INFORMATION FOR INTERESTED PARTIES (WEBSITE)

concerning the processing of personal data according to Article 13[1] of the General Data Protection Regulation (GDPR)

(Data Protection Policy)


[1] Please note: The publication in the Official Journal may not contain the latest version. This can be found here.

 

As at: 20 January 2020

 

Welcome to SCHOTTEL!

 

Thank you for your interest in our website. Protecting your personal data and your privacy is very important to us. As a result, we would like to provide you with information concerning data protection at our company. We comply with the legal regulations of the European General Data Protection Regulation1 (GDPR), the German Data Protection Act (BDSG), Telemedia Act (TMG) and other statutory provisions related to data protection.

You can visit our website anonymously at any time. We respect the freedom of the individual to decide when, and for what purpose, he or she wishes to provide personal information. We do not employ any techniques to identify you or to create personal profiles!

We collect a minimum of personal data and only those which are required to:

·         Perform our services,

·         Implement contracts (including the initiation, conclusion, fulfilment and completion of a contract),

·         Process and respond to inquiries (contact form),

·         Ensure the security of our operations,

·         Improve our offerings,

·         Prevent, detect and investigate potentially unauthorized or illegal activities, and to enforce our general terms and conditions.

To ensure that you are fully aware of how we process personal data on our websites, we have compiled this information in a comprehensive and readily understandable form. We would like to assure you that we take all necessary technological and organizational steps to protect your data.

 

1. Controller

Controller responsible for the processing of personal data and service provider:

SCHOTTEL GmbH

Mainzer Strasse 99

56322 Spay/Rhine

Germany

 

Tel.: +49 2628 / 61 0

Fax: +49 26 28 / 6 13 00

e-mail: info@schottel.de

 

Further information: see Imprint

 

2. Data protection officer

To serve as data protection officer, we have commissioned:

Verimax GmbH,

Warndtstrasse 115, 66127 Saarbrücken, Germany

 

Mr. Michael Grein

 

Phone: +49 89 800 6578 25 (extension)

Fax: +49 89 800 6578 29

e-mail: dsb-schottel(at)verimax.de

Address for reporting actual or suspected data protection violations:

e-mail: datenschutz(at)schottel.de 

 

3. Data types and data subjects

When you access our websites, we automatically process data of a general nature. These data, which may be saved in so-called server log files, include the following:

·         Your browser* (type/version)

·         Your operating system*

·         The domain name of your Internet provider (IP address)

·         Time of access to the website

·         Referrer URL* (the site visited previously)

·         In some cases cookies (see also point 4 below)

·         And other similar general data (e.g. size of your browser window)

*If necessary, you can suppress these data by selecting the appropriate settings in your system.

These data are used in accordance with Article 61 (1) b) GDPR to provide the websites and display them correctly for you; they are called up every time the Internet is used.

Furthermore, the data are temporarily stored in accordance with Article 61 (1) f) GDPR for the purposes of fraud prevention and for investigating attacks on our website. In the absence of such grounds for suspicion, the IP address used to access the sites is deleted after seven (7) days. Attribution of these data to a natural person is then no longer possible.

The remaining – non-personal – data may be processed further for statistical purposes.

As a visitor to our website, you are a ‘data subject’ as defined in the General Data Protection Regulation.

 

4. Cookies

“Cookies” are small text files that are stored on your computer by a domain (in this case: schottel.de) and can only be processed again by this domain. Cookies cannot contain or spread malicious code, nor can they start programs.
In order to be able to assess whether you can navigate easily through our websites, we would like to be able to recognize the access associated with a particular session. We would also like to use cookies to assess when your browser last visited our site. In this way, we can see whether it is a repeat visit (repeat visitors typically have a different, usually very specific interest in content). We would also like to assess whether the content of our pages is interesting enough for you and whether or where we should increase our commitment to it.

We do not wish to, will not and cannot identify you personally as a result and would be pleased if you would allow us to register repeat visits by means of cookies.

We do not tolerate cookies from third-party domains, use our own cookies extremely sparingly, do not store any personal data in them and only use them for the following purposes:

Cookie name                                           Purpose                                  Storage duration

_pk_testcookie.#.####                              To test whether cookies            Session
                                                                are allowed by the browser
_pk_id.#.###                                             To detect a repeat                    13 months
                                                                visit
_pk_ses.#.####                                         To see which                            30 minutes
                                                                page hits belong to
                                                                the same session
MATOMO_SESSID                                   For an opt-out                          Session

cookieconsent_status                               Saves the entry in                     1 year
                                                                the cookie banner

PHPSESSID                                             Technically necessary cookie:   Session
                                                                Data identifier; used by
                                                                a PHP method
                                                                to identify a session

fe_typo_user                                            Technically necessary cookie:   Session
                                                                Controlled by the Content
                                                                Management System (CMS)
                                                                used in order to enable
                                                                a user login



Please also observe the following point 5.

The information generated by the cookies about your use of this website will not be disclosed to third parties. You are free to decide at any time whether and which cookies are allowed or not allowed on your computer. You can also delete individual or all cookies on your computer at any time. This can be done using your web browser settings.

 

5. Collection and storage of usage data (web analysis)

In order to optimize our websites and adapt them to the changing habits and technical requirements of our users, we use so-called web analysis tools. We record, for example, which elements are visited by users, whether the information they are looking for is easy to find, etc. This information only becomes interpretable and meaningful when a larger group of users is considered. For this purpose, the collected data are aggregated, i.e. merged to form larger units.

This enables us to adapt the design of pages or optimise content if, for example, we ascertain that a relevant proportion of visitors are using new technologies or finding existing information difficult or impossible to find.

SCHOTTEL does not create visitor profiles, does not use retargeting technologies and does not record so-called “customer journeys”. We are therefore are not interested in the behaviour of an individual, nor in the person behind it.

We use Matomo (formerly Piwik) for web analysis. This is software that is installed on our own server and only processes data that have been stored on our server. Matomo uses cookies to detect which page hits belong to a session and whether they are a first-time or repeat visitor. Your IP address will be anonymized immediately and even before it is saved, so that you as a user always remain completely anonymous to us.

We use structural measures (separation of databases and responsibilities) to ensure that statistical data that we process for web analysis purposes at no time contain personal data or can be linked to such data.

If your browser is configured to tell our server that you do not want tracking (‘do-not-track’), Matomo will not record your visit to the page (even though we would not store any personal data anyway).
Otherwise, you can subsequently revoke your consent to the processing at any time by clicking on the mouse if you no longer agree to it in the future. In this case, an opt-out cookie will be set in your browser. As a result, Matomo will not collect any session data whatsoever.

Please note: If you delete all your cookies, the opt-out cookie will also be deleted and must then be reactivated by you if required.

Here you can decide whether Matomo web analysis cookies may be stored in your browser to enable us to improve the website for you.

6. Purposeful use of data

We follow the principle of purposeful use of data and process your personal data only for those purposes for which you have provided them to us. Your personal data will not be disclosed to third parties without your express consent, unless this is necessary for provision of services or performance of a contract. Even transmission to state institutions and authorities entitled to receive information will occur only in accordance with legal disclosure requirements or if a court order obliges us to such disclosure.

 

We also take data protection within the company very seriously. Our employees and our contracted service providers are obliged to secrecy and to compliance with legal data protection requirements.

 

7. Third country

No deliberate transfer of personal data to third countries or international organizations is carried out, nor is this planned. When the website is accessed, however, it cannot be guaranteed that the data will remain within the EU/EEA. Due to the manner in which the Internet operates, it may be technically possible for an inquiry being sent from you to us or for an answer to pass via a server in a non-secure third country. This cannot be prevented. However, since we encrypt the data traffic between your browser and our server (see point 8 below), there is no particular risk here.

 

8. Data minimization, data economy, data security

Generally, it is not necessary for you to enter personal data to use our website. However, we may need your personal information in order to provide our services. This applies to the mailing of informational materials or ordered goods as well as to responses to individual inquiries. 
If you request us to provide services or to send goods in connection with such services, we process your personal information in accordance with Article 6 (1) b) GDPR and only to the extent required for provision of the services or performance of the contract. It may be necessary to pass on your personal information to companies we use in providing the services or executing the contract. These are, for example, transportation companies or other service providers. If we should need to process your personal data with your consent (and in accordance with Article 6 (1) a) GDPR) for particular activities or services, we will request your express consent in the relevant area of our website.

 

Your personal data are encrypted (tap-proof) on all pages with input fields by means of SSL/HTTPS (recognizable by the green padlock symbol in the URL line of the browser) for transmission via the Internet. We secure our website and other systems by means of technical and organizational measures against loss, destruction, access, alteration or distribution of your data by unauthorized persons.

 

9. Contact form and establishing contact

We provide you with the opportunity of contacting us via various channels. One such option is our contact forms. In order to be able to process your inquiry, we need at least your first and last name as well as an e-mail address. Additionally, you can voluntarily provide further information which facilitates improved identification of your request or avoids the need for further queries. Your data will be transmitted encrypted.

 

You can also, of course, send us an e-mail to an address published on the website. In this case, the personal data transmitted with the e-mail will be saved.

 

If your inquiry relates to a service provided by us, we will process your data on the basis of Article 6 (1) b) GDPR. All further inquiries will be made exclusively on the basis of your consent (Article 6 (1) a) GDPR).

 

Third country

 

In the case of e-mail communication, it cannot be guaranteed that the data will remain within the EU/EEA. Due to the manner in which the Internet operates, it may be technically possible for an e-mail being sent from us to you or vice versa to pass via a server in a non-secure third country. If you want to send information confidentially, send it by post or encrypt the information/files separately (e.g. encrypted ZIP archive) and send the key via a different channel (e.g. SMS).

 

10. Storage duration 

Your processed personal data will only be stored for as long as is necessary for fulfilment of its intended purpose. Once this purpose has been completed, the data will be deleted, provided this does not conflict with mandatory retention periods. In this case, processing of the data will be restricted in such a way that they can only be processed for the purpose necessitating their retention (e.g. tax audit). Once these retention periods have expired, these data will also be deleted.

 

11. Profiling and automated decision-making

If we have access to the relevant information, a customer or prospective customer profile may be created in order to be able to offer you optimal advice.

 

For this purpose, we use the following information in particular:

  • Your contact data from registrations, inquiries and orders

 

At no time is automated decision-making carried out.

 

12. YouTube videos (with privacy-enhanced mode)

On our website we prefer to a) link to YouTube videos or b) embed such videos using technology from YouTube, LLC (“YouTube”), 901 Cherry Ave., 94066 San Bruno, CA, USA, a company of Google, LLC (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

 

In case b), we use the “privacy-enhanced mode” option provided by YouTube, as well as a process that connects to YouTube only after you actively click on the corresponding “Play Video” button. Only then is a connection to the YouTube servers established and the content displayed in our website (so-called frame technology). In this mode, YouTube does not set any cookies to record usage behaviour. According to Google, usage behaviour is therefore not monitored in order to customize video playback.

 

However, if you are logged in to YouTube at the same time, usage information can be associated with your YouTube member account. You can prevent this by logging out of your member account before clicking on the video thumbnail.

 

To be able to play the corresponding YouTube video in case b), the YouTube frame reloads various data (JavaScript libraries, CSS, font and image files) from different YouTube/Google domains.

 

Further information on YouTube’s privacy policy is provided by Google at the following link https://www.google.de/intl/de/policies/privacy/.

 

13. Rights of data subjects

You have the following rights, possibly subject to certain conditions or with certain restrictions:

 

Right of access1:

 

You generally have the right to request information, free of charge, on

 

·         the data processed by us,

 

·         the purposes of the processing,

 

·         the categories of personal data processed and, if applicable, the (categories of) recipient(s) to whom the personal data have been or will be disclosed (including, if applicable, appropriate safeguards if the personal data are transferred outside the EU), and

 

·         – where possible – the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration,

 

·         and, if applicable, the origin of the data.

 

Moreover, you also have a right to rectification1erasure1restriction of processing1, a right to data portability1 and a right to object1 as well as the right to revoke1 consent at any time. The lawfulness of the processing up to the moment of a revocation/objection is not affected by this. You will not incur any costs, other than those of the basic rates, for the declaration of a revocation/objection. If any costs are incurred in exercising the other rights, we will inform you of this in advance. You can exercise your rights against us via a designated channel (e.g. unsubscribe link) or any other communication channel (see “Controller” above or under Imprint).

 

14. Queries regarding data protection and right of complaint

Should you have any further questions about data processing on our website or about our processes, please contact the above-mentioned controller or our data protection officer. You can also contact this person confidentially at dsb-schottel(at)verimax.de if you think you have grounds for complaint or if you discover a data protection violation. Thank you for your support.
You also have the right to complain1 to a supervisory authority. The supervisory authority responsible for the controller is the State Office for Data Protection and Freedom of Information Rhineland-Palatinate, Postfach 30 40, 55020 Mainz, Germany, e-mail: Poststelle(at)datenschutz.rlp.de, Internet: https://www.datenschutz.rlp.de

 

15. Applications 

SO THAT YOU CAN DOCK WITH US AS SOON AS POSSIBLE

 

Applying is very straightforward
We have designed our application process to be as efficient as possible so that both sides can advance quickly during the application phase. You send your documents in digital form (ideally as a single PDF file) to personal(at)schottel.de.

 

Please also note the information under “Third country” in point 9 above. For this reason, you can alternatively opt to send you documents by post.

 

We interview people who have been short-listed in the technical and Human Resources departments, and, depending on the position, also with the divisional management. 
We provide an employment test for trainees and an assessment centre for dual students; in some cases, we also recommend a preliminary work placement.

 

You have the possibility of informing yourself about vacancies on our careers page and also of applying online. If you would like to apply, we need to receive from you the information and documents required in an application procedure. This is carried out on the basis of section 26 of the German Data Protection Act (BDSG).

 

You can also provide further voluntary information (section 26 BDSG (2)) in order to facilitate identification of your application.

 

Further information about the application procedure can be found in the careers portal under FAQ.

 

Recipients

 

Your data will be forwarded to employees of our company who are responsible for the particular subject matter. Furthermore, your data will also be transmitted to:

 

  • affiliated companies of SCHOTTEL Group, possibly external service providers and partners who provide data processing services on our behalf or otherwise process personal data for the purposes described in this notice or stated at the time the personal data are collected;
  • to any competent supervisory authorities, courts, law enforcement agencies, governmental authorities or third parties if we believe that processing is necessary for the purpose of

 

 

(i)    complying with applicable legislation or regulations,

 

(ii)   exercising, establishing or defending our legal rights, or

 

(iii)  protecting your vital interests or those of third parties;

 

Corresponding data protection agreements have been entered into with the relevant external service providers, e.g. in accordance with Article 281 GDPR.

 

In principle, no data will be transferred to third countries. Our servers are located within the EU and the EEA. If necessary, SCHOTTEL Group companies, external service providers and partners may be granted access to your personal data, even if they operate outside the EU/EEA.

 

In such a case, we guarantee compliance with the provisions of Chapter V1 GDPR, in particular that personal data will only be transferred to third countries if they offer an adequate level of protection in accordance with the European Commission (Article 45 GDPR) or if there are appropriate safeguards in accordance with Article 46 GDPR.

 

16. Social media presences

We maintain presences on various social media in order to engage with you in this manner as well. In this context, personal data may also be processed outside the European Economic Area (EEA). This is, however, not under our control.

 

We have listed the (technical) operators of the relevant platforms at the end of this section. There you will also find addresses and further contact information (for requesting information, for example).

 

Your data and your user activities will be analysed by these operators. This includes the use of cookies or similar technology and the storage of IP addresses. The data may then be used for purposes of advertising or market research. In this manner, you may receive advertisements tailored to your user profile within these platforms or also on other sites which are able to use cookies, etc. set by these platforms.

 

As a logged-in user of these sites, this information is also independent of the individual device. The use of data can be based partially on a legitimate interest in efficient advertising through a globally used platform (Article 6 (1) f) GDPR). Since the operators of the platforms dictate the technologies used, we have no possibility of obtaining consent which may be required from you. Further details about this and your user/data subject rights with the operators can be found in the data protection and privacy policies of the corresponding platforms.

 

The presences we maintain on social media merely serve the purpose of conveniently communicating with those users who are already members of these networks. It is neither necessary to become a member to communicate with us nor do we recommend doing so. We also communicate information or special offerings through other channels, particularly on our website.

 

LinkedIn:

 

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a company of LinkedIn Corporation, USA, which belongs to Microsoft Corporation, USA.

 

LinkedIn Corporation is certified under the EU-US Privacy Shield, an agreement on data protection law between the European Union and the United States (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0). LinkedIn provides information concerning its privacy policy under: www.linkedin.com/legal/privacy-policy. There you will also find other contact options, e.g. for requesting information or lodging complaints.

 

We do not use advertising measurement and control techniques offered by LinkedIn (“LinkedIn Insights”) on our websites.

 

Twitter:

 

We use the technical platform and services of Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, for the short message service offered under “Twitter”. Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, is responsible for processing the data of persons who live outside the United States of America.

 

We would like to point out that you are responsible for your own use of Twitter and its functions. This applies in particular to use of the interactive functions (e.g. retweet, like).

 

Information about what data are processed by Twitter and the purposes for which they are used can be found in the Twitter privacy policy: twitter.com/de/privacy

 

Twitter Inc. complies with the principles of the EU-US Privacy Shield. More detailed information about this can be found under: www.privacyshield.gov/participant

 

We have no influence on the type and scope of the data processed by Twitter, the nature of the processing and usage, or the transfer of these data to third parties. Therefore, we do not have any effective means of control.

 

Using Twitter will cause your personal data to be processed by Twitter Inc. and transferred to, stored and used in the United States, Ireland and any other country where Twitter Inc. does business, regardless of your residence.

 

Twitter processes, on the one hand, the data you enter voluntarily, such as name and user name, e-mail address and telephone number, or the contacts in your address book if you upload or synchronize it.

 

On the other hand, Twitter also evaluates the content you share based on what topics you are interested in, stores and processes confidential messages that you send directly to other users, and can determine your location on the basis of GPS data, wireless network information or your IP address to send you advertising or other content.

 

For evaluation purposes, Twitter Inc. may use analysis tools such as Twitter or Google Analytics. We have no control over the use of such tools by Twitter Inc., nor have we been informed of any such potential use. If tools of this kind are used by Twitter Inc. for SCHOTTEL’s account, we have not commissioned, approved or otherwise supported this in any way. Nor are the data obtained from the analysis made available to us. Only certain non-personal information about tweet activity, such as the number of profile or link clicks through a particular tweet, is available to us through our account. Furthermore, we have no way of preventing or disabling the use of such tools on our Twitter account.

 

Finally, Twitter also receives information when you view content, for example, even if you have not created an account. These so-called “log data” may include the IP address, browser type, operating system, information about the website you visited beforehand and the pages you visited, your location, your mobile phone provider, the terminal device you are using (including device ID and application ID), the search terms you use and cookie information.

 

You can restrict the processing of your data via the general settings of your Twitter account and under the item “Privacy and safety”. Furthermore, for mobile devices (smartphones, tablet computers), you can restrict Twitter’s access to contact and calendar data, photos, location data, etc., in the settings on the device. This is dependent on the operating system used.

 

Further information about these points can be found on the following Twitter support sites:

 

support.twitter.com/articles/105576

 

help.twitter.com/en/search

 

You can inform yourself about the possibility of viewing your own data on Twitter here: support.twitter.com/articles/20172711

 

Information about the conclusions drawn about you by Twitter can be found here:

 

twitter.com/your_twitter_data

 

Information about the available personalization and privacy settings can be found here (with further references):

 

twitter.com/personalization

 

You also have the option of requesting information via the Twitter privacy form or archive requests:

 

support.twitter.com/forms/privacy

 

support.twitter.com/articles/20170320

 

Data processed by us

 

We also process your data.

 

a) Purpose and legal basis

 

The processing is carried out for the purposes of our marketing activities in accordance with Article 6 (1) f) GDPR.

 

b) Recipients

 

The recipient of the data is initially Twitter, where they may be passed on to third parties for their own purposes and under the responsibility of Twitter. The recipient of publications is also the general public, i.e. potentially everyone.

 

c) Categories of personal data

 

We do not collect any data ourselves via our Twitter account, nor have we integrated any tweets or Twitter analysis/tracking tools into our website.

 

However, the data you enter on Twitter, in particular your user name and the content published under your account, will be processed by us to the extent that we may retweet or reply to your tweets, or even write tweets that refer to your account. The data that you freely publish and distribute on Twitter is thus included in our offering on Twitter and made available to our followers.

 

d) Transmission to third countries

 

There is an adequacy finding by the EU Commission on the level of data protection in the US under the EU-US Privacy Shield (Commission Implementing Decision (EU) 2016/1250 of 12 July 2016 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the EU-US Privacy Shield, notified under document C(2016) 4176).

 

17. Terms of use 

Please also note our terms of use. 

 

18. Amendment of the data protection provisions

Our data protection policy may be adapted at irregular intervals so that it complies with current legal requirements or for the purpose of implementing changes to our services, e.g. for the incorporation of new offerings. The new data protection policy then automatically applies upon your next visit.

 

 

 

[1] Please note: The publication in the Official Journal may not contain the latest version. This can be found here.