Data protection information pursuant to Art. 13, 14 and 21 GDPR for the website, external sites and other processing operations of Schlüter-Systems KG

 

I. GENERAL INFORMATION
 

1. Controller

Schlüter-Systems KG takes the protection of your personal data and the legal obligations to ensure this protection very seriously. The relevant statutory requirements demand extensive transparency about the processing of personal data. Only if you as the data subject fully understand the processing can you be sufficiently informed about the meaning, purpose and scope of processing.
Our privacy policy therefore explains in detail which personal data we process when you use this    website, all other websites referring to it and in other cases that may be mentioned here.
The controller in the definition of the European General Data Protection Regulation (GDPR), the Federal German Data Protection Act (BDSG), and other data protection regulations is

Schlüter-Systems KG
Schmölestraße 7
58640 Iserlohn
Tel.: + 49 2371 971-0
E-mail: info@schlueter.de

Hereinafter referred to as the Controller or we.

You can reach the data protection officer under:

Data protection officer - personal -
Schmölestraße 7
58640 Iserlohn
E-mail: datenschutz@schlueter.de

Please note that you may access other websites via links on our website that are not operated by us, but by third parties. Such links are either clearly identified by us or are recognizable by a change of the address line in your browser. We are not responsible for compliance with data protection regulations and the secure handling of your personal data in such websites operated by third parties. 

 

2. Definitions

From the GDPR

This privacy policy uses the legal terms established in the GDPR. Further information about the definition of these terms (Art. 4 GDPR) can be found, e.g. at https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679.

Cookies and similar technologies

Cookies are text files that are saved on your device or read from there by a website. They contain letter and number combinations in order to recognise users and their settings, e.g. when they return to a cookie-setting website, to enable them to remain logged into a customer account, or to statistically analyse a certain user behaviour.

WebStorage technology enables variables and values to be stored locally in the user's browser cache. The technology includes both the "sessionStorage", which remains stored until the browser tab is closed, and the "localStorage", which is stored in the cache of the browser until the cache is cleared by the user. localStorage technology makes it possible, among other things, to identify users and their settings when they visit our website.

Data categories

When we specify the categories of data processed, this includes in particular the following data: master data (e.g. name, address, date of birth), contact data (e.g. e-mail addresses, telephone number, messenger services), content data (e.g. text entries, photographs, videos, contents of documents/files), contract data (e.g. subject matter of the contract, terms, customer category), payment data (e.g. bank details, payment history, use of other payment service providers), usage data (e.g. history on our website, use of certain content, access times, contact or order history), connection data (e.g. device information, IP addresses, URL referrers), location data (e.g. GPS data, IP geolocation, access points).

 

3. Information about data processing

We will only process personal data to the extent permissible by law. We will exclusively disclose personal data in the cases described below. Personal data will be protected with appropriate technical and organisational measures (e.g. pseudonymisation, encryption).

Unless storage or disclosure to third parties (in particular law enforcement authorities) is a legal obligation for us, the decision as to which personal data we collect, how long they are stored, and to which extent we disclose them depends on the features of our website you use in individual cases.

 

4. Storage duration

The personal data will be deleted as soon as the purpose of the processing ceases to exist or a required retention period expires, unless it is necessary to keep saving the personal data for concluding a contract or fulfilling contractual obligations. If we are required to provide information about the storage duration of cookies and similar technologies, you will find the details for this under claus II. 1 of this policy.

Personal data that we process in the context of an application (see below) will be stored for a period of six months after completion of the application process.

 

5. Automated decisions in individual cases, including profiling

There will be no automated decisions in individual cases, including profiling.

 

6. Data subject rights

As the data subject, you have the right to information pursuant to Art. 15, GDPR, the right to rectification pursuant to Art. 16, GDPR, the right to erasure pursuant to Art. 17, GDPR, the right to restriction of processing pursuant to Art. 18, GDPR, as well as the right to data portability pursuant to Art. 20, GDPR. The right to information and the right to erasure are subject to the restrictions from Sections 34, 35, BDSG.
You have the right to complain to a data protection supervisory authority (Art. 77 GDPR in conjunction with Section 19 BDSG).

The data protection supervisory authority responsible for us is:

State Commissioner for Data Protection and Freedom of Information in North Rhine-Westphalia
Kavalleriestraße 2-4
40213 Düsseldorf

However, you are free to complain to another data protection supervisory authority.

You will find a list of the supervisory authorities at: https://www.bfdi.bund.de/ (under Infothek/Addresses and Links)

 

7. Controller's notification duties

We will notify all recipients to whom we disclose your personal data of any rectification or erasure of your personal data or restriction of processing pursuant to Art. 16, Art 17 (1), and Art. 18, GDPR, unless such notification is impossible or associated with a disproportional effort. We will notify you of recipients at your request.

 

8. Obligation to provide information

Unless otherwise explained below in the information on the legal basis, you are not obliged to provide personal data. In the cases of Art. 6 (1) lit b GDPR, however, the personal data are required for the fulfillment or conclusion of a contract. If you do not provide the personal data concerned, it is not possible to fulfill or conclude the contract. If you do not provide the data in the cases of Art. 6 (1) lit a, f GDPR, it is not possible to use the parts of our website concerned.

With regard to our events and seminars you are not obliged to provide personal data, but participation in the events is not possible without this data.

 

9. Right of objection and withdrawal of consent

You have the right to object on grounds relating from your particular situation to the processing of your personal data that is based on Art. 6 (1), lit f, GDPR. Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing.

You have the right to withdraw your consent given to us at any time pursuant to Art. 7 (3), sentence 1, GDPR. This will not affect the lawfulness of processing based on content before this withdrawal. Accordingly, withdrawal only applies to processing planned for the time after the withdrawal. Withdrawal of consent can be communicated informally via regular mail or e-mail. Following your objection, we will no longer process your personal data, unless this is permitted by another (legal) basis. However, if you object and there is no other legal ground for processing, personal data must be erased without undue delay pursuant to Art. 17 (1), lit b, GDPR at your request.

Objection and revocation can be made informally and should be directed to:

Schlüter-Systems KG
Schmölestraße 7
58640 Iserlohn
widerspruch@schlueter.de

You can revoke certain consent(s) (see the services under II.) directly via our Consent tool. Please note that you must do this on every end device on which you have visited our website and consented to data processing.

 

II. DATA PROCESSING ASSOCIATED WITH USING OUR WEBSITE

The use of our website and its functions requires the regular processing of personal data.

1. Services, functions and cookies

 

 

2. Shariff

We use a technical solution (Shariff Button) on our website to integrate the social plugins of Facebook (Share Button), Twitter (Share Button), LinkedIn (Share Button), Pinteres (Share Button), XING (Share Button) and WhatsApp (Share Button), which replace the buttons of social networks. This solution prevents your data from being sent directly to social networks and prevents these providers from reading and storing information on your end device. Therefore, no connection to the servers of the social networks is established when accessing our website. This only happens if you click on one of the buttons. If you click on a corresponding button, this opens a new page that is retrieved from the servers of the respective social network. In this manner, the social network operator learns that our website was accessed via your IP address. The provider may also store or read cookies on your device or read cookies, unless you have disabled the use of cookies in your browser.

 

3. Subscription to our newsletter

Purpose of processing: Subscription to our newsletter about our new features and offers. Proof of your consent; ensuring the security of our information technology systems (these are also our legitimate interests in accordance with Art. 6 (1) lit. f GDPR).
Legal basis: Art. 6 (1) lit. a, f GDPR
Data categories: Master data, contact data, content data, connection data and usage data
Data recipients: None
Intended third country transfer: None
Do we store or read personal data on your end device based on your consent?: No

 

4. Request of promotional materials or price offers

Purpose of processing: Requesting advertising materials and/or individual offers for our products; ensuring the security of our information technology systems (this is also our legitimate interest in accordance with Art. 6 (1) lit. f GDPR).
Legal basis: Art. 6 (1) lit. b GDPR, Art. 6 (1) lit. f GDPR
Data categories: Master data, contact data, content data, connection data and usage data. If you already are a customer, it is sufficient to indicate your customer number and your e-mail address.
Data recipients: If applicable, service providers (e.g. shipping companies), if disclosure is necessary to fulfil the request
Intended third country transfer: None
Do we store or read personal data on your end device based on your consent?  No

 

5. Registration and implementation of face-to-face seminars (Schlüter workbox) and webinars (GoTo meeting)

Purpose of processing: Registration for our face-to-face seminars via the Schlüter workbox and webinars via GoTo meeting; preparation and implementation of the seminars and webinars Proof of your registration; ensuring the security of our information technology systems (these are also our legitimate interests in accordance with Art. 6 (1) lit. f GDPR).
Legal basis: Art. 6 (1) lit. b, f GDPR
Data categories: Master data, contact data, content data, contract data and connection data (depending on the respective seminar or webinar and the registration process)
Data recipients: Recipients, if applicable, in connection with registering for and conducting the seminars where disclosure is required (e.g. to book hotel rooms at the request of seminar participants); LogMeIn Ireland Limited Bloodstone Building Block C 70 Sir John Rogerson's Quay Dublin 2, Ireland (for webinars via GoTo meeting)
Intended third country transfer: None (in the case of face-to-face seminars); for webinars in individual cases USA (pursuant to Decision (EU) 2016/1250 - "EU-US data protection shield" and on the basis of the standard data protection clauses of the EU Commission, Art. 46 (2) lit. c GDPR)
Do we store or read personal data on your end device based on your consent? No

 

6. Registration for participation at our events

Purpose of processing: Registration, preparation and implementation of our events. Proof of your registration; ensuring the security of our information technology systems (these are also our legitimate interests in accordance with Art. 6 (1) lit. f GDPR). 
Legal basis: Art. 6 (1) lit. b and f GDPR
Data categories: Master data, contact data, content data, contract data and connection data (depending on the specific event and the registration process)
Data recipients:  If applicable, recipients in connection with the registration and implementation of the events, insofar as disclosure is required for this purpose (e.g. cooperation partners who provide the premises)
Intended third country transfer: None.
Do we store or read personal data on your end device based on your consent? No

 

7. Applications

Purpose of processing: Processing your application (by e-mail or by post) and conducting the application procedure; consideration of your application in future application procedures with us or within the Schlüter Group, subject to express consent
Legal basis: Art. 88 (1) GDPR in conjunction with Art. 26 (1) sentence 1 BDSG; for applications within the Schlüter Group and for storage for future application procedures Art. 6 (1) lit. a GDPR in conjunction with Art. 7 GDPR, Art. 26 (2) BDSG
Data categories: Master data, contact data, content data, contract data, usage data, connection data and, if applicable, special categories of personal data within the meaning of Art. 9 (1) GDPR (depending on the specific advertisement; only the data relating to your application which you provide us with and which we may process in the context of applications will be stored)
Data recipients: None. Only if you expressly agree to this will the information be passed on within the Schlüter Group for current and possibly future application procedures.
Intended third country transfer: None
Do we store or read personal data on your end device based on your consent? No

 

8. Contact (contact form/e-mail contact)

Purpose of processing: Processing your contact request and call-back requests; ensuring the security of our information technology systems (these are also our legitimate interests in accordance with Art. 6 (1) lit. f GDPR).
Legal basis:  Art. 6 (1) lit. f GDPR; Art. 6 (1) lit. b GDPR (if the request leads to a later conclusion of a contract or concerns an existing contract)
Data categories: Depending on the type of request. Contact data, master data and content data are generally processed.
Data recipients: None
Intended third country transfer: None
Do we store or read personal data on your end device based on your consent? No

 

9. Participation in sweepstakes

Purpose of processing: Conducting sweepstakes via our website and, if applicable, our Facebook profile; notifying winners; controlling and improving internal business processes; further developing the sweepstakes; ensuring the security of our information technology systems (these are also our legitimate interests pursuant to Art. 6 (1) lit. f GDPR)
Legal basis: Art. 6 (1) lit. b, f GDPR
Data categories: Master data, contact data, connection data, usage data
Data recipients: If applicable, recipients in connection with the execution of the sweepstake or the shipment of the prizes (e.g. shipping service provider).
Intended third country transfer: None
Do we store or read personal data on your end device based on your consent? No

 

III NOTES ON EXTERNAL SITES OF SCHLÜTER-SYSTEMS KG

Facebook

Purpose of processing: We have set up a page about our company ("Facebook Page") on the "Facebook" platform at https://www.facebook.com/schluetersystems/. When you visit this page, Facebook processes personal data about you. We receive statistics about the use of this site, which are derived from this data.
Legal basis: Art. 6 (1) lit. f GDPR
Data categories: Master data, contact data, content data, usage data, connection data and possibly location data.
Data recipients: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") (as joint controller, Art. 26 GDPR – the key information about the agreement can be accessed at https://www.facebook.com/legal/terms/page_controller_addendum)
Intended third country transfer: In individual cases USA 
Do we store or read personal data on your end device based on your consent? No
Data subject rights: Facebook is responsible for implementing your affected data subject rights. You can find out about your data subject rights on Facebook at https://www.facebook.com/legal/terms/information_about_page_insights_data. You can also assert your rights against us, we will then immediately forward your request to Facebook.

 

Instagram

Purpose of processing: We have set up pages about our company ("Instagram pages") on the "Instagram" platform of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") at https://www.instagram.com/schluetersystems and https://www.instagram.com/schlueterazubis. When you visit this page, Facebook processes personal data about you.
Legal basis: Art. 6 (1) lit. f GDPR
Data categories: Master data, contact data, content data, usage data, connection data and possibly location data.
Data recipients: Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook") (as joint controller, Art. 26 GDPR – the key information about the agreement can be accessed at https://www.facebook.com/legal/terms/page_controller_addendum)
Intended third country transfer: In individual cases USA 
Do we store or read personal data on your end device based on your consent?: No
Data subject rights: Facebook is responsible for implementing your affected data subject rights. You can find out about your data subject rights on Facebook at https://www.facebook.com/legal/terms/information_about_page_insights_data. You can also assert your rights against us, we will then immediately forward your request to Facebook.

 

Pinterest (profile)

Purpose of processing: We have set up a page on the "Pinterest" platform at https://www.pinterest.de/schluetersystems/ . When you visit this page, Pinterest processes personal data about you. We receive statistics about the use of this site, which are derived from this data.
Legal basis: Art. 6 (1) lit. f GDPR
Data categories: Master data, contact data, content data, usage data, connection data and possibly location data.
Data recipients: Pinterest Europe Ltd., Palmerston House, 2nd FloorFenian Street, Dublin 2, Ireland
Intended third country transfer: In individual cases USA
Do we store or read personal data on your end device based on your consent?: No

 

Twitter

Purpose of processing: We have set up a profile on the "Twitter" platform at https://twitter.com/schltersystems. When you visit this page, Twitter processes personal data about you. We receive statistics about the use of this site, which are derived from this data.
Legal basis: Art. 6 (1) lit. f GDPR
Data categories: Master data, contact data, content data, usage data, connection data and possibly location data.
Data recipients: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland ("Twitter")
Intended third country transfer: In individual cases USA 
Do we store or read personal data on your end device based on your consent?: No

 

YouTube channel

Purpose of processing: We have set up a video channel on the "YouTube" platform of Google Ireland Ltd., Gordon House, Barrow Street Dublin 4 Ireland ("Google") at https://www.youtube.com/channel/UC89SrBkPLXo4MJlYe82VyyA. When you visit this page, Google processes personal data about you. We receive statistics about the use of this site, which are derived from this data.
Legal basis: Art. 6 (1) lit. f GDPR
Data categories: Master data, contact data, content data, usage data, connection data and possibly location data.
Data recipients: Google Ireland Ltd., Gordon House, Barrow Street Dublin 4, Ireland
Intended third country transfer: In individual cases USA
Do we store or read personal data on your end device based on your consent?: No