How we handle your data and your rights – information according to Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR)This data protection information applies to the collection, processing and use of your personal information when using our website and its subpages.
Scheidt & Bachmann GmbH (hereinafter "we" or "Scheidt & Bachmann") takes the protection of your personal information very seriously and adheres strictly to the rules set down by data protection legislation. The following statement provides an overview of how Scheidt & Bachmann ensures this protection and explains which types of data we collect for which purposes.
1. Responsibility for data processing
Responsibility for processing your personal information lies with:
Scheidt & Bachmann GmbH, Breite Straße 132, 41238 Mönchengladbach; Telephone: +49 2166/266-0; Fax: +49 2166/266-375; E-mail: email@example.com
2. Data Protection Officer:
You can reach our Data Protection Officer as follows:
Scheidt & Bachmann GmbH, Data Protection Officer, Breite Straße 132, 41238 Mönchengladbach; Telephone: +49 2166/266-839; Fax: +49 2166/266-254; E-mail: firstname.lastname@example.org
3. Which data do we process and from what sources?
We process personal data which you provide to us voluntarily or in the course of using our website.
For further details, please refer to Part II – Processing of personal data.
4. For what purpose do we process your data and on what legal basis?
We process your personal data for various purposes in line with the relevant data protection laws, in particular the GDPR and the German Federal Data Protection Act ("Bundesdatenschutzgesetz", BDSG). The following generally apply in terms of the purpose of data processing: processing to perform contractual obligations (Art. 6 (1) lit. b GDPR), to protect legitimate interests (Art. 6 (1) lit. f GDPR), based on your consent (Art. 6 (1) lit. a GDPR) and/ or based on legal obligations (Art. 6 (1) lit. c GDPR).
For further details, please refer to Part II – Processing of personal data.
5. Who receives my data?
Service providers deployed by us and operating on our behalf (so-called "processors" cf. Art. 4 No. 8 GDPR) can receive personal data. We use the following processors or categories of processor:
- IT service providers
- Group companies
- Google Inc.
In addition, we pass on your personal data to our group companies, who also process personal data under their own responsibility (so-called "controllers", cf. Art. 4 No. 7 GDPR).
6. Transfer of personal data to third countries
In cases described in Part II "Processing of personal data", we transfer your personal data to countries outside the European Economic Area (EEA) to the following recipients in third countries:
- Group companies in Russia, Switzerland, Tunisia, Israel, USA and Canada
With regard to all recipients, we have implemented suitable guarantees (standard data protection clauses in accordance with Art. 46 para. 2 GDPR) to guarantee the security of your personal data. You may request a copy of these appropriate warranties. For this purpose, please contact the bodies designated in Part I, clauses 1 and 2.
7. Storage of data
We only process your personal data for as long as is necessary to serve the respective purpose of processing.
In addition, we are subject to various storage and documentation obligations, including those arising from the German Commercial Code ("Handelsgesetzbuch" – HGB) and the German Fiscal Code ("Abgabenordnung" – AO). These obligations can apply for up to 10 years.
Finally, the duration of storage is also based on statutory limitation periods, which can be up to 30 years according to Sections 195 ff. of the German Civil Code ("Bürgerliches Gesetzbuch" – BGB), whereby the standard limitation period is three years.
8. Your rights
Any data subject has the right of access according to Art. 15 GDPR, the right to rectification according to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR and the right to data portability based on Art. 20 GDPR. In order to exercise the above rights, please use the contacts specified above in clauses 1 and 2 under Part I – General, clauses 1 and 2.
If you have issued your consent for us to process your data, you can withdraw this at any time without any particular formal requirements. If possible, the withdrawal should be sent to the contacts specified in clauses 1 and 2 under Part I – General.
Users are also legally entitled to lodge a complaint with a supervisory authority (Art. 77 GDPR). The supervisory authority responsible for Scheidt & Bachmann is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW) (State Data Protection and Freedom of Information Officer, North Rhine-Westphalia)
You also have a right to object which is explained in more detail at the end of this data protection notice.
II. Processing of personal data
In order to make visiting our website more attractive and allow the use of certain functions, we use so-called cookies on various pages. Cookies are small text files which are stored on your end device. Cookies can be transmitted when a page is accessed, thereby allowing attribution of the user. Cookies help make it simpler for users to use web pages. Some of the cookies used by us are deleted when the browser session is finished, i.e. when the browser is closed (so-called session cookies). Other cookies remain on your end device and make it possible for us to recognise your browser again on your next visit (so-called persistent cookies).
You can set your browser so that you are informed when cookies are used and then decide in each individual case whether to accept them, or else you can rule out acceptance of cookies in certain cases or in general. You can delete cookies which have already been applied. If cookies are not accepted, the functionality of our website may be limited.
- Session ID
2. Automatic collection of access data/ server log files
When you visit our website, the following set of data is automatically stored relating to each access:
- IP address
- Browser type/ version
- Operating system used and resolution
- Previously visited website
- Time and frequency of server request
The personal data in log files is processed based on Art. 6 (1) lit. f GDPR. The purpose of data processing and our legitimate interest lie in the easier administration of our website and the possibility of identifying and pursuing hacking.
3. Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses so-called cookies – text files that are stored on your computer and allow analysis of your use of the website. The information generated by the cookie regarding your use of this website is generally transmitted to a Google server in the USA and stored there.
However, in case of the activation of IP anonymization on this website, your IP address is first abbreviated by Google within the member states of the European Union and in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is active on this website.
On behalf of the operator of this website, Google uses this information to analyse your use of the website so as to compile reports on website activities for website operators and provide other services for the website operator connected with website use and internet use. Google does not link the IP address transferred by your browser in connection with Google Analytics to other data.
You can prevent the saving of cookies by making the appropriate setting in your browser software; however, we would like to point out that if you do so, you will not be able to use the full range of functions offered by this website. You can also prevent the data generated by the cookie relating to your use of the website (incl. your IP address) from being transmitted to Google and you can prevent the processing of this data by Google by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=de)
You can also prevent data collection by Google Analytics on our website by clicking on the following link. An opt-out cookie is applied which will prevent your data from being collected when visiting this website: Disable Google Analytics
Processing of personal data by Google Analytics is based on Art. 6 (1) lit. f GDPR. The purpose of data processing and our legitimate interest lie in the analysis and use of our website.
4. Google Maps
This website uses the Google product Google Maps. If you consent to the use of Google Maps on a subpage in which Google Maps is embedded and activate the plug-in, Google receives the information that you have accessed the relevant subpage of our website. In addition, data is collected which your browser sends to Google. This includes IP address, date and time of the request, amount of data transferred operating system and the user interface, language and version of the browser software.
This occurs regardless of whether Google provides a user account via which you are logged in or no user account exists. If you are logged into Google, your data is attributed directly to your account. If you do not want the data to be attributed to your Google profile, you have to log out before activating the button. Google saves your data as use profiles and uses it for the purpose of advertising, market research and/ or the needs-oriented design of its website. In order to exercise any rights such as a right to object to the creation of these user profiles, you must contact Google.
We have integrated YouTube videos in our website which are saved at www.youtube.com and can be played directly from our website. The videos are only activated if you specifically request this. These videos are also integrated in "extended data protection mode", i.e. no data about you as a user is sent to YouTube if you do not play the videos. Only when you play a video is the data transferred as specified in the next clause. We do not have any influence on this data transfer.
When you play the video, YouTube receives the information that you have accessed the relevant subpage of our website. In addition, data is collected which your browser sends to YouTube. This includes IP address, date and time of the request, amount of data transferred, operating system and the user interface, language and version of the browser software.
This occurs regardless of whether YouTube provides a user account via which you are logged in or no user account exists. If you are logged into Google, your data is attributed directly to your account. If you do not want the data to be attributed to your YouTube profile, you have to log out before activating the button. YouTube saves your data as use profiles and uses it for the purpose of advertising, market research and/or the needs-oriented design of its website. Such analysis (also in the case of users who are not logged in) serves the purpose of providing needs-oriented advertising and to inform other social network users about your activities on our website. In order to exercise any rights such as a right to object to the creation of these user profiles, you must contact Google.
On our website you will find contact forms which can be used to make contact electronically. Alternatively, it is possible to contact us via the e-mail addresses provided. If you contact us via one of these channels, we collect the personal data have entered and sent to us.
If you use the contact form, the personal data recorded comprises the master data entered (required fields: form of address, last name, e-mail address, country; voluntary fields: first name, company, telephone number) and potentially any other personal data entered by you in the field labelled "Message". If you contact us directly by e-mail, we record your e-mail address and any personal data included in the text of the e-mail.
Should it be necessary to answer your inquiry, we will pass on personal data to group companies.
Processing is carried out based on Art. 6 (1) lit. f GDPR. The purpose of data processing and our legitimate interest lie in customer care and the ability to reply to messages sent to us.
On our website you can sign up for various newsletters providing information on general company news, products, trade fairs and events.
In order to manage newsletters subscriptions we process the personal data sent to us via the registration form. This comprises master data (required fields: e-mail address, language, your interests; voluntary details: form of address, title, name, company, country).
The distribution of newsletters takes place on the basis of consent from the recipient in accordance with Art. 6 (1) (a), Art. 7 GDPR in conjunction with Section 7 (2) No. 3 German Act Against Unfair Competition or on the basis of legal permission in accordance with Section 7 (3) German Act Against Unfair Competition. The recording of the registration procedure is performed on the basis of our justified interests in accordance with Art. 6 (1) lit. f GDPR and serves as proof of consent to receipt of the newsletter. The purpose of data processing and our legitimate interest lie in customer care and direct advertising.
8. Job vacancies
Our website also enables you to sign up for a newsletter containing details of new job vacancies.
In order to manage newsletter subscriptions we process the personal data sent to us via the registration form. This consists of the e-mail address, the areas of work you are interested in, your postcode and the geographical region in which you are interested in vacancies.
The distribution of job vacancies takes place on the basis of consent from the recipient in accordance with Art. 6 (1) (a), Art. 7 GDPR. The recording of the registration procedure is performed on the basis of our justified interests in accordance with Art. 6 (1) lit. f GDPR and serves as proof of consent to receipt of the newsletter. The purpose of data processing and our legitimate interest lie in communicating job vacancies in our company to potential candidates.
We also occasionally carry out surveys, for example to assess customer satisfaction. Only customers invited by us are entitled to participate.
Surveys are always carried out anonymously. However, access codes are regularly sent out to customers for participation purposes. These can be attributed to the relevant customer. In the surveys themselves, some personal data is requested. If this is the case, however, submission of such details is voluntary and can be skipped. Processing of personal data is carried out based on Art. 6 (1) lit. f GDPR. The purpose and our legitimate interest is the analysis of customer satisfaction and product improvements.
10. Data area
We provide a data area in which we offer our customers and potential customers various documents for download. These include contract documents and product information, for example. Access is only provided for authorised users.
We process the following data for the purpose of access control: e-mail address, user name.
Processing of personal data is carried out based on Art. 6 (1) lit. b, f GDPR. The purpose and our legitimate interest are to enter into a contract, to make relevant documents available and to prevent of unauthorised access to uploaded documents.
11. Online applicant portal
We publish job offers on our homepage. You have the possibility to apply for a job offer by using the online form of our applicant portal.
We process the personal data transmitted using the form. This is master data (mandatory fields): First name, surname, street and house number, postal code, town, e-mail address; optional information: telephone, mobile phone number). In addition, the documents that you upload online in the application portal may contain other personal data, such as date of birth, data on school education, training and studies as well as previous career history, data on driving licences, data on possible impairments, curriculum vitae, certificates, photo. You are solely responsible for the content of the uploaded documents.
The processing is carried out on the basis of Art. 6 (1) lit. b DSGVO and Section 26 (1) S. 1 BDSG. The purpose of data processing is to check your suitability for the position (or in the case of an unsolicited application for a position in our group of companies) and to carry out the application procedure as well as hiring decisions.
When we enter into an employment contract with you, we transfer your information to our personnel management system for employment purposes, to the extent necessary for its performance or termination. The legal basis for the described data processing is Art. 6 (1) lit. b DSGVO and Section 26 (1) S. 1 BDSG (Carrying out the employment contract).
We store your data for as long as it is necessary for the decision on your application.
If no employment contract is established, we will store your data for as long as it is necessary to defend against possible legal claims. As a rule, your data will be deleted 180 days after notification of the rejection decision, unless longer storage is necessary due to legal disputes.
If an employment contract is established, we transfer your data from the online application portal to our personnel information system. Data that is not required for the performance of the employment relationship will be deleted 180 days after completion of the application process.
If an applicant is inactive in our applicant pool, we delete the applicant's data at the latest after 180 days after the pool promise, unless the applicant extends his membership in the applicant pool even after we have informed him of the imminent deletion.
12. Video surveillance
A video surveillance system is operated to monitor the company premises. The purpose of the video surveillance of the employee/ company parking spaces, the entrances and exits to the company premises, the forecourt of the dispatch department, the entrances for persons as well as the factory roads is the protection of the house right, the protection of the company premises and its facilities, the people and the objects which are on them. This right is fundamentally covered by the householder's right. In addition, the purpose of video surveillance is to increase the sense of security of the people staying at these places, to deter people who are willing to commit vandalism, to prevent crime and to preserve evidence for the effective prosecution and enforcement of criminal and civil claims of both the responsible person and the employees.
Video surveillance is carried out on the basis of our legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO and Sections 4, 26 (4) BDSG: exercise the right to determine who shall be allowed or denied access, protection of property, people, objects and facilites located on the company premises; protection against criminal offences; assertion of civil law claims for damages by the controller and his employees; on the basis of a collective agreement in the case of processing personal data of employees.
However, it must be assumed that the interest of the person responsible or of a third party in video surveillance does not unduly interfere with the rights and freedoms of natural persons, in particular since the latter are made aware of video surveillance. Video surveillance is necessary and suitable to fulfil the intended purpose and is also the mildest means in this respect. Video surveillance is quite suitable to deter possible disturbers/ perpetrators. The video surveillance is well recognizable for everyone; in addition signs refer to the video surveillance. The video surveillance supplies usable pictures, which support the conversion of the house right or a criminal prosecution. An equally suitable, milder means is not recognizable. If this function were to be performed by security personnel, this would require staff around the clock. Also the use of camera dummies might cause only a comparable deterrence in the short term, since it cannot be excluded that this becomes known. The observation boundary ends at the boundary of the property.
The data will be deleted 5 working days after production if not used.
13. Visitors of the company premises
When we grant you access to our premises, we need personal information for communication, the provision of information and services, and for the purposes associated with the relationship. Your personal information will be collected either directly from you by the gatekeeper or through your contact person with us.
The following data categories can be collected and processed:
- Identification data such as surname, first name, company, license plate number, special authorizations (for truck drivers) to identify you as an authorized visitor,
- Addresses and contact data such as postal address, e-mail addresses, telephone number and, if applicable, organizational data such as company, department, function, in order to be able to contact you if, for example, questions need to be clarified, information needs to be exchanged, appointments need to be made or access to the Internet is set up for you.
- Time recording, e.g. on company premises or for the provision of services in order to be able to bill services.
- IP address and voucher code if a temporary access to the Internet via LAN (local aera network) or WLAN (wireless local aera network) has been set up for you as a visitor via a captive portal.
- Video/image data, e.g. for monitoring the publicly accessible areas of the company premises and certain areas on the company premises, in order to monitor our domestic rights and to secure our property and that of third parties.
The legal basis for the processing of personal data is the protection of our legitimate interest on the basis of Art. 6 (1) lit. f GDPR: Enforcement of our right to determine who shall be allowed or denied access rights; granting access to the company premises only to authorized visitors; protection of property, people, objects and facilities located on the company premises; protection against criminal offences; assertion of civil law claims for damages by the person responsible and by third parties.
We use technical and organisational security measures to adequately protect your personal data managed by us against accidental or intentional manipulation loss, destruction or against access by unauthorised persons.
15. Validity and timeliness of the data protection declaration
This Data Protection Declaration is dated as of May 2019 and is effective for as long as no updated version replaces it.
Due to the further development of our website or the implementation of new technologies, it may become necessary to change this Data Protection Declaration. We reserve the right to change the Data Protection Declaration at any time with effect for the future. We recommend that you re-read the current Data Protection Statement from time to time.
Information on your right to object according to Art. 21 General Data Protection Regulation (GDPR)
You have the right at any time to object to personal data relating to you being processed based on Art. 6 (1) lit. f GDPR on grounds relating to your particular situation (data processing based on a balancing of interests); this also applies to any profiling based on this provision as defined by Art. 4 No. 4 GDPR.
If you file an objection, we will no longer process your personal data, unless we can prove compelling, legitimate grounds for processing which override your interests, rights and freedoms or if the processing serves the enforcement, exercise or defence of legal rights.
In individual cases, we process your personal data for the purpose of direct advertising. You have the right at any time to object to the processing of personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is has to do with such direct advertising.
If you object to the processing of data for the purpose of direct advertising, we will no longer process your personal data for this purpose.
There are no particular formal requirements for filing the objection; if possible it should be sent to the contacts specified above in clauses 1 and 2 under Part I – General of this data protection notice.