I. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the EU Member States as well as other data protection regulations is:
Schardt GmbH & Co. KG
Am Riegel 15
Phone: 0 92 66 / 99 07-0
Fax: 0 92 66 / 99 07-77
II. Name and address of the data protection officer
The data protection officer for the controller is:
Schardt GmbH & Co. KG
Department of Data Protection
Phone: +49 (0) 9266 9907-0
Fax: +49 (0) 9266 9907-77
III. General information concerning data processing
1. Scope of personal data processing
We collect and utilise our users’ personal data only insofar as this is necessary to provide a functional website as well as our contents and services. As a rule, collection and utilisation of our users’ personal data is only undertaken with the user’s consent. An exception applies in those cases where prior consent cannot be obtained for legal or factual reasons and the processing of the data is permitted by law.
2. Legal basis for processing personal data
In cases where we have obtained your consent to process personal data, Art. 6(1)(a) of the General Data Protection Regulation (GDPR) serves as the legal basis for processing this personal data.
When processing personal data required for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations that are necessary in connection with pre-contractual activities.
In cases where it is necessary to process personal data to comply with a legal obligation to which we are subject, Art. 6(1)(c) GDPR serves as the legal basis for such processing.
Article 6(1)(d) GDPR serves as the legal basis in cases where processing personal data is necessary in order to protect the vital interests of the data subject or those of another natural person.
If processing is necessary to protect a legitimate interest of ours or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh these interests, Art. 6(1)(f) GDPR serves as the legal basis for such processing.
3. Data erasure and storage period
Personal data of the data subject will be erased or blocked as soon as the purpose for which the data is stored ceases to apply. Furthermore, data may be stored for longer periods if this has been provided for by European or national legislative bodies in EU regulations, laws or other rules to which the controller is subject. Data will also be blocked or erased if a storage period prescribed by the laws referred to above has lapsed, unless there is a need for further storage of the data for the conclusion or performance of a contract.
IV. Provision of the website and creation of log files
1. Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the requesting computer.
The following data is collected in this context:
(1) Information about the browser type and version used
(2) The user’s operating system
(3) The user’s Internet service provider
(4) The user’s IP address
(5) Date and time of access
(6) Websites from which the user’s system reaches our website
(7) Websites accessed by the user’s system via our website
This data is also stored in log files on our system. This data is not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6(1)(f) GDPR.
3. Purpose of data processing
Temporary storage of IP address by the system is necessary to enable delivery of the website to the user’s computer. To this end, the user’s IP address must be stored for the duration of the session.
Data is stored in log files to ensure the website’s functionality. The data is also used to optimise the website and to ensure the security of our information technology systems. No evaluation of the data for marketing purposes is undertaken in this context.
These purposes also encompass our legitimate interest in data processing in accordance with Art. 6(1)(f) GDPR.
4. Storage period
The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of data collected to enable provision of the website, this will be undertaken once the respective session has ended.
Any data stored in log files will be erased within seven days at the latest. Storage for longer period is not possible. In this case, the user’s IP addresses will be erased or modified, so that it is not possible to associate the IP address with the requesting client.
5. Options for objection and erasure
The collection of data for the provision of the website and storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no option to object on the part of the user.
a) Description and scope of data processing
The following data can be transmitted in this way:
(1) Entered search terms
(2) Frequency of page views
(3) Use of website functions
User data collected in this way is pseudonymised via a technical solution. It is therefore no longer possible to associate this data with the user accessing the website. The data is not stored together with any other personal data of the user.
b) Legal basis for data processing
The legal basis for processing personal data using cookies is Art. 6(1)(f) GDPR.
c) Purpose of data processing
We require cookies for the following applications:
(1) Applying language settings
(2) Remembering search terms
User data collected by technically necessary cookies is not used to create user profiles.
Analysis cookies are used to improve the quality of our website and its content. Using analysis cookies, we learn how the site is used and can constantly optimise our service.
These purposes also encompass our legitimate interest in processing personal data in accordance with Art. 6(1)(f) GDPR.
d) Storage period, options for objection and erasure
VI. E-mail contact
1. Description and scope of data processing
You can contact us via the e-mail address provided. In this case, the user’s personal data that transmitted along with the e-mail will be stored.
This data will not be shared with any third parties in this context. The data will be used exclusively to process your inquiry.
2. Legal basis for data processing
The legal basis for processing the data transferred in the course of sending an e-mail is Art. 6(1)(f) GDPR. If the intent of the e-mail is to enter into a contract with us, this creates an additional legal basis for its processing in accordance with Art. 6(1)(b) GDPR.
3. Purpose of data processing
In the event of contact by email, this also constitutes the necessary legitimate interest in processing the data.
4. Storage period
The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected.
5. Options for objection and erasure
A user who has contacted us by e-mail may object to the storage of their personal data at any time. In such cases, it will not be possible to continue the respective conversation.
All personal data stored in the course of contacting us will be deleted as provided below.
VII. Integration of plugins and tools
1.Use of Google Maps
(1) We use the functions of Google Maps on our website. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function.
2. Use of YouTube
We use a function that permits the embedding of YouTube videos on our website; this is provided by YouTube LLC. (901 Cherry Ave., San Bruno, CA 94066, USA; “YouTube”).
YouTube is affiliated with Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”).
This function shows YouTube videos via an iFrame on the website. The option “expanded data protection mode” has been activated for this function. As a result, YouTube does not store information about visitors to the website. Information concerning the user is only transmitted to and stored by YouTube if you access a video.
3. Use of Google Web Fonts
This website uses web fonts provided by Google for the uniform display of fonts. When you open a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
To do this, the browser you are using must connect to Google’s servers. Google is thus provided information that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of the uniform and attractive appearance of our website. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.
If your browser does not support web fonts, a default font is used by your computer.
4. Web Analytics Use of Google Analytics
(1) This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
(2) The IP address transmitted by your browser as part of Google Analytics is not merged with other data from Google.
(4) This website uses Google Analytics with the extension “_anonymizeIp()”. This means that IP addresses are processed in abbreviated form, which means that personal references can be ruled out. Insofar as the data collected about you has a personal reference, this is therefore immediately excluded and the personal data is deleted immediately.
(5) We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained allow us to improve our offer and make it more interesting for you as a user. For the exceptional cases in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 para. 1 p. 1 lit. f DS-GVO.
[(7) This website also uses Google Analytics for cross-device analysis of visitor flows, which is performed via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”].
VIII. Rights of data subjects
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights with vis-à-vis the controller:
1. Right to information
You can ask the controller to confirm whether personal data that concerns you is processed by us.
If such processing takes place, you can request the following information from the controller:
(1) The purposes for which personal data is processed;
(2) Categories of personal data subject to processing;
(3) The recipients or categories of recipients to whom the personal data have been or are still being disclosed, in particular recipients in third countries or international organisations;
(4) The period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
(5) The existence of a right to rectification or erasure of the personal data concerning the data subject, a right to restrict processing by the controller, or the right to object to such processing;
(6) The existence of the right to lodge a complaint with a supervisory authority;
(7) Any available information on the origin of the data if the personal data has not been collected from the data subject;
(8) The existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
You also have the right to know whether your personal data has been transmitted to a third country or to an international organization. In this respect, you can request to be informed of the appropriate guarantees in accordance with Art. 46 GDPR in connection with the transfer of such data.
2. Right to rectification
You have a right of rectification and/or completion with respect to controller if the personal data processed concerning you is incorrect or incomplete. The controller is required to rectify incorrect or incomplete data without undue delay.
3. Right to restriction of processing
Under the following conditions you may request that the processing of your personal data is restricted:
(1) You contest the accuracy of your personal data, for a period that enables the controller to verify the accuracy of the personal data;
(2) The processing is unlawful and the you oppose the erasure of the personal data and request the restriction of their use instead;
(3) We no longer need the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
(4) You have objected to processing pursuant to Art. 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
Where processing personal data concerning you has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If processing has been restricted as provided above, you will be informed by the controller before the restriction of processing is lifted.
4. Right to erasure
a) Obligation to erase
You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed;
(2) You withdraw your consent on which the processing is based according to Art. 6(1)(a) GDPR, or Art. 9(2)(a) GDPR, and where there is no other legal ground for the processing.
(3) You object to processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate reasons for the processing, or you object to processing pursuant to Art. 21(2) GDPR.
(4) The personal data concerning you has been processed unlawfully.
(5) The personal data concerning you has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) The personal data concerning you has been collected in relation to the offer of information society services referred to in Art. 8(1) GDPR.
b) Notice to third parties
Where the controller has made the personal data public and is obliged pursuant to Art. 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data to the extent such data is not required for processing.
The right to erasure does not apply insofar as processing is necessary
(1) To exercise the right of freedom of expression and information;
(2) For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) For reasons of public interest in the area of public health in accordance with points Art. 9(2)(h) and (i) as well as Art. 9(3) GDPR;
(4) For archiving purposes in the interest of public, scientific or historical research purposes or for statistical purposes in accordance with Art. 89(1) GDPR in so far as the right referred to in point a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) For the establishment, exercise or defence of legal claims.
5. Right to notification
If you have exercised your right to rectification, erasure or restriction of processing vis-à-vis the controller, they are obliged to inform all recipients to whom the personal data that concerns you has been disclosed of the rectification or erasure of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.
It is your right to have the controller inform you regarding such recipients.
6. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, where:
(1) Processing is based on consent in accordance with Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or based on a contract pursuant to Art. 6(1)(b) GDPR and
(2) Processing is carried out by automated means.
In exercising this right, you also have the right to request that the personal data concerning you is transferred directly from one controller to another controller, insofar as this is technically feasible. The exercise of this right may not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
8. Right to withdraw consent
You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
(1) Is necessary for entering into, or performance of, a contract between you and a data controller;
(2) Is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
(3) Is based on your explicit consent.
However, such decisions cannot be based on special categories of personal data referred to in Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
In the cases referred to in (1) and (3), the controller is required to implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the state and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.