PRIVACY POLICY
As the party responsible for data processing in accordance with the objectives laid down in Regulation (EC) 2016/679 (General Data Protection Regulation – GDPR), in this privacy policy we explain the type, scope and purpose of processing your personal data in connection with our website.
I. Definition of terms
"Personal data" refers to all information relating to an identified or identifiable natural person; a natural person is considered identifiable if that person can be identified directly or indirectly, especially by means of allocation to an identification such as a name, an identity number, location data, to an online ID or to one or more special characteristics that are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person;
"Processing" refers to each operation executed with or without the help of automated procedures or any such series of operations in connection with personal data such as the collection, recording, organisation, arrangement, storage, modification or change, export, query, use, disclosure by means of transmission, dissemination or another form of provision, comparison or linking, restriction, deletion or destruction;
"Party responsible" refers to the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; if the purposes and means of this processing are specified by European Union law or the law of the Member States, the party responsible or rather the specific conditions of its appointment in accordance with European Union law or the law of the Member States can be provided for;
"Recipient" refers to a natural or legal person, public authority, agency or other body to whom personal data is disclosed, regardless of whether or not this is a third party. Authorities who may receive personal data as part of a specific request for investigation according to European Union law or the law of the Member States do not count as a recipient, however; this data is processed by the named authorities in accordance with the applicable data protection regulations in accordance with the purposes of the processing;
II. General information
1. Party responsible for data processing
SchwörerHaus KG
Hans-Schwörer-Strasse 8
72531 Hohenstein/Oberstetten
Germany
Tel.: (+49) (0)73 87 16-0
Telefax: +49 (0)73 87 16 -500 -100
e-mail: info@schwoerer.de
2. Contact details for the operational Data Protection Officer
SchwörerHaus KG
Hans-Schwörer-Strasse 8
72531 Hohenstein/Oberstetten
Germany
Tel.: (+49) (0)73 87 16-0
Telefax: +49 (0)73 87 16 -500 -100
e-mail: datenschutz@schwoerer.de
3. Legal basis
We process personal data on the basis of at least one of the following legal bases:
- Consent of the person concerned regarding the processing of the personal data relating to them for one or more specific purposes (first sentence of Art. 6 Para. 1 a GDPR);
- Fulfilment of an agreement with the person concerned or to perform pre-contractual measures that take place at the person concerned’s request (first sentence of Art. 6 Para. 1 b GDPR);
- Fulfilment of a legal obligation to which we are subject (first sentence of Art. 6 Para. 1 c GDPR);
- Protection of the vital interests of the person concerned or to protect another natural person (first sentence of Art. 6 Para. 1 d GDPR);
- Safeguarding our legitimate interests as well as those of third parties (first sentence of Art. 6 Para. 1 f GDPR)
In this privacy policy we refer to the respective legal basis of individual processing operations.
4. Forwarding of data to recipients
We forward personal data to recipients (data processors and other third parties) only to the extent that is required and under one of the following conditions:
- The person concerned has granted his or her consent to the data being forwarded;
- The forwarding of the data serves the fulfilment of contractual obligations or pre-contractual measures at the person concerned’s instigation;
- We are legally obliged to forward the data;
- The data is forwarded due to our legitimate interests or those of a third party.
5. Third countries
The transmission of personal data to a country or an international organisation outside of the European Union (EU) or the European Economic Area (EEA) shall take place subject to statutory or contractual permissions only in accordance with the conditions according to Art. 44 ff. GDPR. This means that for the relevant country, an adequacy decision from the EU Commission exists in accordance with Art. 45 GDPR, and appropriate warranties exist for data protection in accordance with Art. 46 GDPR or binding internal data protection regulations exist according to Art. 47 GDPR.
6. Rights of the persons concerned
As the person concerned you have the following rights:
- In accordance with Art. 15 GDPR, you can request information about your personal data that is processed by us; furthermore, you can request information regarding the processing purposes, the categories of the personal data that is processed, the recipients or categories of recipients to whom your data was or is disclosed, the planned storage period or the criteria for determining the storage period, the origin of your data if it was not collected from you, the existence of automated decision-making including profiling and where applicable meaningful information about its details such as logic, consequences and effects, the existence of a right to correction or deletion of the data relating to you, the right to restrict the processing or to object to this processing, the existence of a right to complain to supervisory authorities; ultimately you have a right to information regarding whether personal data was transmitted to a third country or to an international organisation and – if this is the case – via the appropriate safeguards in connection with the transmission of the data;
- In accordance with Art. 16 GDPR, you can request the immediate correction of your incorrect or incomplete personal data that is stored by us;
- In accordance with Art. 17 GDPR, you can request the deletion of your personal data that is stored by us, provided that the processing is not required to exercise the right of free expression and information, to comply with a legal obligation, for reasons of public interest, or to establish, exercise or defend legal claims;
- In accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data if you dispute the accuracy of the data, if the processing is unlawful but you reject its deletion and we no longer require the data, you require the data that we no longer need to establish, exercise or defend legal claims, or if you have submitted your objection to the processing of the data in accordance with Art. 21 GDPR but it is uncertain whether our legitimate reasons for the data processing outweigh your interest;
- In accordance with Art. 20 GDPR, you can request to obtain your personal data that you have provided to us in a structured, common and machine-readable format, or to request its transmission to a different party responsible;
- In accordance with Art. 21 GDPR, you can object to the processing of your personal data if reasons exist for doing so that arise from your particular situation, or if you are objecting to direct advertising and legitimate interests are the legal basis for the processing of the personal data in accordance with thefirst sentence of Art. 6 Para. 1 f GDPR;
- In accordance with Art. 7 Para. 3 GDPR, you can withdraw the consent that you have granted to us at any time. The consequence of this is that we may not continue processing the data that was based on this consent in future;
- In accordance with Art. 77 GDPR, you can lodge a complaint with a supervisory authority, especially in the Member State of your place of usual residence, your workplace or the location of the alleged infringement.
If you want to assert the above-mentioned rights for the persons concerned, you can contact us or our Data Protection Officer at any time by using the contact details provided above.
7. Deletion and restriction of personal data
Unless regulated otherwise for individual cases in this privacy policy, personal data is deleted when this data is no longer necessary for the purposes for which it was collected or processed in another way, and the deletion does not conflict with any statutory retention periods. We also delete personal data that is processed by us in accordance with Art. 17 GDPR on request, provided the preconditions for this are met. If personal data is required for other and legally permissible purposes, it is not deleted but its processing is restricted in accordance with Art. 18 GDPR. If the data is restricted, it will not be processed for other purposes. This applies to personal data that has to be retained by us for commercial or tax law reasons, for example. Documents are stored in accordance with Section 257 Para. 1 No. 2 and 3 German Commercial Code and Section 147 Para. 1 No. 2, 3, 5 German Revenue Code (AO) for 6 years, and in accordance with Section 257 Para. 1 No. 1 and 4 German Commercial Code and Section 147 Para. 1 No. 1, 4, 4a German Revenue Code (AO) for 10 years.
8. Cookies
We use cookies as part of our website. Cookies are small text files that your browser creates automatically and which are stored on your device (laptop, tablet, smartphone, PC or similar) when you visit our website. Cookies do not cause any damage to your device and they do not contain any viruses or other malware. The cookie stores information which is created in connection with the specific device used. However, this does not mean that it provides us with immediate knowledge about your identity. Cookies are mainly used to make the website more user friendly, effective and secure.
We use session cookies so that during your visit to our site, we can recognise that you have already visited individual pages on our website. Such cookies also provide certain functionalities. Session cookies are deleted when you leave our website.
We also use additional temporary cookies to optimise the user-friendliness and statistical analysis of the use of our website, and these are stored on your device for a specific period of time. If you visit our page again to make use of our services, our website automatically recognises that you have already been there before and which entries and settings you made, so you do not have to enter them again. These cookies are deleted after a maximum of 2 years or else they become invalid.
The data that is processed by cookies is required for the named purposes for safeguarding our resulting legitimate interests as well as those of third parties in accordance with the first sentence of Art. 6 Para. 1 f GDPR.
Most browsers accept cookies automatically. However, if you do not want this, you can configure your browser in such a way that no cookies are stored on your device, or that you are always informed before a new cookie is set. A general objection against the use of cookies that are set for purposes of online marketing can be declared for a number of services, including at http://www.youronlinechoices.com/ or the deactivation page of the network advertising initiative http://optout.networkadvertising.org. The consequence of deactivating cookies, however, is that you cannot use all of our website’s functions.
III. Individual processing operations
1. Hosting
For the provision of our website, we use services from hosting companies such as the provision of web servers, storage capacity, database services, security services and maintenance services. In doing so, we or our hosting providers process the personal data of users of our website on the basis of our legitimate interests in an efficient and secure provision of this website in accordance with Art. 6 Para. 1 f GDPR.
2. Access data and log files
When our website or individual pages of it are called up, the browser on your end device automatically sends information to the server of our website. We or our hosting providers store this information in what are called log files and they are deleted after 6 months at the latest.
The following information is stored:
- IP address of the requesting computer
- The date and time when the website was accessed
- The name and URL of the file that was called
- Website from which the access was made (referrer URL)
- The browser you used and where applicable your computer’s operating system
- Status code and the transmitted data volume
- Name of your access provider
This data is processed for the following purposes:
- Provision of the website including all functions and content
- Ensure a smooth connection to the website
- Ensure that our website is user friendly
- Ensure system security and stability
- Anonymised statistical evaluation of accesses
- Optimising the website
- Forwarding to law enforcement authorities if an unlawful intervention/attack on our systems has taken place
- Additional administrative purposes.
The legal basis for the data processing is the first sentence of Art. 6 Para. 1 f GDPR. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the data that we collect for the purpose of allowing any conclusions to be drawn about a person.
3. Contact form/other forms of contact
If you use the contact form, you are asked to enter your name and e-mail address and, where applicable, additional contact details so that we can contact you personally. Other information can be provided voluntarily. Data is processed for the purposes of making contact with us and answering your issue in accordance with the first sentence of Art. 6 Para. 1 a GDPR on the basis of the consent that you granted on a voluntary basis. All personal data that is collected in connection with the contact form is deleted after your query has been resolved, provided that it does not have to be retained to document other operations (such as subsequence contract conclusion or registration as an interested party).
If you contact us by using the contact details that are published on our website (for example by e-mail) and send us personal data when doing so, we will use this data exclusively to process your issue and subsequently delete it.
4. E-mail direct advertising to customers
If you are a customer with us and if we have received your e-mail address in connection with the sale of goods or services, we can use your e-mail address for direct advertising for similar goods or services from us. This applies only if you have not objected to this and if we clearly point out your option of opting-out when we collect your e-mail address and each time we use it. The legal basis for the processing is our legitimate interest in direct marketing in accordance with Art. 6 Para. 1 f GDPR.
5. Newsletter / Evalanche
If you would like to receive our newsletter, we require your e-mail address. Data is processed for the purposes of sending the newsletter according to the first sentence of Art. 6 Para. 1 (a) GDPR based on the consent that you granted voluntarily by means of what is called the double opt-in process. The e-mail address is used and stored for this purpose until you withdraw your consent or unsubscribe from receiving the newsletter. You can unsubscribe at any time, for example by using a link at the end of each newsletter. Alternatively, you can also send your withdrawal/unsubscription request at any time to the e-mail address named under section II.
We send our newsletters with what are called tracking pixels. A tracking pixel is a miniature graphic embedded in the HTML format of the newsletter that is sent so that reader behaviour can be analysed. Initially, technical information is transferred regarding the browser and/or mail programs that you are using, your end device and your IP address. We use this data for the purpose of technically improving our information service. The legal basis for the data processing is the first sentence of Art. 6 Para. 1 (f) GDPR. Our legitimate interest follows from the data collection purposes that are listed above.
Furthermore, we use the tracking pixels to record whether the newsletter was successfully delivered, whether and at what time you opened it, for how long this was the case and which of the links contained in the newsletter you called up. We use this data to create statistical reports about the success or failure of a marketing campaign and so that we can optimise sending out newsletters and tailor the contents of future newsletters better to your interests. The data that is collected will not be forwarded to third parties and will be deleted after the statistical analysis and its allocation to specific target groups. The above provision is possible only if you have given your consent to this type of data processing for the purposes of creating a user profile. The legal basis for the processing of the data that you have voluntarily submitted to us is the first sentence of Art. 6 Para. 1 (a) GDPR.
Our newsletter is sent via Evalanche. Evalanche is provided by SC-Networks GmbH, Enzianstr. 2, 82319 Starnberg, Germany (hereinafter referred to as “Evalanche”). Evalanche is used for sending the newsletter and evaluating its coverage and for analysing user behaviour as described above. Your e-mail address, as well as any other data that is required by Evalanche for providing the newsletter on our behalf, will be processed to this end.
6. Comments and contributions
If you leave comments or other contributions on our website, your e-mail and IP address are stored on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 f GDPR. Other information can be provided voluntarily. Your e-mail address is stored with the purpose of enabling us to contact you regarding your comment or contribution, of forwarding possible complaints relating to your contribution to you, and where applicable, of asking you to comment on this. It is not possible to use the comment function without specifying an e-mail address. The specified e-mail address is stored, although it is not published with the comment.
Our legitimate interest in querying and storing the e-mail address consists in security aspects, for example in case someone leaves unlawful contents in comments and contributions (such as insults). In this case, we could be prosecuted for the comment or contribution ourselves and we therefore have a legitimate interest in storing the IP address. We will forward this personal data that we have collected to law enforcement agencies only in the case of criminal investigations. It will not be passed on to third parties otherwise.
7. Gravatar
Our website uses the Gravatar service. It is provided by Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA (hereinafter referred to as "Gravatar"). You can sign in to Gravatar and store profile images and an e-mail address. If you use the relevant e-mail address to leave contributions or comments on other websites, your profile image is shown in connection with this contribution. For this purpose, your e-mail address is transmitted to Gravatar in an encrypted format, which also informs the provider about your IP address. Gravatar is used on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 f GDPR, since with the help of Gravatar we give the author of the contribution the option of personalising the contribution with a profile image, thereby making our own offer even more attractive. You can prevent your profile image that is stored with Gravatar from being displayed by using an e-mail address that is not known to Gravatar, not using our comment system, or by unsubscribing from Gravatar.
Automattic Inc. has joined the EU/US Privacy Shield agreement, is committed to complying with European data protection standards and thereby meets EU requirements for legitimising the data transfer of personal data to the USA. For information about Facebook’s self-regulation, see
https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active.
For additional information about how Gravatar handles your personal data, see the relevant privacy policy: https://automattic.com/privacy/.
8. Contractual data
In connection with and for the purpose of fulfilling pre-contractual measures and contractual obligations relating to our website, which take place at the relevant person’s request, we process the data relating to the person concerned that is necessary for the fulfilment of the contract. This includes:
- Data belonging to the contractual partner such as name, address and contact details, where applicable different delivery or invoice addresses or recipients and, where required, their date of birth;
- Contractual data such as the subject matter of the contract, term, customer category;
- Payment data such as bank details, credit card data, payment history;
The legal basis for the data processing is the first sentence of Art. 6 Para. 1 b GDPR.
The data is forwarded to third parties only to the extent that this is necessary for fulfilling pre-contractual measures and contractual obligations such as to banks, payment service providers, credit card companies for processing the payment and to shipping service providers for sending goods.
We use sales/CRM software that is provided and hosted by a different company for managing and processing the above-mentioned data belonging to customers and interested parties, as well as for forwarding this data to our external sales partners. This hosting company and its sales partners (construction advisors) process your data on our behalf and are bound by contractual agreement accordingly.
9. Application forms
If you use our application form, you are asked to specify your name, your contact details and to submit application documents so that we can verify your application and contact you personally. Data is processed for the purposes of processing your application according to the first sentence of Art. 6 Para. 1 a GDPR on the basis of the consent that you granted on a voluntary basis. All personal data that is collected in connection with the application form is deleted when the application process is completed, unless it needs to be retained to document other operations (such as subsequent employment).
IV. Services from Google
Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google") is the provider of the following services from Google.
The legal basis for the use of the following services from Google is our legitimate interests in accordance with Art. 6 Para. 1 f GDPR.
Google has joined the EU/US Privacy Shield agreement, is committed to complying with European data protection standards and thereby meets EU requirements for legitimising the data transfer of personal data to the USA. For information about Google’s self-regulation, see
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
For additional information about how Google handles your personal data, see Google’s privacy policy: https://www.google.com/intl/de/policies/privacy/. For information about data usage for advertising purposes by Google, settings and how to object, see these websites: https://www.google.de/policies/privacy/partners/
https://www.google.de/policies/technologies/ads/
http://www.google.de/settings/ads
http://www.google.com/ads/preferences/
1. Google Analytics
This website uses Google Analytics from Google. Google Analytics uses cookies. Google collects data relating to the visits of users to our website and their usage behaviour. This data serves the purpose of ensuring that our website is designed to meet the needs of users and optimising it on an ongoing basis, measuring the success of marketing measures and creating statistical reports. In this connection, pseudonymised usage profiles are created and cookies are used. The information that is created by the cookie relating to your use of this website such as the browser type/version, operating system used, referrer URL (the previously visited page), host name of the accessing computer (IP address) and the time of the server query are transmitted to a server belonging to Google in the USA where it is stored. User and event data is deleted after 26 months. This information may also be transmitted to third parties where required to do so by law, or where such third parties process this data on behalf of Google or ourselves. Under no circumstances will Google merge your IP address with other Google data. IP addresses are anonymised so that they cannot be allocated. You can prevent cookies from being stored by selecting the relevant settings in your browser software. Please note, however, that you may not be able to use all functions of this website in full in this case. Furthermore, you can prevent the transmission of the data that is created by the cookie relating to your use of the website to Google, and the processing of this data by Google, by downloading and installing the browser plug-in that is available under the following link:
https://tools.google.com/dlpage/gaoptout?hl=de.
You can prevent data from being recorded by Google Analytics by clicking on the link
to obtain an opt-out cookie. The effect of this cookie is that in future, no visitor data from your browser is collected and stored by Google Analytics when you visit this website. Note: The consequence of deleting your cookies is that the opt-out cookie is also deleted and you have to enable it again where necessary.
2. Google Analytics demographics
This website uses the "demographics" function in Google Analytics. This can create reports containing statements on the age, gender and interests of our website visitors. This data originates from interest-based advertising from Google and from visitor data from third-party providers. This data cannot be assigned to a specific person. The legal basis for the use of the following services from Google is our legitimate interests in optimising our website and marketing it optimally in accordance with Art. 6 Para. 1 f GDPR.
You can disable this function at any time by using the display settings in your Google account or prevent your data from being recorded by Google Analytics as shown in section "Objecting to data entry".
3. Google Analytics Remarketing
This website uses Google Analytics Remarketing from Google. Google Analytics Remarketing is used to present advertisements to visitors that relate to the contents of previously visited websites. Google uses cookies to recognise visitors who access websites from the Google advertising network. This service records your IP address, which of our Internet pages you have visited and additional information that may be required by Google for the provision of Analytics Remarketing. The IP address transmitted by your browser will not be merged with any other data from Google. The information that is created relating to your use of this website is stored on a server in the USA. This information may also be transmitted to third parties where required to do so by law, or where such third parties process this data on behalf of Google or ourselves. You can prevent cookies from being stored by selecting the relevant settings in your browser software; Please note, however, that you may not be able to use all functions of this website in full in this case. If you do not wish to use the Remarketing function from Google, you can disable it by making the corresponding settings in http://www.google.com/settings/ads.
4. Google AdWords conversion tracking
This website uses Google AdWords from Google and conversion tracking within Google AdWords. Google conversion tracking is used to track and assess actions you perform on our website such as clicking on advertisements, purchases, registrations, telephone calls, app downloads and other actions. Cookies are used for analysis and assessment purposes. This service records your IP address, which of our Internet pages you have visited and additional information that may be required by Google for the provision of conversion tracking. The IP address transmitted by your browser will not be merged with any other data from Google. The information that is created relating to your use of this website is stored on a server in the USA. This information may also be transmitted to third parties where required to do so by law, or where such third parties process this data on behalf of Google or ourselves. You can prevent cookies from being stored by selecting the relevant settings in your browser software; Please note, however, that you may not be able to use all functions of this website in full in this case.
5. Google Web Fonts
This website uses what are called web fonts for displaying fonts from external typography sets from Google. When the website is accessed, your browser loads the required web font in the browser cache. If your browser does not support this function, a default font from your computer is used to display the website. This service records your IP address, which of our Internet pages you have visited and additional information that may be required by Google for the provision of web fonts. The information that is created relating to your use of this website is stored on a server in the USA. This information may also be transmitted to third parties where required to do so by law, or where such third parties process this data on behalf of Google or ourselves.
6. Google Maps
This website uses Google Maps from Google to display maps, map data, terrain data or geographical maps. This service records your IP address, which of our Internet pages you have visited and additional information that may be required by Google for the provision of maps (such as location data). The information that is created is stored on a server in the USA. This information may also be transmitted to third parties where required to do so by law, or where such third parties process this data on behalf of Google or ourselves. For the terms of Google Maps, see: https://www.google.com/intl/de_de/help/terms_maps.html.
7. reCAPTCHA
This website uses reCAPTCHA from Google. reCAPTCHA serves to ensure that the forms provided are used by a natural person and are not used fraudulently by automated or machine-based processes. This service records your IP address and any additional data that is required by Google for reCAPTCHA. The information that is created relating to your use of this website is stored on a server in the USA. This information may also be transmitted to third parties where required to do so by law, or where such third parties process this data on behalf of Google or ourselves.
8. Google Tag Manager
This website uses Google Tag Manager for tag identification. With this service, website tags can be managed by using an interface. Google Tool Manager merely implements tags. This means that no cookies are used and no personal data is recorded. Google Tool Manager triggers other tags which may record data in turn. However, Google Tag Manager does not access this data. If Google Tag Manager has been disabled at domain or cookie level, this data remains for all tracking tags if they are implemented with Google Tag Manager.
9. Google Forms
This website uses Google Forms. You can use this service to generate and process entry screens. In doing so, Google records your IP address, the page you visited and any other data that may be required by Google for Google Forms. The data that is entered in the form is only transmitted to Google if you submit the form by clicking on the corresponding Submit button. Google stores the data that is transmitted for us in cloud memory so that we can process it as part of the respective purpose of processing.
I. Media contents
As part of our website, we sometimes use external contents that are loaded directly by the servers of the providers named individually below. The purpose of integrating this content is to make our website more attractive. Our legitimate interest in the use of such external contents also exists in the purpose of making our website more attractive. The legal basis for the use of the following social media plug-ins is our legitimate interest in accordance with Art. 6 Para. 1 f GDPR.
1. YouTube
Our website uses media contents from the YouTube platform. It is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google").
Its purpose is to display contents from the YouTube platform as part of our website. This service records your IP address and any additional data that is required by Google for YouTube. The information that is created relating to your use of this website is stored on a server in the USA. This information may also be transmitted to third parties where required to do so by law, or where such third parties process this data on behalf of Google or ourselves. If you are signed into YouTube at the same time, Google can allocate your visit to the page of our website directly to your user account there. If you do not wish to allow Google to assign data that is collected on our website to your respective user account, you have to sign out from YouTube beforehand.
Google has joined the EU/US Privacy Shield agreement, is committed to complying with European data protection standards and thereby meets EU requirements for legitimising the data transfer of personal data to the USA. For information about Google’s self-regulation, see
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
For additional information about how Google handles your personal data, see the applicable privacy policy: https://www.google.com/intl/de/policies/privacy/.
2. ThingLink
This website uses media contents from ThingLink. This service records your IP address, which of our Internet pages you have visited and additional information that may be required for the provision of its contents. The information that is created relating to your use of this website is stored on a server in Ireland.
For additional information about how ThingLink handles your personal data, see the applicable privacy policy: www.thinglink.com/terms