according to Art. 21 General Data Protection Regulation (GDPR)
You have the right at any time to object to personal data relating to you being processed based on Art. 6 (1) lit. f GDPR on grounds relating to your particular situation (data processing based on a balancing of interests); this also applies to any profiling based on this provision as defined by Art. 4 No. 4 GDPR.
If you file an objection, we will no longer process your personal data, unless we can prove compelling, legitimate grounds for processing which override your interests, rights and freedoms or if the processing serves the enforcement, exercise or defence of legal rights.
In individual cases, we process your personal data for the purpose of direct advertising. You have the right at any time to object to the processing of personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is has to do with such direct advertising.
If you object to the processing of data for the purpose of direct advertising, we will no longer process your personal data for this purpose.
There are no particular formal requirements for filing the objection; if possible it should be sent to the contacts specified above in clauses 1 and 2 under Part I – General of this data protection notice.