This privacy policy informs you about the type, scope, and purpose of the processing of personal data (hereinafter referred to as “data”) within our online offering and the associated websites, functions, and content, as well as external online presences like our social media profiles (collectively referred to as “online offering”). Regarding the terminology used, such as “processing” or “controller,” we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Controller
Schuntermann Elektroanlagenbau GmbH
Hans-Sachs-Strasse 17
40721 Hilden – Germany
Managing Director: Dr. jur. Manfred Zehetmair
Link to Legal Notice: https://www.schuntermann.de/en/legal-notice/
Contact Data Protection Officer: [email protected]
Types of Data Processed
- Inventory data (e.g., names, addresses)
- Contact data (e.g., email addresses, phone numbers)
- Content data (e.g., text entries, photographs, videos)
- Usage data (e.g., visited websites, interest in content, access times)
- Meta/communication data (e.g., device information, IP addresses)
Categories of Data Subjects
Visitors and users of the online offering (hereinafter collectively referred to as “users”).
Definitions of Terms
Personal Data: Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, by reference to identifiers like a name, ID number, location data, online identifier (e.g., cookie), or other factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.
Processing: Any operation or set of operations performed on personal data, whether or not by automated means. The term is broad and encompasses virtually any handling of data.
Pseudonymization: Processing personal data in such a way that it can no longer be attributed to a specific data subject without additional information, provided that such information is kept separately and subject to technical and organizational measures.
Profiling: Any automated processing of personal data to evaluate certain personal aspects relating to a natural person, especially to analyze or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
Controller: The natural or legal person, authority, institution, or other body that determines the purposes and means of processing personal data, alone or jointly with others.
Processor: A natural or legal person, authority, institution, or other body that processes personal data on behalf of the controller.
Relevant Legal Bases
According to Article 13 GDPR, we inform you of the legal bases of our data processing. Unless specifically mentioned, the following applies:
- Consent: Article 6(1)(a) and Article 7 GDPR
- Performance of Contractual Measures: Article 6(1)(b) GDPR
- Legal Obligations: Article 6(1)(c) GDPR
- Legitimate Interests: Article 6(1)(f) GDPR
- Vital Interests: Article 6(1)(d) GDPR (if processing is necessary to protect someone’s vital interests)
Security Measures
We implement appropriate technical and organizational measures in accordance with Article 32 GDPR to ensure a level of security appropriate to the risk. These measures consider the state of the art, implementation costs, and the nature, scope, context, and purposes of processing.
Measures include securing the confidentiality, integrity, and availability of data by controlling physical access, data input, transfer, availability, and separation. We also have procedures to ensure data subjects’ rights, data deletion, and response to data threats. Data protection is considered in the development or selection of hardware, software, and procedures per Article 25 GDPR.
Cooperation with Processors and Third Parties
If we disclose data to other persons and companies (processors or third parties), transmit it to them, or otherwise grant them access, this is only based on legal permission, your consent, a legal obligation, or our legitimate interests. If we commission third parties with data processing based on a “data processing agreement,” this is done according to Article 28 GDPR.
Transfers to Third Countries
If we process data in a third country (outside the EU or EEA) or this happens in the context of third-party services, it occurs only to fulfill our contractual obligations, with your consent, due to a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, data is processed or allowed to be processed in a third country only under the special conditions of Articles 44 ff. GDPR.
Rights of Data Subjects
Right of Confirmation and Access: You have the right to request confirmation of whether your data is being processed and access to that data (Article 15 GDPR).
Right to Rectification: You can request the completion or correction of your data (Article 16 GDPR).
Right to Erasure: You can request immediate deletion of your data (Article 17 GDPR) or restriction of processing (Article 18 GDPR).
Right to Data Portability: You have the right to receive your data in a structured, commonly used format and transmit it to another controller (Article 20 GDPR).
Right to Lodge a Complaint: You can lodge a complaint with a supervisory authority (Article 77 GDPR).
Right to Withdraw Consent
You have the right to withdraw consent at any time with future effect (Article 7(3) GDPR).
Right to Object
You can object to future processing of your data at any time (Article 21 GDPR), especially against processing for direct marketing purposes.
Cookies and Right to Object to Direct Marketing
Cookies are small files stored on users’ computers. They serve to store information about users during or after their visit to an online offering.
Session Cookies: Temporary cookies deleted after you leave the online offering.
Persistent Cookies: Remain stored even after closing the browser.
Third-Party Cookies: Provided by third parties other than the controller.
Users can prevent cookies from being stored by adjusting browser settings. Disabling cookies may limit the functionality of our online offering.
You can object to cookies used for online marketing via the U.S. site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/.
Deletion of Data
The data we process will be deleted or restricted in their processing in accordance with Articles 17 and 18 of the GDPR. Unless expressly stated within this privacy policy, the data stored by us will be deleted as soon as they are no longer necessary for their intended purpose and no legal retention obligations oppose deletion. If the data are not deleted because they are required for other legally permissible purposes, their processing will be restricted. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
According to legal requirements in Germany, retention occurs in particular for 10 years pursuant to §§ 147 para. 1 AO (Fiscal Code of Germany), 257 para. 1 nos. 1 and 4, para. 4 HGB (German Commercial Code) (books, records, management reports, accounting documents, commercial books, documents relevant for taxation, etc.), and 6 years pursuant to § 257 para. 1 nos. 2 and 3, para. 4 HGB (commercial correspondence).
According to legal requirements in Austria, retention occurs in particular for 7 years pursuant to § 132 para. 1 BAO (Austrian Federal Tax Code) (accounting records, vouchers/invoices, accounts, receipts, business papers, statements of income and expenses, etc.), 22 years in connection with properties, and 10 years for documents related to electronically provided services, telecommunications, broadcasting, and television services provided to non-business entities in EU member states for which the Mini-One-Stop-Shop (MOSS) is utilized.
Business-Related Processing
Additionally, we process
Contract data (e.g., contract subject, duration, customer category)
Payment data (e.g., bank details, payment history)
from our customers, prospects, and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising, and market research.
We process the data of our contractual partners and interested parties as well as other clients, customers, principals, clients, or contracting parties (collectively referred to as “contractual partners”) in accordance with Article 6(1)(b) GDPR, in order to provide them with our contractual or pre-contractual services. The data processed in this context—the type, scope, purpose, and necessity of their processing—are determined by the underlying contractual relationship.
The processed data includes the master data of our contractual partners (e.g., names and addresses), contact data (e.g., email addresses and telephone numbers), as well as contract data (e.g., services utilized, contractual contents, contractual communication, names of contact persons), and payment data (e.g., bank details, payment history).
We generally do not process special categories of personal data unless they are components of a commissioned or contractual processing.
We process data that is necessary for the establishment and fulfillment of contractual services and point out the necessity of their provision if this is not evident to the contractual partners. Disclosure to external persons or companies occurs only if it is required within the scope of a contract. When processing data provided to us within the scope of an assignment, we act in accordance with the instructions of the principals as well as legal requirements.
In the context of utilizing our online services, we may store the IP address and the time of the respective user action. Storage is based on our legitimate interests, as well as the users’ interests in protection against misuse and other unauthorized use. Transfer of this data to third parties does not generally occur unless it is necessary for the pursuit of our claims in accordance with Article 6(1)(f) GDPR or there is a legal obligation to do so in accordance with Article 6(1)(c) GDPR.
The data is deleted when it is no longer necessary for the fulfillment of contractual or legal care obligations and for dealing with any warranty and comparable obligations, whereby the necessity of retaining the data is reviewed every three years; otherwise, the statutory retention obligations apply.
Administration and Financial Accounting
We process data within the scope of administrative tasks, as well as the organization of our business, financial accounting, and compliance with legal obligations such as archiving. In this context, we process the same data that we handle while providing our contractual services. The legal bases for processing are Article 6(1)(c) GDPR and Article 6(1)(f) GDPR. Customers, interested parties, business partners, and website visitors are affected by the processing.
The purpose and our interest in processing lie in administration, financial accounting, office organization, and data archiving—tasks that serve to maintain our business activities, fulfill our duties, and provide our services. The deletion of data concerning contractual services and contractual communication corresponds to the information specified in these processing activities.
In this process, we disclose or transmit data to tax authorities, consultants such as tax advisors or auditors, as well as other fee offices and payment service providers.
Furthermore, based on our business interests, we store information about suppliers, event organizers, and other business partners—for example, for later contact. We generally store these predominantly company-related data permanently.
Contacting Us
When you contact us (e.g., via contact form, email, or social media), your details are processed to handle the inquiry (Article 6(1)(b) GDPR). User information may be stored in a Customer Relationship Management System (CRM).
We delete inquiries when no longer necessary and review this necessity every two years. Statutory archiving obligations apply.
Hosting and Email Sending
We use hosting services to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email dispatch, security services, and technical maintenance services that we utilize for the purpose of operating this online offering.
In this context, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta, and communication data of customers, interested parties, and visitors of this online offering based on our legitimate interests in an efficient and secure provision of this online offering in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).
We delete inquiries when they are no longer necessary. We review the necessity every two years; furthermore, statutory archiving obligations apply.
Collection of Access Data and Log Files
We, or our hosting provider, collect data on every access to the server on which this service is located (so-called server log files) based on our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR. The access data include the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the previously visited page), IP address, and the requesting provider.
Log file information is stored for a maximum of 7 days for security reasons (e.g., to investigate misuse or fraudulent activities) and then deleted. Data whose further retention is required for evidentiary purposes are excluded from deletion until the respective incident has been fully clarified.
In this context, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta, and communication data of customers, prospects, and visitors of this online offering based on our legitimate interests in an efficient and secure provision of this online offering in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).
We delete inquiries when they are no longer necessary. We review the necessity every two years; furthermore, statutory archiving obligations apply.
Google Analytics
We use Google Analytics, a web analytics service provided by Google LLC (“Google”), based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering in accordance with Art. 6 Para. 1 lit. f GDPR). Google uses cookies. The information generated by the cookie about users’ use of the online offering is usually transmitted to a Google server in the USA and stored there.
Google is certified under the Privacy Shield agreement and thereby offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate the use of our online offering by users, to compile reports on activities within this online offering, and to provide us with other services related to the use of this online offering and internet usage. In this process, pseudonymous user profiles can be created from the processed data.
We use Google Analytics only with activated IP anonymization. This means that the IP address of the user is truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
The IP address transmitted by the user’s browser is not merged with other data from Google. Users can prevent the storage of cookies by adjusting their browser software settings accordingly; furthermore, users can prevent the collection of data generated by the cookie and related to their use of the online offering by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
The IP address transmitted by the user’s browser is not merged with other data from Google. Users can prevent the storage of cookies by adjusting their browser software settings accordingly; furthermore, users can prevent the collection of data generated by the cookie and related to their use of the online offering by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
The personal data of the users will be deleted or anonymized after 14 months.
Integration of Third-Party Services and Content
We use content or service offerings from third-party providers within our online offering—based on our legitimate interests (i.e., interest in the analysis, optimization, and economic operation of our online offering in accordance with Art. 6 Para. 1 lit. f GDPR)—to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”).
This always requires that the third-party providers of this content perceive the users’ IP addresses, since without the IP address they could not send the content to their browsers. The IP address is therefore necessary for the display of this content. We strive to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as “web beacons”) for statistical or marketing purposes. Through the “pixel tags,” information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information can also be stored in cookies on the users’ devices and may contain, among other things, technical information about the browser and operating system, referring websites, visit time, as well as other details about the use of our online offering, and may be combined with such information from other sources.
Google Fonts
We integrate “Google Fonts” from Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Privacy Policy: https://www.google.com/policies/privacy/
Opt-Out: https://adssettings.google.com/authenticated
Google Maps
We integrate maps from “Google Maps” by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data processed may include IP addresses and location data (with user consent). Data may be processed in the USA.
Privacy Policy: https://www.google.com/policies/privacy/
Opt-Out: https://adssettings.google.com/authenticated