We detected, that your browser supports another language than the called one. This page is also available in your language! Would you switch to this page in your language?
1. General information
As the operator, we take the protection of your personal data on our website very seriously. We treat your personal data in confidence and in compliance with the provisions of data protection law.
As a general rule it is possible to use our website without providing any personal data. If a data subject wishes to use our company’s special services via our Internet site, it can become necessary to process personal data, however. Insofar as personal data are collected on our sites, this is always done on a voluntary basis as far as possible. The personal data of a data subject, for instance a person’s name, address, e-mail address or telephone number, are collected and processed in compliance with the requirements of the EU General Data Protection Regulations (EU GDPR), the (new) German Federal Data Protection Act (BDSG new), the applicable data protection regulations of the German Federal States and the German Telemedia Act (TMG).
We point out that the transmission of data via the Internet (e.g. in communications by e-mail) can have security loopholes. It is not possible to have complete protection of data against access by third parties. Everyone is at liberty to transmit personal data to us via alternative channels, for instance on the telephone or via the postal service.
2. Name and address of the controller
The controller within the meaning of the General Data Protection Regulations (GDPR) is:
Stuttgarter Strasse 37
Telephone: +49 7031 302-0
Telefax: +49 7031 302-138
Legal representative: Managing Director Andy Haunholter | Dr. Alexander Karl
Commercial register: Local court of Stuttgart no. HRB 737166
VAT ID no.: DE 277 740 010
3. Name and address of the data protection officer, of the contact person for data protection at SCHNORR GmbH and of the supervisory authority
3.1 Data protection officer:
Alpaslan Kücükelci, coda Unternehmensberatung
Im Dietner 21
Telephone: +49 (0) 7127/9499064
Every data subject has the right to contact our data protection officer directly with respect to all questions, requests and suggestions on the subject of data protection.
3.2 Contact person for data protection at SCHNORR GmbH:
Stuttgarter Straße 37
Telephone: +49 (0) 7031 302-167
3.3 Supervisory authority:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit
Postfach 10 29 32
4. Personal data
Personal data means any information relating to an identified or identifiable natural person. This includes, for example, name, address, telephone number, e-mail address, IP address, user name, password, preferences, hobbies, memberships and information on the websites that have been viewed by a visitor.
5. Collection, processing and use of your personal data
5.1 Log files
Every time you access our website, the respective Internet browser transmits specific usage data that are stored in so-called server log files. The data involved in this connection are as follows: - Date and time when you accessed our website
- IP address of the inquiring computer
- Time zone difference to Greenwich Mean Time (GMT)
- Volume of data transmitted
- Content of the inquiry (specific page)
- Operating system and its access status / http status code
- Website that the access was referred from (so-called "Referrer URL")
- Browser, language and version of the browser software
- Other similar data and information which serve to avert danger in the event of attacks on our information technology systems.
These data are collected and processed for the purpose of enabling you to use our website (connection set-up), to guarantee system security, for technical administration of the network infrastructure, to provide information to the law enforcement authorities in the event of a cyber attack or abuse and to otherwise optimize our offer.
Subject to any statutory or official retention obligations, these data are deleted when you leave our website.
The legal ground for the collection, storage and use of these data is our legitimate interest in being able to provide you with the information on our website without any impairment and to guarantee the requisite security (Art. 6 (1) sentence 1 f) GDPR).
5.2 Establishing contact
If you contact us by using the contact form provided in the section “Contact”, we collect and store the name of the company you belong to, the form of address selected, your first and last name, the country, telephone number and e-mail address and the content of the communication as well as, if applicable, confirmation that you have read and accepted the data protection declaration. These are mandatory fields in our contact form. You may also add the following voluntary details in the form, the street, the house number, the postal code and town and a fax number, if any, a mobile phone number and a website. Please note that these voluntary details are not required to respond to your communications and consider carefully whether you wish to share these data with us.
If you contact us by e-mail, we collect and store your e-mail address, your name and the content of your communication.
We store and use your personal data for the purpose of answering your questions or to process your communications and/or subsequent questions or communications.
After the communications with you have been concluded, these data will be deleted – subject to any statutory or official retention obligations or to the legality of the data processing on another legal ground. This shall be performed at the latest after we have had no further communication with you for one year.
The legal grounds for the processing of your personal data are our legitimate interest in being able to communicate with you to respond to your communications (Art. 6 (1) sentence 1 f) GDPR) and, in addition, your consent (Art. 6 (1) sentence 1 a) GDPR), provided that you have given us your consent. Please note the explanations we have provided in section 8 regarding the withdrawal of your consent.
We use so-called cookies. Cookies are small text files that are stored on your terminal device (PC, tablet etc.) by the Internet server or are created by an embedded script. A cookie can only contain information which we send to your computer ourselves – no personal data can be read.
The first time you access a website, a Session Cookie allocates a randomly-generated character string (Session ID) to your terminal device to control the connection and uniquely distinguish your device from other visitors accessing the page at the same time and thus characterizes the respective access to the page. This cookie contains the Session ID in which the accessing Internet server and the access time are encrypted. We use Session Cookies to maintain the connection during your visit to our website.
Temporary Cookies are solely used to design our offer in a manner which is convenient for you and tailored to your requirements and to make your use of our offer easier by not having to repeatedly enter certain information when you revisit, and to refer you to our offer quickly. Temporary Cookies are deleted automatically after a certain period of inactivity (Defined Session Timeout). Inactivity means that you have not returned to our website in the meantime. The Defined Session Timeout is generally a three-year period from the date when you were first identified by the Temporary Cookie.
The legal grounds for the processing of your personal data are our legitimate interest in the technical functionality of our website and in enhancing our service offer on the website (Art. 6 (1) sentence 1 f) GDPR) and your consent (Art. 6 (1) sentence 1 a) GDPR. Please note the explanations we have provided in section 8 regarding the withdrawal of your consent.
An example for the Internet Explorer browser:
1. Open Internet Explorer.
2. Select the item “Internet Options” in “Extras”
3. Click on the “Privacy” tab
4. Now you can adjust the settings so that cookies are accepted, selected or refused
5. You confirm your setting by clicking “OK”
An example for the Firefox browser:
1. Open the Firefox browser.
2. Select the item “Settings” in “Extras”
3. Click on the “Privacy” tab
4. Select the option “Use custom settings for history” from the drop-down menu
5. Now you can choose your preferred setting depending on whether cookies are to be accepted, how long you want to keep these cookies for and you can add exceptions to control which sites you always or never want to be allowed to set cookies.
6. You confirm your setting by clicking “OK”.
An example for the Safari browser:
1. Open the Safari browser.
2. Select “Settings” in the toolbar (pictogram: grey cogwheel in the upper right-hand corner) and click on “Privacy”
3. Under “Accept cookies” you can choose whether and if so when Safari is to accept cookies from websites. For further information click on “Help”(?).
4. If you wish to have further information on the cookies that are stored on your computer, then click on “Show cookies”.
5.4 Web analysis with Google Analytics
We deploy tracking tools to ensure that the design of our website is tailored to suit needs and that our site is continually optimized, and also in order to capture statistics on the use of our website and for the purpose of optimizing our offer for you.
This website uses Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”).
In this connection, pseudonymized usage profiles are created and cookies are used. The information generated by the cookies on your use of our website, such as browser type/version, the operating system used, referrer URL (the page previously visited), host name of the accessing computer (IP address) and time of the server access, are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activities and to perform further services associated with the website and Internet usage for the purposes of market research and for the design of these web pages customized to suit needs. This information is also possibly transferred to third parties if this is prescribed by law or insofar as third parties are commissioned to process these data.
Your IP address will not be combined with other data from Google in any event. The IP addresses are anonymized so that no allocation is possible (IP masking). In order to guarantee the anonymized capture of IP addresses, the code „gat._anonymizeIp();“ has been added to Google Analytics so that IP addresses are always only processed after being shortened so as to rule out any possibility of a personal connection.
You can prevent the cookies from being installed by setting your browser software accordingly; we do point out, however, that in this case it is possible that you might not be able to fully use all of the functions of this website.
In addition, you can prevent the data generated by the cookie that relate to your use of the website (inclusive of your IP address) from being collected and processed by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from capturing data by clicking on the following link to activate an opt-out cookie: incorporation of the function to activate the opt-out cookie… This sets an opt-out cookie to prevent your data from being captured in future when you visit this website. The opt-out cookie only applies in this browser and only to our website and is stored on your device. If you delete the cookies in your browser, then you have to set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found, for example, in the Google Analytics support (https://support.google.com/analytics/answer/6004245?hl=de).
The legal ground for the processing of your personal data by Google Analytics is your consent pursuant to Art. 6 (1) sentence 1 a) GDPR.
5.5 Data protection regulations on the implementation and use of YouTube
We have integrated components of YouTube into this Internet page. YouTube is an Internet video portal enabling video publishers to upload videoclips free of charge and other users to view, evaluate and comment on them, also on a cost-free basis. YouTube permits the publication of all types of videos; this is why both complete film and television broadcasts and also music videos, trailers and videos produced by the users themselves can be downloaded via the Internet portal.
The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Every time a data subject accesses one of the individual pages of this Internet site operated by the controller of processing that a YouTube component (YouTube Video) has been integrated into, the respective YouTube component automatically arranges for the Internet browser on the data subject’s information technology system to download a presentation of the respective YouTube component from YouTube. Further information on YouTube can be obtained at: https://www.youtube.com/yt/about/de. In connection with this technical process, YouTube and Google obtain knowledge of the specific sub-site of our Internet site which is visited by the data subject. If the data subject is simultaneously logged on to YouTube, YouTube knows, through the access to a sub-site containing a YouTube video, which specific sub-site of our Internet site this data subject is visiting. This information is collected by YouTube and Google and allocated to the relevant YouTube account of the data subject. Through the YouTube component, YouTube und Google always obtain the information that the data subject has visited our Internet site, provided that the data subject is simultaneously logged on to YouTube when visiting our site; this happens irrespective of whether the data subject clicks on a YouTube video or not. If the data subject does not wish to have such information transmitted to YouTube and Google, the data subject can prevent the transmission by logging out of his or her YouTube account before visiting our Internet site.
The data protection regulations published by YouTube available at: https://www.google.de/intl/de/policies/privacy/, provide information on the collection, processing and use of personal data by YouTube and Google.
5.6 Data processing on commission/transferring data
5.6.1 Data processing on commission
Notwithstanding other provisions, we reserve the right to transfer your data on the basis of the afore-stated legal grounds to third parties commissioned by us (processing of data by a processor) (e.g. in connection with IT support). Agreements on data processing on commission always exist with service providers thus commissioned. Such service providers ensure that the data transferred accordingly are solely used by our agents for performance of the tasks stipulated by us in accordance with the afore-stated purpose and in compliance with the necessary technical and organizational measures for data security and data protection.
5.6.2 Transferring data to third parties
Otherwise there shall be no transfer of your personal data to third parties for purposes other than those set forth below. We only transfer your personal data to third parties if:
- you have given us your explicit consent to this pursuant to Art. 6 (1) sentence 1 a) GDPR;
- such transfer is necessary in accordance with Art. 6 (1) sentence 1 f) GDPR for the establishment, exercise or defence of legal claims, and there is no reason to assume that you have an overriding legitimate interest in the non-transfer of your data;
- in the event that there is a legal obligation for the transfer pursuant to Art. 6 (1) sentence 1 c) GDPR and
- if this is legally permissible and necessary pursuant to Art. 6 (1) sentence 1 b) GDPR for handling the contractual relationships with you.
6. Encryption/data security
SSL encryption (so-called Secure Socket Layer – certificate) is always applied to the collection, processing and use of your data via our website. SSL is used to encrypt the continuous flow of data on the Internet between the server and the browser of a user so as to prevent “covert interception and retrieval” – insofar as is technically possible. An SSL connection can be identified, among other things, by the fact that the URL starts with “https://” in the address bar of your browser and/or by a “padlock symbol” (icon) next to the address bar of your browser. By clicking on the icon, you can obtain further information on the encryption and/or on the SSL certificate used, depending on which browser you use.
Moreover, we use all reasonable, suitable, technical and organizational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss or destruction and against unauthorized access by third parties. Our security measures are continually improved and further evolved in accordance with technological development.
7. Erasure of the data/restriction of data processing
Your data will be erased in principle if your consent has lapsed or if the data are no longer required for the purpose of the data processing and if there is no longer any legitimate interest in further storage and processing. If these data have to continue to be stored, however, due to existing statutory, official or contractual obligations (e.g. warranty, financial accounting), the data processing will be restricted by means of marking these data and making them unavailable.
8. Rights of the data subject
8.1 Right to confirmation (Art. 15 GDPR)
Each data subject shall have the right granted by the European legislature to obtain from the controller of the processing confirmation as to whether or not personal data concerning him or her are being processed. If a data subject would like to exercise this right to confirmation, he or she can approach the contact person for data protection at SCHNORR GmbH (see sub-sec. 3.2 above for contact details).
8.2 Right to access information (Art. 15 GDPR)
Each data subject affected by the processing of personal data shall have the right granted by the European legislature to obtain from the controller of the processing at any time free information on the personal data concerning him or her that are stored and a copy of this information. The European legislature grants the data subject the right to access the following information:
The purposes of the processing; the categories of personal data that are processed; the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations; where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to rectification or erasure of personal data or restriction of processing by the controller of personal data concerning the data subject or to object to such processing where the personal data are not collected from the data subject.
With regard to all available information on the origin of the data, the data subject has a right to information on whether personal data are transferred to a third country or to an international organization. If this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer. If a data subject would like to exercise this right to information, he or she can approach our contact person for data protection (see sub-sec. 3.2 above for contact details).
8.3 Right to rectification (Art. 16 GDPR)
Each data subject affected by the processing of personal data shall have the right granted by the European legislature to obtain without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a data subject would like to exercise this right to rectification, he or she can approach our contact person for data protection (see sub-sec. 3.2 above for contact details).
8.4 Right to erasure (Right to be forgotten) (Art. 17 GDPR)
Each data subject affected by the processing of personal data shall have the right granted by the European legislature to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the following grounds applies and to the extent that the processing is not necessary:
• the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
• the data subject withdraws consent on which the processing is based according to point (a) of Article 6 (1) GDPR, or point (a) of Article 9 (2) GDPR, and where there is no other legal ground for the processing;
• the data subject objects to the processing pursuant to Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR;
• the personal data have been unlawfully processed;
• the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
• the personal data have been collected in relation to the offer of information society services referred to in Article 8 (1) GDPR.
If one of the grounds set out above applies and a data subject would like to obtain the erasure of the personal data we have stored, the data subject can approach our contact person for data protection at any time (see sub-sec. 3.2 above for contact details).
The data protection officer, our contact person for data protection or another employee will arrange for the erasure request to be complied with without undue delay.
Where we have made the personal data public and our company is obliged as controller pursuant to Art. 17 (1) GDPR to erase the personal data, we shall take reasonable steps, taking account of available technology and the cost of implementation, including technical measures, to inform other controllers which are processing the published personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, insofar as the processing is not necessary. Our contact person for data protection (see sub-sec. 3.2 above for contact details) will arrange for what is necessary in each individual case.
8.5 Right to restriction of processing (Art. 18 GDPR)
Each data subject affected by the processing of personal data shall have the right granted by the European legislature to obtain from the controller the restriction of processing where one of the following conditions applies:
• the accuracy of the personal data is contested by the data subject, this shall be for a period enabling the controller to verify the accuracy of the personal data;
• the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
• the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
• the data subject has objected to processing pursuant to Art. 21 (1) GDPR pending the verification of whether the legitimate grounds of the controller override those of the data subject.
If one of the above conditions applies and a data subject wishes to obtain the restriction of processing of personal data we have stored, he or she can approach our contact person for data protection (see sub-sec. 3.2 above for contact details) at any time. We will arrange for the restriction of processing.
8.6 Right to data portability (Art. 20 GDPR)
Each data subject affected by the processing of personal data shall have the right granted by the European legislature to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6b (1) GDPR or point (a) of Article 9 (2) GDPR or on a contract pursuant to point (b) of Article 6 (1) GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In exercising his or her right to data portability pursuant to Art. 20 (1) GDPR, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided that this shall not adversely affect the rights and freedoms of others.
To exercise this right to data portability a data subject can approach our contact person for data protection (see sub-sec. 3.2 above for contact details).
8.7 Right to object to direct marketing (Art. 21 GDPR)
Each data subject affected by the processing of personal data shall have the right granted by the European legislature to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her which is based on point (e) or (f) of Art. 6 (1) GDPR.
If an objection is lodged we shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or the processing serves for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for the purpose of such marketing. If the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In addition, the data subject shall have the right to object, on grounds relating to his or her particular situation, to our processing the personal data concerning him or her for scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary for the performance of a task carried out for reasons of public interest.
To exercise the right to object a data subject can approach our contact person for data protection (see sub-sec. 3.2 above for contact details) directly.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
8.8 Right to object to data processing on the legal ground of “legitimate interest” (Art. 21 GDPR)
You have the right to object to data processing by us at any time if this is based on the legal ground of a “legitimate interest”. We shall then discontinue the processing of the data unless we can – in accordance with the statutory stipulations – demonstrate compelling legitimate grounds for the continued processing which override your interests.
To exercise the right to object a data subject can approach our contact person for data protection directly (see sub-sec. 3.2 above for contact details).
8.9 Right to withdraw consent under data protection regulations (Art. 7 (3) GDPR).
Each data subject affected by the processing of personal data shall have the right granted by the European legislature to withdraw his or her consent to the processing of personal data at any time.
If the data subject would like to exercise the right to withdraw his or her consent, the data subject can approach our contact person for data protection in this respect (see sub-sec. 3.2 above for contact details).
8.10. Right to lodge a complaint with the supervisory authority (Art. 77 GDPR)
You have the right to lodge a complaint with the competent supervisory authority (see sub-sec. 3.3 above) if you consider that the processing of your personal data infringes applicable law. You have the possibility of approaching the competent data protection authority responsible for your place of residence or country or the data protection authority responsible for us (see sub-sec. 3.3 above for contact details).
9. Data protection in job applications and in the application process
We collect and process the personal data of job applicants for the purpose of handling the application process. The processing may also be carried out by electronic means or by means of a form. This is the case, in particular, if an applicant submits respective application documents to us electronically, for example by e-mail or online. If we enter into an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with statutory regulations. If no employment contract is concluded with the applicant, the application documents shall be automatically erased six months after notification of the rejection, provided that no other legitimate interests oppose the erasure. Another legitimate interest within this sense of the term is, for example, the burden of proof in proceedings under the German General Act on Equal Treatment (AGG).
10. Validity and modification of the data protection declaration
This data protection declaration is valid and up to date at the current time and the version is dated 25 May 2018.
The further development of our website and offers, and changes in statutory or official requirements can make it necessary to modify this data protection declaration.
The currently valid version of the data protection declaration is always available on our website at https://www.schnorr-group.com/index.php?id=63&L=1 to be accessed, printed out and stored by you.