Privacy Policy according to GDPR
This privacy policy explains to you the type, scope and purpose of the processing of personal data (hereinafter referred to as simply “data”) within our online offering and the webpages, functions and content associated with it (hereinafter jointly referred to as “online offering”). With regard to the terms used, such as “processing” or “data controller”, we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
Data controller
The data controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection provisions is:
SCHMEDES GmbH Wittlingstrasse 22
27572 Bremerhaven
Phone: +49 471 97400-0
Fax: +49 471 97400-24
www.schmedes-gmbh.de
Managing directors:
Peter Schmedes
General information on data processing
1. Scope of processing of personal data
We only process personal data of our users insofar as this is necessary to provide a functional website and to deliver our content and services. Processing of the personal data of our users takes place as a rule only after the consent of the user has been obtained. An exception applies in those cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
In the processing of personal data necessary for the performance of a contract to which the data subject is party, GDPR Article 6(1)(b) serves as the legal basis. This also applies to processing steps that are necessary prior to entering into a contract.
Insofar as the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, GDPR Article 6(1)(c) serves as the legal basis.
In the event that processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, GDPR Article 6(1)(d) serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, GDPR Article 6(1)(f) serves as the legal basis for processing.
3. Data erasure and storage period
The personal data of the data subject will be erased or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the data controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
Provision of the website and creation of log files
1. Description and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the operating system of the calling computer.
The following data are collected:
- Information about the browser type and version used
- User’s operating system
- User’s internet service provider
- IP address of the user
- Date and time of access
The log files contain anonymized IP addresses or other data that do not permit any assignment to a user.
These data are not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for the temporary storage of data and the log files is GDPR Article 6(1)(f).
3. Purpose of data processing
Storage in log files is performed to ensure the functionality of the website. In addition, the data are used to optimize the website and to safeguard the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
4. Duration of storage
The data will be erased as soon as they are no longer necessary to achieve the purpose for which they were collected.
If the data are stored in log files, this is the case after seven days at the latest. Further storage is possible. In this case, the IP addresses of the users are deleted or de-identified, so that an assignment to the calling client is no longer possible.
5. Possibility of objection and removal
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
Use of cookies
a) Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored within the browser or by the browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables unique identification of the browser when the website is called up again.
We use cookies to make our website more user-friendly (session cookies, HttpOnly, HostOnly). Some elements of our website require that the calling browser be identified even after a page change.
The following data are stored and transmitted in the cookies:
- Log-in information
- Search terms
The user data collected by technically necessary cookies are not applied to create user profiles.
b) Duration of storage; possibility of objection and removal
Cookies are stored on the user’s computer and transmitted to our website. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically.
E-mail contact
It is possible to contact us via the e-mail address provided. The user’s personal data that are transmitted by e-mail will be stored. In this context, the data will not be passed on to third parties. The data are used exclusively for processing the conversation.
Google Maps plugin
We use a plugin of the internet service Google Maps on our website. Google Maps is operated by Google Inc., located in the USA (1600 Amphitheatre Parkway, Mountain View, CA 94043).
By using Google Maps on our website, information about the use of this website and your IP address is transmitted to a Google server in the USA and also stored on this server. We have no knowledge of the exact content of the data submitted, nor about their use by Google. In this context, the company denies the connection of the data with information from other Google services and the collection of personal data. However, Google may transfer the information to third parties.
If you disable Javascript in your browser, you prevent Google Maps from running. However, you will not be able to use the map display on our website.
By using our website, you consent to the collection and processing by Google Inc. of the information described.
For more information about the privacy policy and terms of use for Google Maps, please visit: www.google.com/intl/en_uk/help/terms_maps.html
SSL encryption
To protect the security of your data during transmission, we use state-of-the-art encryption techniques (such as SSL) over HTTPS. Please make sure that the SSL encryption is activated on your side during the corresponding activities. The use of encryption is easy to recognize: the indication in your browser line changes from “http://” to “https://”. Data encrypted via SSL cannot be read by third parties. Submit your confidential information only when SSL encryption is activated and, if in doubt, please contact us.
Rights of the data subject
1. Right of access to information
You can request confirmation from the data controller as to whether personal data concerning you are processed by us. If such processing takes place, you can request the following information from the controller:
- The purposes for which the personal data are processed;
- The categories of personal data being processed;
- The planned duration of the storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
- the right to lodge a complaint with a supervisory authority.
2. Right to rectification
You have a right to rectification and/or completion by the data controller if the personal data processed concerning you is incorrect or incomplete. The controller shall make the correction without undue delay.
3. Right to restriction of processing
Under the following conditions, you may request that the processing of personal data concerning you be restricted:
- If you contest the accuracy of the personal data concerning you for a period that enables the data controller to verify the accuracy of the personal data;
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- You have objected to processing pursuant to GDPR Article 21(1) pending the verification whether the legitimate grounds of the controller override your grounds.
Where processing of personal data concerning you has been restricted, such personal data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been obtained according to the above conditions, you will be informed by the controller before the restriction of processing is lifted.
4. Right to erasure (“right to be forgotten”)
a) Obligation to erase
You may request the data controller to erase the personal data relating to you without undue delay, and the data controller is obliged to erase these data without undue delay, where one of the following grounds applies:
- Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- You withdraw the consent on which the processing is based according to point (a) of GDPR Article 6(1) or point (a) of GDPR Article 9(2), and where there is no other legal ground for the processing;
- You object to the processing pursuant to GDPR Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to GDPR Article 21(2);
- Your personal data have been unlawfully processed;
- Your personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- Your personal data have been collected in relation to the offer of information society services referred to in GDPR Article 8(1).
b) Information sent to third parties
Where the controller has made your personal data public and is obliged pursuant to GDPR Article 17(1) to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers about any links to, or copy or replication of, those personal data.
c) Exceptions
The right to erasure does not apply to the extent that processing is necessary
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of the GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with GDPR Article 89(1) insofar as the right referred to in paragraph a) above is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims.
5. Right to notification
If you have exercised your right of rectification, cancellation or restriction of processing against the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about such recipients by the controller.</(p>
6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the data controller in a structured, commonly used and machine-readable format. In addition, you have the right to pass those data on to another controller without hindrance from the controller to whom the personal data have been provided, where
- the processing is based on consent pursuant to GDPR Article 6(1)(a) or GDPR Article 9(2)(a) or on a contract pursuant to GDPR Article 6(1)(b); and
- the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transferred directly from one data controller to another, insofar as this is technically feasible. A requirement is that this does not adversely affect the freedoms and rights of other persons.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to revoke consent regarding the privacy policy
You have the right to withdraw your consent to the privacy policy at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
8. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to GDPR Article 78.