Privacy policy - Schmitter Hydraulik

Privacy

General information

We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to take this opportunity to inform you which of your personal data we collect when you visit our website and for what purposes it is used.

This data protection information applies to the Schmitter Hydraulik GmbH website: schmitter-hydraulik.de, schmitter-hydraulik.fr and webshop.schmitter-hydraulik.de.

Note on the responsible body

The entity responsible for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR):

Schmitter Hydraulik GmbH

Represented by: Andreas Meder and Matthias Richter

Am Stöckleinsbrunnen 1

97762 Hammelburg

Phone: 09732 8888 0

E-mail: contact[at]schmitter-hydraulik.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Data Protection Officer

Jürgen Müller

Robert-Bosch-Str. 3 72622 Nürtingen

E-mail address: juergen.mueller[at]dsb-mueller.com

What is it all about?

This data protection notice fulfils the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, your age, your address, your telephone number, your

Date of birth, your email address, your IP address or user behaviour when visiting a website. Information for which we cannot (or only with disproportionate effort) establish a connection to your person, e.g. through anonymisation, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose.

Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no legitimate reasons for further storage of the data. We will inform you of the specific storage periods or criteria for storage in the individual processing operations. Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defence of legal claims and in the event of statutory retention obligations.

Who receives my data?

We only pass on your personal data that we process on our website to third parties if this is necessary for the fulfilment of the purposes and is covered by the legal basis (e.g. consent or protection of legitimate interests). individual case is covered by the legal basis (e.g. consent or protection of legitimate interests). In individual cases, we also pass on personal data to third parties if this serves the assertion, exercise or defence of legal claims. Possible recipients may then be, for example, law enforcement authorities, lawyers, auditors, courts, etc.

Insofar as we use service providers for the operation of our website who process personal data on our behalf as part of order processing in accordance with Art. 28 GDPR, they may be recipients of your personal data. You can find more information on the use of processors and web services in the overview of the individual processing operations.

Data collection on our website

Cookies

Some of the Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping basket function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimised provision of its services. Insofar as

other cookies (e.g. cookies for analysing your surfing behaviour) are stored, these are treated separately in this privacy policy.

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. These can be found for the respective browsers under the following links:

Please note that if you do not accept cookies, the functionality of our website may be restricted.

You can change the cookie preferences you set when you first visited our site at any time here.

Which rights do I have?

Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:

Information in accordance with Art. 15 GDPR about the personal data stored about you in the form of meaningful information on the details of the processing as well as a copy of your data;
Correction in accordance with Art. 16 GDPR of incorrect or incomplete data stored by us;
erasure pursuant to Art. 17 GDPR of the data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
restriction of processing pursuant to Art. 18 GDPR if the accuracy of the data is contested, the processing is unlawful, we no longer need the data and you oppose the erasure of the data because you need it for the establishment, exercise or defence of legal claims or you have objected to processing pursuant to Art. 21 GDPR.
Data portability pursuant to Art. 20 GDPR, insofar as you have provided us with personal data on the basis of consent pursuant to Art. 6 para. 1 lit. a GDPR or on the basis of a contract pursuant to Art. 6 para. 1 lit. b GDPR and these have been processed by us using automated
procedures. You will receive your data in a structured, commonly used and machine-readable format or we will transmit the data directly to another controller if this is technically feasible.
Objection pursuant to Art. 21 GDPR to the processing of your personal data, insofar as this is carried out on the basis of Art. 6 para. 1 lit. e, f GDPR and there are reasons for this arising from your particular situation or the objection is directed against direct advertising. The right to object does not exist if overriding, compelling legitimate grounds for the processing can be demonstrated or the processing is carried out for the establishment, exercise or defence of legal claims. If the right to object does not exist for individual processing operations, this is indicated there.
Revocation pursuant to Art. 7 para. 3 GDPR of your consent with effect for the future.
Complaint to a supervisory authority pursuant to Art. 77 GDPR if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters. The supervisory authority responsible for us is

Bavarian State Office for Data Protection Supervision:

Promenade 18

91522 Ansbach

Phone: 0981/180093-0

E-mail: poststelle[at]lda.bayern.de

How is my data processed in detail?

Below we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. There is no automated decision-making in individual cases, including profiling.

Provision of the website

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

IP address of the requesting computer

Date and time of access

Name and URL of the retrieved file

Website from which the access is made (referrer URL)

Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

Our website is not hosted by us, but by a service provider (the contact details can be found in the imprint of this website), which processes the aforementioned data on our behalf in accordance with Art. 28 GDPR.

The processing is carried out to safeguard our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of Art. 6 para. f GDPR. The collection of data and storage in log files is absolutely necessary for the operation of the website. There is no right to object to the processing due to the exception under Art. 21 para. 1 GDPR. Insofar as further storage of the log files is required by law, the processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, but it is not technically possible to access our website without providing the data.

The aforementioned data is stored for the duration of the display of the website and, for technical reasons, for a maximum of 7 days.

Contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We will not pass on this data without your consent.

The data entered in the contact form is therefore processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. All you need to do is send us an informal email. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions – in particular retention periods – remain unaffected.

Enquiry by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your enquiry including all personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and / or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the enquiries addressed to us.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Registration on this website

You can register on our website in order to use additional functions on the site. We will only use the data you enter for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will refuse your registration.

In the event of important changes, for example to the scope of the offer or technically necessary changes, we will use the e-mail address provided during registration to inform you in this way.

The processing of the data entered during registration is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time. All you need to do is send us an informal e-mail. The legality of the data processing that has already taken place remains unaffected by the cancellation.

The data collected during registration will be stored by us for as long as you are registered on our website and will then be deleted. Statutory retention periods remain unaffected.

Processing of data (customer and contract data)

We collect, process and use personal data only insofar as it is necessary for the establishment, content or amendment of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures. We collect, process and use personal data about the use of our website (usage data) only insofar as this is necessary to enable the user to use the service or to bill the user. The customer data collected will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

The above statements also apply to the organisation of training courses for which you can register via the website.

Data transmission upon conclusion of a contract for online shops, retailers and dispatch of goods

We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the companies entrusted with the delivery of the goods or the credit institution commissioned with payment processing. Any further transmission of data will not take place or will only take place if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Data processing for order processing

In order to process your order, we work together with service providers who support us in whole or in part in the fulfilment of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information. The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the scope of payment processing, insofar as this is necessary for payment processing. The legal basis for the transfer of data is Art. 6 para. 1 lit. b GDPR.

Creditworthiness and transmission to credit agencies

We generally give you the option of purchasing goods using unsecured payment methods (e.g. invoice, financing). Accordingly, we have a legitimate interest in protecting ourselves as well as possible against the occurrence of payment defaults. This is done, among other things, by checking the customer’s creditworthiness before granting the option of using unsecure payment methods. As part of this check, we are authorised to use negative creditworthiness information that we have collected about the respective customer ourselves or received from a third party. The creditworthiness information is information about outstanding payment claims and information that directly indicates the risk of non-payment (e.g. insolvency, debt counselling, deferral due to inability to pay).

As part of the check as to whether an insecure payment method can be granted, we are also authorised to obtain creditworthiness information about you and information about the probability of a fraudulent order (FraudPreCheck) from an external credit agency. We work with the following credit agency: Creditreform.

For the purpose of retrieving creditworthiness information, the following data in particular is transmitted to the external credit agency: First name, surname, postal address, date of birth.

As part of the credit check, we can use an automated process to decide whether to grant you the desired insecure payment method (instalment/invoice payment). For example, if a negative credit report is submitted, the desired payment method can be automatically rejected.

Your data is processed as part of the credit check on the basis of Article 6(1)(b) GDPR and Article 6(1)(f) GDPR. In principle, we have a legitimate interest in carrying out a credit check when you select an insecure payment method (instalment/invoice purchase).

Analysis tools and advertising

Google Analytics

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of visits to our website, subpages visited and the time spent by visitors.

Google Analytics uses cookies and other browser technologies to evaluate user behaviour and recognise users.

This information is used, among other things, to compile reports on website activity.

The use of Google Analytics is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where no adequacy decision by the European Commission exists (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN.

In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google CDN: https://policies.google.com/privacy.

Google CDN

We use Google CDN to properly provide the content of our website. Google CDN is a service provided by Google Ireland Limited, which acts as a content delivery network (CDN) on our website.

A CDN helps to make the content of our online offering, in particular files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google CDN.

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in the secure and efficient provision and optimisation of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR.

companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

Google Fonts

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, you establish a connection to the servers of Google Ireland Limited, whereby your IP address is transmitted.

The use of Google Fonts is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).

Google Tag Manager

We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and enables us to control the precise integration of services on our website.

This allows us to flexibly integrate additional services in order to analyse user access to our website.

The use of Google Tag Manager is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

Google reCAPTCHA

We have integrated components of Google reCAPTCHA on our website. Google reCAPTCHA is a service of Google Ireland Limited and enables us to distinguish whether a contact request originates from a natural person or is automated by means of a programme. When you access this content, you establish a connection to the servers of Google Ireland

Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the time spent on the website and the user’s mouse movements in order to distinguish automated requests from human requests. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google reCAPTCHA.

The use of Google reCAPTCHA is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

Brevo

We have integrated components of the Brevo service on our website. Brevo is a service provided by Sendinblue GmbH and offers marketing automation for companies.

Brevo is used to store and transfer data entered in forms using cookies, to send marketing emails and automated messages and to create targeted campaigns.

Brevo also enables us to analyse whether the emails sent have been opened, how many users have received an email and whether users have unsubscribed from the newsletter after receiving an email.

In this case, your data will be forwarded to the operator of Brevo, Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin.

We process your data with the help of Brevo for the purpose of optimising our website and for marketing purposes on the basis of your consent pursuant to Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

The specific storage period of the processed data cannot be influenced by us, but is determined by Sendinblue GmbH. Further information can be found in the data protection information for Brevo: https://www.brevo.com/de/legal/privacypolicy/.

Gravatar

We use Gravatar to ensure the proper provision of content on our website. Gravatar is a service provided by Automattic Inc. which acts as a content delivery network (CDN) on our website.

A CDN helps to provide the content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to the servers of Automattic Inc, San Francisco, California, US, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Gravatar.

The specific storage period of the processed data cannot be influenced by us, but is determined by Automattic Inc. Further information can be found in the data protection information for Gravatar: https://automattic.com/privacy/.

Amazon Web Services

We use AWS CloudFront to properly provide the content of our website. AWS CloudFront is a service of Amazon Web Services, Inc. which acts as a content delivery network (CDN) on our website.

A CDN helps to provide the content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Amazon Web Services, Inc. servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of AWS CloudFront.

The specific storage period of the processed data cannot be influenced by us, but is determined by Amazon Web Services, Inc. Further information can be found in the privacy policy for AWS CloudFront: https://aws.amazon.com/de/privacy/.

Cloudflare CDN

We use Cloudflare CDN to properly deliver the content of our website. Cloudflare CDN is a service provided by Cloudflare, Inc. which acts as a content delivery network (CDN) on our website.

A CDN helps to provide the content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Cloudflare, Inc. servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is

processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Cloudflare CDN.

The specific storage period of the processed data cannot be influenced by us, but is determined by Cloudflare, Inc. Further information can be found in the privacy policy for Cloudflare CDN: https://www.cloudflare.com/privacypolicy/.

IP anonymisation

We have activated the IP anonymisation function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data

by Google by downloading and installing the browser plug-in available at the following link https://tools.google.com/dlpage/gaoptout?hl=en

Objection to data collection

You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set to prevent the future collection of your data when you visit this website: Deactivate Google Analytics.

You can find more information on how Google Analytics handles user data in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Order processing

We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Storage duration

Data stored by Google at user and event level that is linked to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymised or deleted after 14 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=en.

Newsletter

Newsletter data

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the e-mail address provided and that you agree to receive the newsletter. No further data is collected, or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The data entered in the newsletter registration form is processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the cancellation.

The data you provide us with for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and deleted after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. e-mail addresses for the member area) remain unaffected by this.

Plugins and tools

YouTube with extended data protection

We have integrated YouTube video on our website. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube Video is a component of the

video platform of YouTube, LLC, on which users can upload content, share it over the Internet and receive detailed statistics.

YouTube Video enables us to integrate content from the platform into our website.

YouTube Video uses cookies and other browser technologies to evaluate user behaviour, recognise users and create user profiles. This information is used, among other things, to analyse the activity of the content listened to and to create reports. If a user is registered with YouTube, LLC, YouTube Video can assign the videos played to the profile.

When you access this content, you establish a connection to the servers of YouTube, LLC, Google Ireland Limited, Gordon House, Barrow Street Dublin 4 Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted.

The use of the service is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the transfer of data to YouTube partners is not necessarily excluded by the extended data protection mode. For example, YouTube establishes a connection to the Google DoubleClick network regardless of whether you watch a video.

As soon as you start a YouTube video on our website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube can store various cookies on your end device after starting a video. With the help of these cookies, YouTube can obtain information about visitors to our website. This information is used, among other things, to record video statistics, improve user-friendliness and prevent fraud attempts. The cookies remain on your device until you delete them.

After the start of a YouTube video, further data processing operations may be triggered over which we have no influence.

The specific storage period of the processed data cannot be influenced by us, but is determined by YouTube, LLC. Further information can be found in the privacy policy for YouTube Video: https://policies.google.com/privacy.

Google Maps

On our website we use Google Maps (API) from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service for displaying interactive (land) maps in order to visualise geographical information. Using this service will show you our location and make it easier for you to find us.

Information about your use of our website (such as your IP address) is transmitted to Google servers in the USA and stored there as soon as you access the subpages in which the Google Maps map is integrated. This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and analyses them. Such an evaluation is carried out in particular in accordance with Art. 6 para. 1 lit.f GDPR on the basis of Google’s legitimate interests in the display of personalised advertising, market research and/or the needs-based design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.

Google LLC, based in the USA, is certified for the US-European data protection agreement “Privacy Shield”, which guarantees compliance with the level of data protection applicable in the EU. If you do not agree to the future transmission of your data to Google when using Google Maps, you also have the option of completely deactivating the Google Maps web service by switching off the JavaScript application in your browser. Google Maps and thus also the map display on this website can then not be used.

You can view Google’s terms of use at www.google.de/intl/en/policies/terms/regional.html, the additional terms of use for Google Maps can be found at www.google.com/intl/en_US/help/terms_maps.html. Detailed information on data protection in connection with the use of Google Maps can be found on the Google website (“Google Privacy Policy”): http://www.google.de/intl/en/policies/privacy/.

Facebook plugins

We have integrated Facebook plugin components on our website. Facebook Plugin is a service of Meta Platforms Ireland Limited and offers us the opportunity to aggregate content from the social media platform and display it on our website.

When you access this content, you establish a connection to servers of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Facebook Plugin.

If a user is registered with Meta Platforms Ireland Limited, Facebook Plugin can assign the content viewed to the profile.

The Facebook plugin is used on the basis of your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

The specific storage period of the processed data cannot be influenced by us, but is determined by Meta Platforms Ireland Limited. Further information can be found in the privacy policy for Facebook Plugin: https://www.facebook.com/policy.php.

Own services

Applications

Compliance with data protection regulations is a high priority for our company. In the event of an application, we would like to inform you below about the processing of your personal data by Schmitter Hydraulik GmbH and the rights to which you are entitled under data protection law. If you have problems understanding the data protection information in German, you can contact us using the contact details given in section 1.

All information applies both to applications for positions advertised by us and to unsolicited applications. Please read all the information carefully before sending us your application. By submitting an application to us, you confirm that you have understood the following information and that you agree with its content.

Who is responsible for processing my data and who is the data protection officer?

The controller responsible for data processing is

Schmitter Hydraulik GmbH

Am Stöckleinsbrunnen 1

97762 Hammelburg

Phone: +49 9732 – 8888 – 0

Fax: +49 9732 – 8888 – 1000

E-mail: kontakt[at]schmitter-hydraulik.de

Internet: www.schmitter-hydraulik.de

Managing directors: Andreas Meder and Matthias Richter

Our external data protection officer is

Jürgen Müller

Am Kirchert 6

72622 Nürtingen

Phone: 07022 / 9903001

Mobile: 0173 / 3115137

E-mail address: juergen.mueller[at]dsb-mueller.com

Our internal data protection coordinator is:

Juliane Koberstein

Am Stöckleinsbrunnen 1

97762 Hammelburg

Phone: +49 9732 – 8888 – 1514

E-mail: juliane.koberstein[at]schmitter-hydraulik.de

What personal data do we process and where does it come from?

As part of an application process, after receiving your application we process the data that you have provided to us and that is necessary for us to carry out the application process. These are in particular

Your master data (in particular surname, first name, name affixes and date of birth),
Your contact details (address, e-mail, telephone number),
The information you have provided as proof of your qualification and the
documents you send us for this purpose and their content (e.g. letter of application, CV, certificates, proof of employment, references, residence permit, work permit).

You are not obliged to provide us with the aforementioned data. However, please note that it is highly unlikely that we will be able to consider your application without your master data, contact details or proof of qualifications.

After receiving your application, we also process personal data that we have legitimately obtained from publicly accessible sources (e.g. from professional social networks) for the purpose of carrying out the application process.

Are special categories of personal data processed?

We do not process special categories of personal data within the meaning of Art. 9 GDPR as part of the application process.

For this reason, we expressly request that you do not provide us with any data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs or any trade union membership. Please also refrain from providing us with any genetic or biometric data relating to your person or data relating to your health, sex life or sexual orientation.

Should you nevertheless voluntarily provide us with special categories of personal data as part of your application (e.g. information about an existing severe disability or enclose a photo with your application that shows, for example, glasses and thus a visual impairment), we understand your communication as your consent that we may process the corresponding data after receipt of your application for the purpose of carrying out the application procedure within the legally permissible framework. We expressly point out that this consent is voluntary and has no effect on your chances in the application process. You can also revoke it at any time without giving reasons to us or to our data protection officer without affecting the legality of the processing carried out on the basis of the consent until the revocation.

Who receives or gains access to your personal data?

Access to your personal data is only granted to those persons within our company who require your data for the decision on the establishment of an employment relationship and the subsequent implementation of the decision made.

No other persons will have access to your data.

What is the legal basis for processing your data?

We process your personal data as part of the application process only to the extent permitted by applicable law, i.e. in particular in compliance with the provisions of the GDPR and the German Federal Data Protection Act (BDSG).

The primary – but not exclusive – legal basis for data processing by our company is Art. 88 GDPR in conjunction with Art. 26 para. 1 BDSG. § Section 26 (1) BDSG, which authorises companies to process personal data for the purpose of deciding on the establishment of an employment relationship.

If you have provided us with special categories of personal data within the meaning of Art. 9 GDPR unsolicited and of your own free will as part of your application, this data will be processed – if at all – on the basis of the consent you have given in the form of the data notification. With regard to any severe disability/equal status you may have communicated, data processing is also carried out to fulfil our legal obligations under labour law, social security law and social protection law. The relevant standards are Art. 6 para. 1 lit. a) GDPR,

Art. 9 para. 2 lit. a and lit. b GDPR and Art. 88 GDPR in conjunction with Art. 26 para. 2 and 3 GDPR. § Section 26 (2) and (3) BDSG.

Will your data be transferred to a third country, i.e. a country outside the EU or the EEA?

No.

Do only automated individual case decisions or profiling measures take place?

No. We do not use purely automated processing to make a decision – including profiling – on the establishment of an employment relationship. Our decisions on the establishment of an employment relationship are made by people.

How long will my personal data be stored?

If your application leads to us establishing an employment relationship with you, we will store your data for as long as we need it for the lawful and proper establishment, implementation and termination of the employment relationship. We will then delete your data, provided that there are no legal obligations to the contrary (e.g. obligations to provide evidence and retain data due to tax and labour protection laws). You will receive separate information on data protection for applicants.

However, if your application does not lead to the establishment of an employment relationship, but to a rejection, we will store your data for as long as is necessary for the defence against any claims resulting from the rejection of the application, i.e. for six months from the date of the rejection.

What rights can I assert with regard to the processing of my personal data?

Under the GDPR, you can assert a number of data subject rights against us. To assert these rights, you can contact us using the contact details provided in section 1. Your rights under the GDPR include in particular

Right to information: You can request information about your personal data stored by us (Art. 15 GDPR). This information concerns, among other things, the categories of data processed by us, the purposes for which we process them, the origin of the data if we have not collected them directly from you and, if applicable, the recipients to whom we have transmitted your data. You can obtain a free copy of your data that is the subject of the agreement from us. If you are interested in further copies, we reserve the right to charge you for the additional copies.

Right to rectification and erasure: You have the right to obtain from us the rectification of inaccurate personal data concerning you and the right to have incomplete personal data completed (Art. 16 GDPR). In addition, you can also request the erasure of your data under the conditions of Art. 17 GDPR. This may be the case, for example, if

the data are no longer required for the purposes for which we collected or otherwise processed them;
you withdraw your consent, which is the basis for the data processing, and we lack any other legal basis for the processing;

you object to the processing of your data and there are no overriding legitimate grounds for the processing, or you object to data processing for direct marketing purposes;
we have processed the data unlawfully;
unless the processing is necessary,
to ensure compliance with a legal obligation that requires us to process your data, in particular with regard to statutory retention periods;
to assert, exercise or defend legal claims.

Right to restriction of processing: You may also have the right to restrict the processing of your data, i.e. to mark the stored personal data with the aim of restricting its future processing. For this, one of the conditions specified in Art. 18 GDPR must be met, i.e.

you contest the accuracy of the data, for the period of time we need to verify the accuracy of the data;
the processing is unlawful and you oppose the erasure of your data and request the restriction of their use instead;
we no longer need your data, but you need it to assert, exercise or defend legal claims;
you have objected to processing pending the verification whether our legitimate interests override yours.

Right to data portability: Finally, you may also have the right to receive the data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You can transfer this data to another controller without hindrance. You can also request that we transfer your data directly to another controller, insofar as this is technically feasible (Art. 20 GDPR).

Right to object: You can object to the processing of your data at any time for reasons arising from your particular situation, provided that the data processing is based on our legitimate interests or those of a third party. In this case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims (Art. 21 GDPR). Irrespective of this right to object, you have the right to withdraw your consent to processing at any time.

Right to lodge a complaint with a data protection supervisory authority: You have the right to lodge a complaint with the data protection supervisory authority responsible for you about our processing of your personal data if you are of the opinion that this violates applicable data protection law.

The data protection supervisory authority responsible for us is

Bavarian State Office for Data Protection Supervision

Promenade 18

91522 Ansbach

Germany

Schmitter