TOP
Menu

Privacy Policy

Privacy policy

We are delighted that you are visiting our website www.hans-schmidt.com and are interested in our company. We attach a great deal of importance to protecting your personal data. Personal data is information about an identified or identifiable natural person’s personal or factual circumstances. This includes details such as the person’s real name, address, phone number and date of birth, as well as all other data which may refer to an identifiable person.
Because personal data is afforded special legal protection, we only collect it insofar as doing so is necessary to making our website available and providing our service. Below, we have provided an outline of what personal information we collect about you during your visit to our website and how we use it.
Our data protection practices comply with legal regulations, particularly those set down in the German Federal Data Protection Act (BDSG), the German Telemedia Act (TMG) and the EU’s General Data Protection Regulation (GDPR). We will only collect, process and store your personal data insofar as doing so is necessary to making this website and our contents and services functionally available, as well as for the purpose of processing enquiries and, if necessary, handling orders / contracts, but only if there is a legitimate interest for doing so under the terms of Art. 6, Para. 1, Clause 1, lit. f of the GDPR or other statutory permission. Your data will also be used for further purposes precisely defined in your consent, e.g. to send advertising information by newsletter, only if you have separately given your consent beforehand.

1. Controller under the terms of Art. 4, Para. 7 of the GDPR

The controller under the terms of the GDPR, other national data protection legislation of the member states and other provisions under data protection legislation is:

Hans Schmidt & Co GmbH
Schichtstrasse 16
84478 Waldkraiburg

Email: [email protected]
Tel.: +49 (0)8638 9410-0
Fax: +49 (0)8638 4825

2. Name and address of the data protection officer

Dominik Mikulovic
DATA Security GmbH, Bodenseestr. 12, 83059 Kolbermoor

Email: [email protected]

3. Providing the website and creating log files

Each time our website is accessed, our system automatically records data and information from the accessing computer’s computer system. The following data is collected in this regard:

Extent of data processing

(1) Information about the browser type and the version used
(2) The accessing device’s operating system
(3) The accessing device’s IP address
(4) The date and time of access
(5) Websites and resources (images, files, other page contents) which were accessed on our website.
(6) Websites from which the user’s system accessed our website (referrer tracking)

This data is stored in our system’s log files. This data is not stored together with personal data belonging to a specific user, so individual site visitors are not identified.

  • Legal basis for personal data processing

    Art. 6, Para. 1, lit. f of the GDPR (legitimate interest). Our legitimate interest is to guarantee achievement of the purpose outlined below.

  • Purpose of data processing

    Logging is carried out to maintain our website’s compatibility for all visitors where possible and to combat misuse and eliminate faults. To this end, it is necessary to log the accessing computer’s technical data, so that we can respond to display errors, attacks on our IT systems and/or functionality errors on our website as early as possible. Additionally, we also use the data to optimise the website and to ensure the general security of our IT systems.

  • Duration of storage

    The above technical data is deleted as soon as it is no longer needed to guarantee the website’s compatibility for all visitors, but at the latest within three months of our website being accessed.

  • Opportunity to object and remove

    The opportunities to object and remove are based on the general regulations on the right of objection and claim for deletion under data protection legislation which are outlined below in this privacy policy.

4. Special features of the website

Our site offers you a variety of features which, when used by us, serve to collect, process and save personal data. We have provided an explanation of what happens to this data below:

  • Contact form(s):
    • Extent of personal data processing

      The data you entered in our contact forms.

    • Legal basis for personal data processing

      Art. 6, Para. 1, lit. a of the GDPR (implicit consent)

    • Purpose of data processing

      We will use the data captured by means of our contact form(s) only to process the specific contact request received through the contact form(s).

    • Duration of storage

      The data captured is deleted immediately after your request has been processed, provided that there are no statutory retention periods.

    • Opportunity to object and remove

      The opportunities to object and remove are based on the general regulations on the right of objection and claim for deletion under data protection legislation which are outlined below in this privacy policy.

5. Automatic credit check / scoring

If we deliver any goods or services prior to receiving payment, if necessary we reserve the right to obtain an automatic credit report based on mathematical / statistical methods from the following company (companies) so as to protect our legitimate interests. We receive information from the following service provider regarding the statistical probability of default. The credit report may include probability values (score values), which are calculated based on scientifically recognised mathematical / statistical methods. Conclusions are thereby drawn as to the customer’s future risk of payment default using a wide range of features, such as income, address data, occupation, marital status and previous payment history. The result is expressed in the form of a payment value (“score”). The information obtained in this way forms the basis of our decision on whether to establish, execute or terminate a contractual relationship. However, selection of one of the payment methods offered does not depend on such information. The opportunities to object and remove are based on the general regulations on the right of objection and claim for deletion under data protection legislation which are outlined below in this privacy policy. Specific details:

  • Euler Hermes Deutschland Niederlassung der Euler Hermes SA:

    Euler Hermes Deutschland Niederlassung der Euler Hermes SA, Friedensallee 254, 22763 Hamburg (www.eulerhermes.de): When it concludes contracts and in certain cases in which a legitimate interest exists, our company regularly checks your creditworthiness even if you are an existing customer. To this end, we work together with Euler Hermes Deutschland Niederlassung der Euler Hermes SA, Friedensallee 254, 22763 Hamburg, from which we receive the data required for this. We transfer your name and contact details to Euler Hermes Deutschland Niederlassung der Euler Hermes SA for this purpose.

6. Statistical evaluation of visits to this website – web trackers

When this website or individual files on the website is / are retrieved, we collect, process and save the following data: IP address, web page from which the file was retrieved, name of the file, the retrieval date and time, the data volume transmitted and the retrieval success notification (so-called web log). We only use this access data in a non-personalised form with a view to continuously improving our website and for statistical purposes.
We also use the following web trackers to evaluate visits to our website:

  • Google Analytics
    • Extent of personal data processing

      We use the web tracking service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google Analytics”) on our site. In the context of web tracking, Google Analytics uses cookies, which are stored on your computer and enable analysis of the use of our website and your surfing behaviour (so-called tracking). We carry out this analysis based on the Google Analytics tracking service in order to continuously optimise our website and improve its availability. In the context of using our website, data, including your IP address and user activities in particular, is sent to Google Ireland Limited servers and is processed and stored outside of the European Union, e.g. in the US.
      The European Commission has noted that an appropriate data protection level can exist in the US if the data processing company is subject to the EU/US Privacy Shield Agreement and if the data export to the US was designed to be permissible in this way. Google will anonymise your IP address before transmission if you activate IP anonymisation within this website’s Google Analytics tracking code. This website uses a Google Analytics tracking code expanded to include the gat._anonymizeIp(); operator so as to enable only anonymised collection of IP addresses (so-called IP masking).

    • Legal basis for personal data processing

      Art. 6, Para. 1, lit. a of the GDPR (consent), either in the context of registration with Google (opening a Google account and accepting the privacy notice implemented there) or, if you have not registered with Google, through explicit consent when you call up our site.

    • Purpose of data processing

      On our behalf, Google will use this information for the purpose of evaluating your visit to this website, compiling reports on website activities and providing us with other services relating to website and Internet use. The IP address transmitted by your browser in the context of Google Analytics is not associated with the other data held by Google Ireland Limited.

    • Duration of storage

      Google will store the data which is relevant to the provision of web tracking for as long as is necessary to render the booked web service. Data is collected and stored in an anonymised format. If references to persons do exist, the data will be deleted immediately provided that it is not subject to any statutory retention periods. In any case, deletion will take place once the retention requirement has expired.

    • Opportunity to object and remove

      You can prevent personal data (particularly your IP address) from being collected and passed on to Google and Google’s processing of this data by deactivating the execution of script codes in your browser, by installing a script blocker in your browser (which you will find at www.noscript.net or www.ghostery.com, for example), or by enabling your browser’s “Do Not Track” setting. Furthermore, you can prevent Google’s collection and processing of the data generated by the Google cookie and related to your use of the website (including your IP address) by downloading and installing the browser plugin available at the following link (http://tools.google.com/dlpage/gaoptout?hl=en). You will find Google Analytics’ security and privacy policy at https://policies.google.com/privacy

[borlabs_cookie_opt_out tracking=”google-analytics”]

7. Integration of external web services and data processing outside the EU

We use active JavaScript contents from external providers (“web services”) on our website. When you access our website, these external providers may receive personal information about your visit to our website. Data may be processed outside the EU in this regard. You can prevent this from happening by installing a JavaScript blocker, such as the ‘NoScript’ browser plugin (www.noscript.net), or by disabling JavaScript in your browser. This can lead to functional restrictions on websites you visit.
We use the following external web services:

  • CloudFlare

    A web service provided by CloudFlare Inc., 101 Townsend St, 94107 San Francisco (hereinafter referred to as “CloudFlare”) is downloaded on our website. We use this data to guarantee the full functionality of our website. Your browser may transfer personal data to CloudFlare in this regard. The legal basis for data processing is Art. 6, Para. 1, lit. f of the GDPR. The legitimate interest is to ensure error-free operation of the website. CloudFlare has certified itself in the context of the EU/US Privacy Shield Agreement (cf. https://www.privacyshield.gov/list). The data is deleted as soon as the purpose of its collection has been fulfilled. You will find further information about how the transferred data is handled in the CloudFlare privacy policy: https://www.cloudflare.com/security-policy/?utm_referrer=https://www.google.de/. You can prevent CloudFlare from collecting and processing your data by deactivating the execution of script codes in your browser or by installing a script blocker in your browser (which you will find at www.noscript.net or www.ghostery.com, for example).

  • Google APIs

    A web service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google APIs”) is downloaded on our website. We use this data to guarantee the full functionality of our website. Your browser may transfer personal data to Google APIs in this regard. The legal basis for data processing is Art. 6, Para. 1, lit. f of the GDPR. The legitimate interest is to ensure error-free operation of the website. Google APIs has certified itself in the context of the EU/US Privacy Shield Agreement (cf. https://www.privacyshield.gov/list). The data is deleted as soon as the purpose of its collection has been fulfilled. You will find further information about how the transferred data is handled in the Google APIs privacy policy: https://policies.google.com/privacy. You can prevent Google APIs from collecting and processing your data by deactivating the execution of script codes in your browser or by installing a script blocker in your browser (which you will find at www.noscript.net or www.ghostery.com, for example).

  • Google reCAPTCHA

    A web service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as “Google-reCAPTCHA”) is downloaded on our website. In order to ensure sufficient data security when submitting our contact forms, we use the Google-reCAPTCHA service of Google Inc. in certain cases. This is primarily to distinguish whether the input is made by a natural person or abusive by mechanical and automated processing. The service includes the sending of the IP address and any other data required by Google for the service Google-reCAPTCHA to Google. This is subject to the deviating privacy policies of Google Inc. For more information about the Google Inc. Privacy Policy, please visit https://policies.google.com/privacy

  • website-check.de

    A web service provided by Website-Check GmbH, Beethovenstraße 24, 66111 Saarbrücken, Germany (hereinafter referred to as “website-check.de”) is downloaded on our site. We use this data to guarantee the full functionality of our website. Your browser may transfer personal data to website-check.de in this regard. The legal basis for data processing is Art. 6, Para. 1, lit. f of the GDPR (legitimate interest). The legitimate interest is to ensure error-free operation of the website. The data is deleted as soon as the purpose of its collection has been fulfilled. You will find further information about how the transferred data is handled in the website-check.de privacy policy: https://www.website-check.de/datenschutzerklaerung/. You can prevent website-check.de from collecting and processing your data by deactivating the execution of script codes in your browser or by installing a script blocker in your browser (which you will find at www.noscript.net or www.ghostery.com, for example).

8. Information about the use of cookies

  • Extent of personal data processing

    We use cookies on various pages to enable the use of certain functions on our website. The ‘cookies’ are small text files which your browser can save on your computer. These text files contain a characteristic character string which enables unique identification of the browser the next time our website is called up. The process of saving a cookie file is also known as ‘setting a cookie’.

  • Legal basis for personal data processing

    Art. 6, Para. 1, lit. f of the GDPR. (legitimate interest). Our legitimate interest is to maintain the full functionality of our website, to increase usability and to enable more individual customer contact. We can only identify individual site visitors using the cookie technology if said site visitors sent us corresponding personal data based on separate consent beforehand.

  • Purpose of data processing

    The cookies are used by our website to maintain the full functionality of our website and to improve usability. The cookie technology also enables us to recognise individual visitors using pseudonyms, e.g. an individual, arbitrary ID, so we can offer more individual services.

  • Duration of storage

    Our cookies are stored until they are deleted from your browser or, if the cookie is a session cookie, until the session is ended.

  • Opportunity to object and remove

    According to your requirements, you can make settings in your browser so that you generally prevent cookies from being set, are only informed of them, can decide on whether to accept cookies on a case-by-case basis or categorically accept the setting of cookies. Cookies can be used for different purposes, e.g. to identify that your PC has previously connected to our website (permanent cookies) or to save your most recently viewed websites (session cookies). We use cookies to offer you increased user comfort. We advise that you accept cookies for our website to use our convenience functions. The opportunities to object and remove are additionally based on the general regulations on the right of objection and claim for deletion under data protection legislation which are outlined below in this privacy policy.

[borlabs_cookie]

9. Data security and data protection, communication by email

When it is collected, saved and processed, your personal data is protected by means of technical and organisational measures to ensure that it is inaccessible to third parties. Since we cannot guarantee complete data security on the transmission path to our IT systems during unencrypted communication by email, we advise sending highly confidential information using encrypted communication or by post.

10. Automatic email archiving

  • Extent of personal data processing

    We would like to expressly point out that our email system has an automated archiving process. It digitally archives all incoming and outgoing emails in an audit-proof manner.

  • Legal basis for personal data processing

    Art. 6, Para. 1, lit. f of the GDPR (legitimate interest). Our legitimate interest is to comply with specifications set down in fiscal law and commercial law (e.g. Sections 146 and 147 of the German Tax Code).

  • Purpose of data processing

    The purpose of archiving is to comply with specifications set down in fiscal law and commercial law (e.g. Sections 146 and 147 of the German Tax Code).

  • Duration of storage

    Our email communication is saved until the storage obligations under fiscal and commercial law have expired. The storage period may be up to ten years.

  • Opportunity to object and remove

    If you have any questions about our email archiving system, please contact our data protection officer. We would also like to point out that we only consider application documents in PDF format. Zipped (WinZip, WinRAR, 7Zip, etc.) files are filtered out by our security systems and are not delivered. We do not consider applications made in the Word file format or other file formats and will delete the same without reading them. Please note that it may be possible for third parties to open application documents sent in unencrypted format by email before they reach our IT systems. We assume that we may also answer unencrypted application emails in unencrypted format. If you would not like us to do so, please inform us to this effect in your application email.

11. Revocation of consent – data information and change requests – deleting and blocking data

According to the German Federal Data Protection Act, you have a right to obtain free information concerning the data saved about you and, if necessary, a right to correct, block or delete such data. Your data is then deleted unless statutory regulations to the contrary exist. You can revoke the permission you granted us to use your personal data at any time. You are more than welcome to send any information, deletion and correction requests concerning your data, as well as any suggestions, to the following address at any time:

Hans Schmidt & Co GmbH
Schichtstrasse 16
84478 Waldkraiburg

Email: [email protected]
Tel.: +49 (0)8638 9410-0
Fax: +49 (0)8638 4825

12. Right to data portability

You have the right to have us provide you with your personal data which you transferred to us in a structured, common and machine-readable format. You can also request that we immediately transfer this data to a third party upon your first request, insofar as processing is based on consent according to Art. 6, Para. 1, lit. a of the GDPR or Art. 9, Para. 2, lit. a of the GDPR or on a contract according to Art. 6, Para. 1, lit. b of the GDPR, and processing is carried out by us in the context of automated data processing.
With regard to exercising this right to data portability, you further have the right to have the personal data concerning you transferred directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected by the exercising of this right.
The right to data portability does not apply to the processing of personal data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

13. Right to lodge a complaint with the supervisory authority according to Art. 77, Para. 1 of the GDPR

If you suspect that your data is being processed unlawfully on our site, you can naturally obtain judicial clarification of the issue at any time. Regardless of this, you have the option of contacting a supervisory authority. You have a right to lodge a complaint in the EU member state of your place of residence, your workplace and/or the place of the suspected violation, i.e. you can choose the supervisory authority you wish to contact from the aforementioned locations. The supervisory authority with whom the complaint was lodged then informs you of the status and results of your petition, including the possibility to appeal according to Art. 78 of the GDPR.

Created by:
© IT law firm DURY – www.dury.de
© Website-Check GmbH – www.website-check.de