Privacy policy

Thank you for your interest in our company. The protection of your data is very important to us.

1. General information

Your personal data is processed in accordance with the EU General Data Protection Regulation and the country-specific data protection regulations that apply to us. With our data protection declaration we would like to inform you, among other things, about the collection and storage of personal data, the type and purpose of their use, the relevant legal basis and the rights to which you are entitled.

This data protection declaration can be supplemented or changed in the future, for example due to legal requirements. Therefore, please inform yourself regularly about the current status. The current data protection declaration can be accessed at any time on our website at http://www.schwaiger.de/de/datenschutz/ can be called up and printed out by you.

2. Name and contact details of the person responsible for processing

This data protection declaration applies to data processing by:

Responsible:

Schwaiger GmbH
Würzburger Strasse 17
90579 Langenzenn
Phone: +49 (0) 9101 702-0
Fax: +49 (0) 9101 9668
E-mail: info@schwaiger.de
Internet: www.schwaiger.de

3. Name and contact details of our external data protection officer

Gerhard Kiesl
IT security officer (IHK)
VdS consultant for cyber security
+49 9548 982027-0
+49 160 2800399
E-mail: gerhard.kiesl@ifs-infoweb.de
Internet: www.unternehmenssicherheit-360.de

4. Definitions

We use the following terms in our data protection declaration, which we would like to explain below:

a) Personal data, data subject

Personal data is all information that relates to an identified or identifiable natural person (hereinafter "data subject"). A natural person is regarded as identifiable who, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person can be identified.

b) Processing

Processing is any process carried out with or without the help of automated procedures or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or change, reading, querying, use, Disclosure through transmission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.

c) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

d) Profiling

Profiling is any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal To analyze or predict the preferences, interests, reliability, behavior, whereabouts or relocation of this natural person.

e) pseudonymization

Pseudonymization is the processing of personal data in a way in which the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.

f) Responsible person or person responsible for processing

The person responsible or the person responsible for the processing is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the member states, the person responsible or the specific criteria for his appointment can be provided for in accordance with Union law or the law of the member states.

g) Processors

Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the person responsible.

h) recipient

Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation according to Union law or the law of the member states are not considered recipients.

i) third party

A third party is a natural or legal person, public authority, agency or body other than the data subject, the person responsible, the processor and the persons who are authorized to process the personal data under the direct responsibility of the person responsible or the processor.

j) Consent

Consent is any voluntary, informed and unambiguous declaration of intent given by the person concerned for the specific case in the form of a declaration or other unequivocal affirmative action with which the person concerned indicates that they consent to the processing of their personal data is.

k) Violation of the protection of personal data

Breach of the protection of personal data is a breach of security that leads to destruction, loss or alteration, whether unintentional or unlawful, or to the unauthorized disclosure of or unauthorized access to personal data that has been transmitted, stored or otherwise processed .

5. Collection and storage of personal data as well as the type and purpose of their use

a) Visiting our website

When you visit our website, the browser used on your device automatically sends information to the server on our website. This information is temporarily stored in a so-called log file. The following information is recorded without any action on your part and stored until it is automatically deleted after you leave our website:

- the IP address of the requesting computer

- the website from which access is made (referrer URL)

- the operating system of your computer

- the browser you are using

- the name of your internet access provider

- the date and time of access

- the name and URL of the file accessed

This data is collected and processed for the following purposes:

- to enable the use of our website (connection establishment)

- to ensure system security and stability over the long term

- to enable the technical administration of the network infrastructure and the optimization of our internet offer as well as

- for internal statistical purposes

The IP address is only evaluated in the event of attacks on the network infrastructure and for statistical purposes, without it being possible to draw any conclusions about your person. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.

The legal basis for data processing is Art. 6 Para. 1 S. 1 lit.f GDPR. Our legitimate interest follows from the data collection purposes listed above.

b) Your contact by email, creation of a customer account

We collect personal data if you voluntarily provide it to us when you contact us by email. We use the data you provide to process your inquiries and to process contracts. After your request has been fully processed or the contract has been fully processed or your customer account has been deleted, your data will be blocked for further use and deleted after the tax and commercial retention periods have expired, unless you have expressly consented to further use of your data or We reserve the right to use data beyond this, which is permitted by law and which we will inform you about below.

The data processing for the purpose of contacting us or creating a user account with us takes place in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR on the basis of your voluntarily given consent.

The data processing at A contract with us is concluded in accordance with Article 6 Paragraph 1 Sentence 1 lit. a GDPR on the basis of your voluntarily given consent or in accordance with Article 6 Paragraph 1 Sentence 1 lit.

You can object to the storage and use of your data for these purposes at any time by sending a message to the contact options mentioned under item 1 above.

c) Orders

As part of the ordering process in our online shop, the information required to process your order, i.e. your first and last name, your billing address and, if applicable, delivery address that deviates from this, your e-mail address as well as the order and payment information, is collected and to process your order, e.g. to deliver the goods and to process payments, processed and used.

For the above purposes, in particular to fulfill the contract, we also transfer the data to third parties, such as B. to delivery services. The service providers do not save the transmitted data for their own purposes.

The data processing within the scope of the order processes in our online shop takes place in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR on the basis of your voluntarily given consent or in accordance with Art. 6 Para. 1 S. 1 lit. .

d) Insertion in the shopping cart of our online shop (without subsequent order)

Products that you have placed in the shopping cart in our online shop are automatically deleted after 12 months.

The data processing takes place according to Art. 6 Para. 1 S. 1 lit. a GDPR on the basis of your voluntarily given consent.

e) Payments in our online shop

For payment processing in our online shop, we use the services of the omnichannel payment platform of Computop Wirtschaftsinformatik GmbH, https://computop.com/de/impressum, which was commissioned by us for the technical control of payment transactions including the implementation of the 3D Secure 2.0 procedure and with which we have concluded an order processing contract. The data protection declaration of Computop Wirtschaftsinformatik GmbH can be reached under the following link: https://computop.com/de/datenschutz

The personal data you have entered, such as your name and bank details, are processed.

The data processing takes place in accordance with Art. 6 Para. 1 S. 1 lit.b DSGVO for the purpose of contract execution, if you have concluded a contract with us that is subject to payment and you have consciously selected a certain payment method when checking out, whereby the transmission of certain data is required for the payment execution is.

For the processing of the data, your consent is obtained during the ordering process and reference is made to this data protection declaration. Data processing also takes place in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR.

The data processing in Computop Paygate, the payment platform of Computop Wirtschaftsinformatik GmbH, takes place in two data centers in Germany.

A data transfer to third countries can occur in cases in which the card-issuing bank (“issuer”) is located in a third country.

Computop Paygate implements the following deletion periods for payment transactions including 3DS 2.0 checks as standard, unless an individual deletion has been ordered beforehand:
• Computop Paygate database and Computop Analytics: deletion of payment transactions after 12 months.
• Computop Reporter database: deletion of payment transactions after 24 months.
• Storage of backups of the databases for the duration (and deletion of these backups after expiry) of a further 12 months.

f) Applications and application process

We collect and process the personal data of applicants for the purpose of carrying out the application process. The processing can also be done electronically. This is particularly the case if an applicant sends us the relevant application documents electronically, for example by email or using a web form on the website.

If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of carrying out the employment relationship in compliance with the statutory provisions.

If we do not conclude an employment contract with an applicant, the application documents will be automatically deleted 6 months after notification of the rejection decision, provided that the deletion does not have any other legitimate interests of the person responsible for processing within the meaning of Art. 6 Para. 1 S. 1 lit.f GDPR oppose. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

The legal basis for the processing of your personal data in the application process is your consent, Article 6 (1) (a) GDPR. The legal basis for using your data for the purpose of carrying out the employment relationship is Article 6 (1) (b) GDPR.

g) newsletter

Description and scope of data processing

You can subscribe to a free newsletter on our website. When registering for the newsletter, the data from the input mask is transmitted to us. In particular, the following data is collected when you register:

- Your email address
- IP address of the calling computer
- Date and time of registration

For the processing of the data, your consent is obtained as part of the registration process and reference is made to this data protection declaration.

In connection with the data processing for the dispatch of newsletters, the data is not passed on to third parties. The data will only be used to send the newsletter.

H) Use of data for mail or email advertising and your right of objection

If you are a company, we reserve the right to save your company name, your postal address and, if we have received this additional information from you as part of the contractual relationship, your professional and industry name and your email address in summarized lists and for our own advertising purposes use, e.g. to send interesting offers and information about our products by post or email.

You can object to the storage and use of your data for these purposes at any time by sending a message to the contact options mentioned under item 1 above.

The legal basis for data processing is Art. 6 Para. 1 S. 1 lit.f GDPR. Our legitimate interest follows from our interest in selling our products.

Purpose of data processing

The purpose of collecting your email address is to deliver the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the email address used.

Duration of storage

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The user's email address is therefore stored as long as the subscription to the newsletter is active.

Legal basis for data processing

The legal basis for processing the data after you have registered for the newsletter is your consent, Article 6 (1) (a) GDPR.

Opposition and removal option

The user concerned can cancel the subscription to the newsletter at any time. There is a corresponding link in every newsletter for this purpose. At the end of each newsletter there is a link that you can use to unsubscribe from the newsletter at any time.

i) H.information on eelectronic mail (email)

Data transmission over the Internet (e.g. when communicating by e-mail) can have security gaps. Information that you send to us unencrypted by electronic mail (e-mail) can be read, saved and used for purposes other than intended by third parties en route. Therefore, please do not send any confidential information without using an encryption program.

j) Other transfer of data

A transfer of your personal data to third parties for purposes other than those listed below does not take place.

We only pass on your personal data to third parties if:

• You have given your express consent in accordance with Art. 6 Para. 1 S. 1 lit.

• the transfer according to Art. 6 Para. 1 S. 1 lit.
• The transfer according to Art. 6 Para. 1 S. 1 lit.f GDPR is in the interest of the user-friendliness of our website and the improvement of our offer and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
• in the event that there is a legal obligation for disclosure in accordance with Art. 6 Paragraph 1 Clause 1 lit.
• this is legally permissible and required according to Art. 6 Para. 1 S. 1 lit. b GDPR for the processing of contractual relationships with you.

k) Deletion of personal data

The personal data will be deleted if you revoke your consent, the data is no longer required or your inquiries have been finally processed or the law enforces the deletion. If data is stored for billing or accounting purposes, it will not be affected by the deletion request or the revocation of consent.

6. Cookies

Like many other websites, we also use "cookies", small text files that make it possible to save specific, device-related information on the user's access device (PC, tablet, smartphone). On the one hand, they serve the user-friendliness of our website and thus the user, and on the other hand, the statistical collection of data on website usage and thus the improvement of our offer. Some of the cookies we use are deleted again at the end of the browser session, i.e. after you close your browser, so-called session cookies. Other cookies remain on your device and enable us to recognize your browser the next time you visit, persistent cookies.

As a user, you can influence the use of cookies. Most browsers have an option with which the storage of cookies can be reduced or completely prevented. However, we would like to point out that the use and convenience of use on our website can be restricted by excluding cookies.

Detailed information about cookies

Detailed information about cookies, e.g. how you can determine which cookies have been set and how you can handle them and delete them, can be found on the following page: http://www.allaboutcookies.org/ge/

Further Instructions for deleting cookies in the most common browsers can be found here:

• Microsoft Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
• Mozilla Firefox: https://support.mozilla.org/de/kb/erste-stufen-mit-firefox
• Google Chrome: https://support.google.com/chrome/answer/95647?hl=de
• Apple Safari: https://support.apple.com/?path=Safari/3.0/de/11471.html
• Opera: http://help.opera.com/Windows/9.10/de/cookies.html

The legal basis for data processing, i.e. for the use of so-called cookies, is Art. 6 Para. 1 S. 1 lit.f GDPR. Our legitimate interest follows from our interest in the user-friendliness of our website and in improving our offer.

7. Links to social media

Twitter

Our website contains a link to the Twitter microblogging service from Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

You can find more information on this in Twitter's data protection declaration at https://help.twitter.com/de/rules-and-policies/update-privacy-policy.

You can change your data protection settings on Twitter in the account settings under http://twitter.com/account/settings change.

Facebook pixels and target group formation (Custom Audiences):

With the help of the Facebook pixel (or comparable functions for the transmission of event data or contact information using interfaces in apps), Facebook is on the one hand able to target the visitors of our online offer as a target group for the display of advertisements (so-called "Facebook ads") ) to be determined. Accordingly, we use the Facebook pixel to only send the Facebook ads placed by us to those users on Facebook and within the services of the partners cooperating with Facebook (so-called "Audience Network"). https://www.facebook.com/audiencenetwork/ ) who have also shown an interest in our online offer or who have certain characteristics (e.g. interest in certain topics or products that can be seen from the websites visited) that we transmit to Facebook (so-called "Custom Audiences"). With help of the Facebook pixel, we also want to ensure that our Facebook ads correspond to the potential interest of the user and are not annoying. With the help of the Facebook pixel, we can also understand the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook advertisement (so-called "conversion measurement").

We are together with Facebook Ireland Ltd. for the collection or receipt as part of a transmission (but not the further processing) of "event data" that Facebook collects using the Facebook pixel and comparable functions (e.g. interfaces) that are carried out on our online offer or received in the context of a transmission for the following purposes, jointly responsible: a) display of content advertising information that corresponds to the presumed interests of the users; b) Delivery of commercial and transaction-related messages (e.g. addressing users via Facebook Messenger); c) Improving the delivery of advertisements and personalizing functions and content (e.g. improving the recognition of which content or advertising information presumably corresponds to the interests of the users). We have concluded a special agreement with Facebook ("Supplement for those responsible", https://www.facebook.com/legal/controller_addendum), which in particular regulates which security measures Facebook must observe (https://www.facebook.com/legal/terms/data_security_terms) and in which Facebook has agreed to fulfill the rights of the data subject (i.e. users can, for example, send information or deletion requests directly to Facebook). Note: If Facebook provides us with measured values, analyzes and reports (which are aggregated, i.e. they do not receive any information about individual users and are anonymous to us), then this processing does not take place within the framework of joint responsibility, but on the basis of an order processing contract ("data processing conditions") , https://www.facebook.com/legal/terms/dataprocessing), the "data security conditions" (https://www.facebook.com/legal/terms/data_security_terms) as well as with regard to processing in the USA on the basis of standard contractual clauses ("Facebook-EU data transfer addendum, https://www.facebook.com/legal/EU_data_transfer_addendum) User rights (in particular to information, deletion, objection and complaint to the competent supervisory authority) are not restricted by the agreements with Facebook.

• Processed data types: Usage data (e.g. websites visited, interest in content, access times), meta / communication data (e.g. device information, IP addresses), location data (information on the geographical position of a device or a person), event data (Facebook) ("Event -Data "are data that can be transmitted from us to Facebook, for example via Facebook pixels (via apps or in other ways) and relate to people or their actions; The data includes, for example, information about visits on websites, interactions with content, functions, installation of apps, purchases of products, etc .; the event data is processed in order to create target groups for content and advertising information (custom audiences); event data does not contain the actual content (such as e.g. B. written comments), no login information and no contact information (i.e. no names, email addresses and telephone numbers). Event data is deleted by Facebook after a maximum of two years formed target groups with the deletion of our Facebook account).
• Affected people: Users (e.g. website visitors, users of online services).
• Purposes of processing: Tracking (e.g. interest / behavior-related profiling, use of cookies), remarketing, conversion measurement (measurement of the effectiveness of marketing measures), interest-based and behavior-related marketing, profiling (creation of user profiles), target group formation (determination of target groups relevant for marketing purposes or other output of content ), Cross-device tracking (cross-device processing of user data for marketing purposes).
• Safety measures: IP masking (pseudonymization of the IP address).
• Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a. GDPR), Legitimate Interests (Art. 6 Para. 1 S. 1 lit. f. GDPR).
• Opposition option (opt-out): We refer to the data protection notices of the respective providers and the possibilities of objection given to the providers (so-called "opt-out"). Unless an explicit opt-out option has been specified, you have the option of switching off cookies in your browser settings. However, this can restrict the functions of our online offer. We therefore also recommend the following opt-out options, which are offered in summary for the respective areas: a) Europe: https://www.youronlinechoices.eu. b) Canada: https://www.youradchoices.ca/choices. c) USA: https://www.aboutads.info/choices. d) Cross-regional: https://optout.aboutads.info.

Used services and service providers:

• Facebook pixels and target group formation (Custom Audiences): Service provider: https://www.facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; Website: https://www.facebook.com; Data protection: https://www.facebook.com/about/privacy; Opposition option (opt-out): https://www.facebook.com/settings?tab=ads.

Google +1

Our website contains a link to the social network Google +1 (GooglePlus) of Google Inc., 1600 Amphitheater Parkway, Mountainview, California, 94043 USA (hereinafter "Google"). This is not a plug-in from Google +1. It So none of your personal data will be transmitted from our side to Google +1.
Information on data protection from Google can be found at: http://www.google.de/intl/de/policies/privacy

YouTube

Our website contains a link to the YouTube site operated by Google. The operator of the site is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

Further information can be found in YouTube's data protection declaration at: https://www.google.de/intl/de/policies/privacy.

8. Rights of data subjects

You have the right:

• to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a Right to lodge a complaint, the origin of your data, if we have not collected it, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information on their details;
• In accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us;
• to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless processing to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is required;
• In accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data if you dispute the correctness of the data, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it to assert or exercise it or if you need to defend legal claims or if you have objected to processing in accordance with Art. 21 GDPR;
• in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another person responsible;
• to revoke your consent given to us at any time in accordance with Art. 7 Para. 3 GDPR. As a result, we are no longer allowed to continue the data processing based on this consent in the future
• In accordance with Art. 77 GDPR, without prejudice to any other administrative or judicial remedy, to complain to a supervisory authority, in particular in the member state of your habitual residence, your place of work or the place of the alleged violation. A list of the supervisory authorities with the respective contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

9. Right to Object

If your personal data are processed on the basis of legitimate interests in accordance with Art. 6 Para. 1 S. 1 lit.f GDPR, you have the right to object to the processing of your personal data in accordance with Art. which arise from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation.

If you would like to make use of your right of revocation or objection, an email to is sufficient datensicherheit@schwaiger.de.

For security reasons, our website uses SSL (Secure Socket Layer) encryption. You can tell whether an individual page of our website is transmitted in encrypted form by the fact that the address line of the browser changes from “http: //” to “https: //” and by the closed display of the key or lock symbol in the status bar of your Browser.

Furthermore, we use suitable technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.