Privacy policy
General information
In order to ensure that you are fully informed about the use of your personal data and your rights on our websites, we ask you to read the following information in accordance with Art. 13 GDPR at regular intervals due to new legal requirements and technical developments. We make every effort to make the data privacy declaration as comprehensible as possible. If a section does not appear comprehensible to you, please let us know so that we can make improvements at the aforementioned point.
Which data are processed and why are they processed?
When we speak of data processing, this includes in particular the collection, storage, transmission, blocking, deletion as well as the anonymization, pseudonymization, encryption or other use of personal data. According to Art. 4 para. 1 GDPR, “personal data” is any information by which you can be personally identified, directly or indirectly. This includes, for example, your name, address, e-mail address but also IP address and user behavior.
We process your personal data only in compliance with the statutory provisions. For example, it is absolutely necessary to record your master data in order to conclude a contract with you. In addition, we process data if we have your consent or if we have a legitimate interest in processing (e.g. creating profiles for advertising and marketing purposes or the economic operation of our website through technically necessary cookies).
For security reasons, to protect personal data and other confidential content, this website uses SSL encryption. An encrypted connection can be recognized by the character string “https://” and/or a lock symbol in the address line of your browser.
Data transmission to third parties
Your data will not be rented, lent or sold by us. The data will not be passed on to third parties, unless this is necessary for the fulfilment of a contract according to Art. 6 para. 1 lit. b, because of a legitimate interest on our part according to Art. 6 para. 1 lit. f, because we are legally obliged to do so according to Art. 6 para. 1 lit. c or because of an explicit consent on your part (Art. 6 para. 1 lit. a), which can be revoked at any time.
The protection of your data is very important to us, and we carefully and conscientiously check every contractual partner of ours to ensure that they protect data in accordance with legal regulations and what organizational and technical measures are taken. For this reason, we also conclude an order data processing contract with the order processor in accordance with Art. 28 GDPR.
Data transfer to third countries
According to the basic data privacy regulation, third countries are all countries outside the EU or the EEA (European Economic Area). Third countries include the USA, Japan, Australia and Switzerland. Special precautions must be taken with regard to the protection of personal data, as many third countries have a lower level of data privacy than countries within the EU.
Personal data may only be transferred to third countries under the following conditions. These also apply if the personal data is further transmitted by the receiving agency in the third country:
- The EU Commission’s assessment of the adequacy of the level of data privacy in the third country: The EU Commission determines an adequate level of data privacy for countries such as Andorra, New Zealand, Switzerland and others.
- the existence of suitable guarantees, such as binding internal data privacy guidelines in accordance with Art. 47 GDPR, standard protection clauses of the Commission in accordance with Art. 46 para. 2 lit. c and d GDPR, as well as an approved certification mechanism in accordance with Art. 46 para. 2 lit. e and f GDPR. See also Art. 63 GDPRand Art. 46 GDPRfor further information.
- the existence of exceptions for specific cases, such as the existence of the data subject’s express consent to the transfer of his or her data in the specific case, after he or she has been informed of the potential risks of such data transfers without the existence of an adequacy finding and without suitable guarantees in accordance with Art. 49 GDPR.
Special case data transfer to US companies:
Until now, US trading companies have been able to obtain certification under the EU-US Privacy Shield, a mechanism that allows personal data to be transferred from the EU to the US and stored there. Nowadays, this concerns a great deal of personal data, which is collected using social plugins or Google Analytics, for example.
This Privacy Shield has now been declared invalid by the Court of Justice of the European Union (CJEU) in a decision dated July 16, 2020. As a result, the USA is not recognized by the EU as a country that has an adequate level of data privacy and therefore cannot guarantee the protection of personal data. Furthermore, the standard clauses are considered lawful which guarantee compliance with the level of protection required by EU law. However, those responsible are now required to assess the level of data privacy in the country of the data recipient and to suspend the transfer if it is not deemed appropriate.
The USA is thus considered an unsafe third country. If the level of data privacy in the country of the data recipient cannot be assessed because the complex data traffic flows cannot be traced, Art. 49 para. 1 sentence 1 lit. a provides for the exception of the explicit consent of the data subject to the proposed data transfer, for a transfer of personal data to an unsafe third country such as the USA.
In the course of the transfer of data to an unsafe third country with your express consent, a risk of data privacy violations with resulting damages for the data subject cannot be excluded.
In particular, this means that the personal data transferred to the USA will be evaluated by US authorities within the framework of American data monitoring programs and that EU citizens will not have access to appropriate legal protection.
According to the GDPR, damages can be of a physical, material or immaterial nature (Recital 75 sentence 1 GDPR):
- Discrimination
- Identity theft or fraud
- financial loss
- Damage to reputation
- economic or social disadvantages
- Complicating the exercise of rights and preventing control by data subjects
- Exclusion or limitation of the exercise of rights and freedoms
- Profiling or usage by evaluating personal aspects
- physical damage resulting from actions based on incorrect or disclosed data
For further information please refer to the short paper No. 18 DSK.
Consent can be revoked at any time, whereby all data transmissions for the purpose for which the data was collected are immediately stopped and the collected data deleted.
On which legal basis do we rely for the processing of personal data?
For the processing of data which is necessary for the performance of a contract in which the contractual partner is the data subject, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to all processing operations for pre-contractual measures.
For the case that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
If the processing of personal data is necessary to fulfil legal obligations, Art. 6 para. 1 lit. c GDPR serves as the legal basis. If the processing serves to safeguard the legitimate interests of the controller or of a third party, unless the interests or fundamental rights and freedoms of the data subject which require the protection of personal data outweigh these, then the processing is lawful under Art. 6 Art. 1 lit. f GDPR.
In addition, Art. 6 Art.1 lit. a GDPR serves as the legal basis if you have given us your express, voluntary consent for the processing of your personal data for a specific purpose. It is also possible that an employment contract may be concluded with applicants. Art. 88 para. 1 GDPR in conjunction with § 26 BDSG serves as legal basis for the purpose of the employment relationship.
More detailed information regarding the legality of the processing of personal data is listed in Art. 6 GDPR .
Retention and data deletion
If the stored data is no longer required for its intended purpose and there are no legal retention periods, it will be deleted. More detailed information on the legal retention periods can be found in §257 para. 1 HGB and §147 para. 1 A0.
Your rights
As a data subject, you are entitled to the following rights in accordance with GDPR:
- the right to information according to Art. 15 GDPR
- the right to correction according to Art. 16 GDPR
- the right of deletion according to Art. 17 GDPR
- the right to restrict processing in accordance with Art. 18 GDPR
- the right to notification in accordance with Art. 19 GDPR
- the right to data transferability according to Art. 20 GDPR
Furthermore, you have the right to object in accordance with Art. 21 GDPR, provided that the processing of the data is carried out to protect legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. We will not process any data afterwards unless we can prove compelling reasons for processing worthy of protection. These must outweigh your interests, rights and freedoms, or the processing must serve to assert, exercise or defend legal claims.
Right to withdraw consent
If the data processing is based on the legal basis of the consent you have given pursuant to Art. 6 para. 1 lit. a, you also have the right to revoke your consent at any time with immediate effect for the future. Please also note that we may need to retain certain data for a certain period of time to comply with legal requirements.
Right to complain to a data privacy authority
In addition, you have the right of appeal to a data privacy supervisory authority in accordance with Art. 77 GDPR if you are of the opinion that the processing of your personal data is not lawful. Responsible for these matters on RLP is:
The State Commissioner for Privacy and Freedom of Information Rhineland-Palatinate
P.O. Box: 30 40
55020 Mainz
phone: +49 (0) 6131 208-2449
Links
Our website may contain links to websites of other providers for whose content we are not responsible for and to which this data privacy declaration does not extend.
Detailed information
Cookies
In order to provide the best possible service within the framework of our Internet offer, so-called cookies can be used. These are small text files that are stored in the visitor’s Internet browser. Cookies cannot execute programs or transfer viruses to your computer. Some of the cookies used (so-called session cookies) are automatically deleted at the end of your browser session, usually after closing your browser.
Other cookies (so-called persistent cookies) remain on your end device until they are deleted by you and enable us or our partner companies (third-party cookies) to recognize your browser the next time you visit us. Cookies used process certain user information to an individual extent, such as browser and location data and IP address values.
Cookies are partly used to simplify the use of the website, for example by saving the settings. Insofar as personal data is also processed by cookies used by us, this is based on Art. 6 para. 1 lit. b GDPR for the execution of the contract or on Art. 6 para. 1 lit. f GDPR for safeguarding our interest in the functionality and customer-friendly design of the website. Furthermore, our website uses tools that enable an analysis of the surfing behavior of the users in order to optimize the performance and design of our website. This includes, among other things, the anonymized user behavior, entered search terms and the frequency of page views.
These cookies are third-party cookies (e.g. Google Analytics). We would like to point out that you can set your browser so that you are informed about the use of cookies and can decide individually whether to accept them, or to exclude them for certain cases or in general. The cookie settings differ depending on which browser you use. In general, the help menus of the respective browser explain how you can change your cookie settings. In this context, please also refer to our privacy policy. If some cookies are rejected, the functionality of our website may be limited.
You can revoke the configured cookie settings and your associated consents at any time by clicking the button.
[borlabs-cookie type="btn-cookie-preference" title="Cookie Settings"/]
External Webhosting Service Provider
We as Schreier Maschinen- und Apparatebau GmbH have commissioned an external service provider for the web hosting of our website. After careful consideration, we have chosen RAIDBOXES GmbH as an external web hosting company based in Germany to externally host our company’s own website in the future and to have the corresponding servers administered, configured and maintained (managed hosting). In addition to various server updates, this includes regular and automated data backups, server-side security measures and optimization measures for better performance. For more detailed information, please have a look at the RAIDBOXES performance spectrum.
We are always careful when your data gets processed and protect it with extereme caution. However, RAIDBOXES cannot exclude the possibility of access to your personal data. The data processing and the possibility of access to it are, among other things, related to the technical administration of the server systems, evaluation of log files and other support activities.
An order processing contract with RAIDBOXES GmbH was concluded. In addition, RAIDBOXES is also subject to the regulations of the Data Protection Act and has taken comprehensive technical and organizational measures to protect your data.
Contact of RAIDBOXES GmbH:
Friedrich-Ebert-Street 7
48153 Muenster
Germany
phone: +49 251 1498 2000
mail: support@raidboxes.io
website: https://raidboxes.io
Further information on data privacy with RAIDBOXES can be found at:https://raidboxes.io/en/datenschutzerklaerung/
Contact form or contact via e-mail
Dear interested party,
thank you for your interest in our company. In accordance with the provisions of Articles 13, 14 of the General Data Protection Regulation (GDPR), we hereby inform you about the processing of the personal data provided by you in the context of the contact inquiry and, if applicable, the personal data we may have collected and your rights in this regard. In order to ensure that you are fully informed about the processing of your personal data within the scope of the contact inquiry, please take note of the following information.
Purposes and legal basis of the processing
We process your personal data only in compliance with the statutory provisions. In doing so, we comply with the provisions of the GDPR and the Federal Data Protection Act (BDSG). Our Internet offer includes the possibility of contacting us by means of a contact form or via e-mail. The processing of the data affected by this is exclusively for the purpose of carrying out your contact request.
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given his consent. Furthermore, Art. 6 para. 1 lit. f GDPR serves as the legal basis for data processing in the course of sending the data by e-mail. It is in our legitimate interest to answer your voluntary inquiry promptly. If the e-mail contact is aimed at the conclusion of a contract, an additional legal basis for processing is Art. 6 para. 1 lit. b GDPR, in particular data processing for pre-contractual measures.
Categories of personal data
Only such data will be processed which are related to your contact request. This includes your name, company name, e-mail address and, if applicable, your telephone number, which can be entered voluntarily, as well as other data that you send to us in connection with your contact request in the message field.
Data sources
We process personal data, which we receive in the context of the establishment of contact over the contact form by E-Mail.
Recipients / categories of recipients of the data
Your personal data will only be passed on within our company to the specialist departments and persons who require this data to fulfil contractual and legal obligations or to implement our legitimate interests. If the contact is established via the contact form on our website, RAIDBOXES GmbH is an additional recipient, which is commissioned as an external service provider for the required web hosting of the homepage. The respective contact mails are stored on their (European) servers. An order processing contract with RAIDBOXES GmbH has been concluded.
Transfer to a third country
There are no data transfers to a third country and are not intended.
Duration of data storage
We store your personal data only as long as it is necessary for the inquiry you have made. Your personal data will be deleted after the purpose is achieved. This is the case for inquiries by e-mail or requests for information via the contact form as soon as the matter in question has been finally clarified. However, if a contractual relationship evolves from this, the data may be subjected to legal retention periods and may have to be stored for a longer period of time.
Requirement to provide personal data
The provision of your data is absolutely voluntary and serves only to establish contact. However, we can only respond to your inquiry or form a resulting contractual relationship with you if you provide such personal data as is required for this purpose.
Application form
Dear Applicant,
thank you for your interest in our company. In accordance with the provisions of Articles 13, 14 of the General Data Protection Regulation (GDPR), we hereby inform you about the processing of personal data provided by you in the context of the application process and any personal data we may have collected, and your rights in this regard. In order to ensure that you are fully informed about the processing of your personal data within the application process, please take note of the following information.
Purposes and legal basis of the processing
We process your personal data only in compliance with the statutory provisions. In doing so, we comply with the provisions of the GDPR and the Federal Data Protection Act (BDSG).
The legal basis for the collection and processing of applicant data is Art. 88 para. 1 GDPR in conjunction with § 26 BDSG for the purpose of the employment relationship and Art.6 para.1 lit. b GDPR for pre-contractual measures, if this is necessary for the decision on the establishment of an employment relationship.
Furthermore, Art. 6 para. 1 lit. c GDPR serves as a legal basis for the fulfilment of legal obligations as well as Art.6 para. 1 lit. f. GDPR for the defence or assertion of legal claims. The legitimate interest is, for example, a duty of proof in proceedings under the General Equal Treatment Act (AGG).
Furthermore, it is possible that you give us your express consent to process personal data for specific purposes. The legal basis for this is then Art. 6 Par. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future.
In the event of an employment relationship between you and us, we may, in accordance with Art. 88 GDPR in conjunction with Art. 26 BDSG, process the personal data already received from you for the purposes of the employment relationship, insofar as this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of employee representation arising from a law or a collective agreement, a works or service agreement (collective agreement).
Categories of personal data
Only such data will be processed which are related to your application. This includes your name, address, contact data as well as information on your professional qualifications and schooling, information on further professional training and, if applicable, other data that you send to us in connection with your application.
Data sources
We process personal data, which we receive from you in the context of your application by mail or e-mail.
Recipients / categories of recipients of the data
Your personal data will only be passed on within our company to the specialist department of recruiting and to persons who require this data to fulfil contractual and legal obligations or to implement our legitimate interests. If the application is made via the application form on our website, RAIDBOXES GmbH is an additional recipient, which is commissioned as an external service provider for the required web hosting of the homepage. The respective mails are stored on their (European) servers. An order processing contract with RAIDBOXES GmbH has been concluded.
Transfer to a third country
There are no data transfers to a third country and are not intended.
Duration of data storage
We only store your personal data as long as this is necessary for the decision on your application. However, your personal data or application documents will be deleted at the latest six months after the end of the application process (e.g. the announcement of the decision to reject your application), unless longer storage is legally required or permitted. Beyond that, we will only store your personal data to the extent required by law or in a specific case to assert, exercise or defend legal claims for the duration of a legal dispute.
In the event that you have consented to longer storage of your personal data, we will store it in accordance with your declaration of consent. If an employment, training or internship relationship arises following the application process, your data will continue to be stored for the time being, if necessary and permissible, and then transferred to the personnel file.
Requirement to provide personal data
The provision of your applicant data is on an absolutely voluntary basis. However, we can only make a decision to hire you or establish employment with you if you provide the personal information necessary to complete the application.
Online Shop
Dear customers,
thank you for your interest in our online store. Since we take data security and protection very seriously and regularly evaluate and review them with the utmost care, we would like to inform you in a transparent and comprehensible form which personal data is collected and processed in our store and why this collection is necessary as well as its legal basis.
Purposes and legal basis of the processing
We process your personal data only in compliance with the statutory provisions. In doing so, we adhere to the provisions of the GDPR and the Federal Data Protection Act (BDSG).
In our online store, orders are currently only possible with a customer account. Within the scope of the registration of a customer account as well as orders placed and various inquiries, it is unavoidable that personal data is collected, stored and processed.
The legal basis for the collection and processing of applicant data is Art. 88 para. 1 GDPR in conjunction with § 26 BDSG for the purpose of the employment relationship and Art.6 para.1 lit. b GDPR for pre-contractual measures, if this is necessary for the decision on the establishment of an employment relationship.
Furthermore, Art. 6 para. 1 lit. c GDPR serves as a legal basis for the fulfilment of legal obligations as well as Art.6 para. 1 lit. f. GDPR for the defence or assertion of legal claims. The legitimate interest is, for example, a duty of proof in proceedings under the General Equal Treatment Act (AGG).
Categories of personal data
Only such data is processed which is related to the creation of a customer account and to your orders. This includes user name, first and last name and e-mail address of the respective user. Since we only address companies in our online store, the company name, our internal ERP customer number and the VAT identification number are also stored in the respective customer profile.
In addition, the following data must be collected if orders are placed:
Billing addresses of the customer: First name, last name, company, address as well as telephone and e-mail address.
Delivery addresses of the customer: First name, last name, company, address (if shipping option “Delivery” is selected).
Data sources
We process personal data that we need in the context of an order processing as well as for the creation of a customer account. This data is partly stored by us in the user profile and subsequently supplemented by you and thereby transmitted to us.
Recipients / categories of recipients of the data
Your personal data is first collected via our website in the online store and then processed. Here, the data is stored on the (European) servers of our web hoster RAIDBOXES GmbH. An order processing agreement has been concluded with RAIDBOXES GmbH to ensure data protection compliance. In addition, when an order is received, your personal data is forwarded to our internal specialist department for sales and processed there.
Translated with www.DeepL.com/Translator (free version)
Transfer to a third country
There are no data transfers to a third country and such are not intended.
Duration of data storage
As a company, we are obligated to save all documents that are relevant for taxation and business transactions so that they can be accessed if necessary.
Therefore, we store your personal data only as long as this is necessary for the respective business processes in compliance with the statutory retention periods.
We store your personal data beyond this only to the extent that this is required by law or in a specific case for the assertion, exercise or defense of legal claims for the duration of a legal dispute.
In the event that you have consented to a longer storage of your personal data, we will store it in accordance with your declaration of consent. In addition, the data will be deleted if you revoke your consent or request the deletion of the personal data.
Requirement to provide personal data
The provision of your personal data is on an entirely voluntary basis and you are not obliged to provide us with any data. However, we can only offer you a customer account and all related e-commerce functions if you provide the personal data mentioned above.
Google Analytics & Google Tag Manager
If you have given your consent, this website uses Google Analytics and Google Tag Manager, a web analysis service of Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
Purposes and legal basis of the processing
Google Analytics uses cookies that enable an analysis of your use of our website. The information collected by means of the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.
Google will use this information on our behalf to evaluate the use of our website by the users, to compile reports on the activities within this website and to provide us with further services related to the use of this website and the internet. The processed data can be used to create pseudonymous user profiles of the users.
Legal basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer in the sense of GDPR). However, it must be ensured that the GDPR can be complied with in the third country to be transferred by means of suitable guarantees. This is no longer the case with Google, which is based in the USA and has been classified as an unsafe third country by the EU Court of Justice (ECJ) since July 16, 2020.
For this reason, we will always obtain your express consent (Art. 49 para. 1 p.1 lit. a GDPR) and inform you in advance about possible risks before the data is transferred to Google. You will find the explanation of the risks in the content banner and above in “Special case data transfer to US companies”.
We use the function anonymizeIP (so-called IP-Masking): Due to the activation of IP-anonymization on this website, your IP address will be shortened by Google within member states of the European Union or in other states of the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. The IP address transmitted by your browser within the framework of Google Analytics is not merged with other data from Google.
Furthermore, we use the Demographics and Interest Reporting function of Google Analytics. This allows reports to be created that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google as well as visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics by withdrawing consent or not accepting the specific cookies.
On behalf of the operator of this website, Google will use this information to evaluate your (pseudonymous) use of the website and to compile reports on website activities. The reports provided by Google Analytics serve to analyze the performance of our website and the success of our marketing campaigns.
Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on the activities within this website and to provide us with further services related to the use of this website and the use of the Internet. The processed data can be used to create pseudonymous user profiles of the users.
Categories of personal data
During your visit to our website the following data, among others, is collected:
- the pages you call up, your “click path
- achievement of “website goals” (conversions, e.g. newsletter registrations, downloads, purchases)
- your user behavior (for example clicks, dwell time, bounce rates)
- your approximate location (region)
- your IP address (in abbreviated form)
- technical information about your browser and the end devices you use (e.g. language settings, screen resolution)
- demographic characteristics such as age, gender as well as purchasing interests
- your internet provider
- the referrer URL (via which website/advertising medium you came to this website)
Data sources
We process personal data that we receive within the framework of the analysis tool Google Analytics with your consent.
Recipients / categories of recipients of the data
Recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as processor. For this purpose we have concluded a contract with Google. Google LLC, headquartered in California, USA, and, where applicable, US authorities may access the data stored by Google.
Transfer to a third country
A transfer of data to the USA cannot be excluded. We have obtained your express consent for this in advance.
Duration of data storage
The data sent by us and linked to cookies is automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.
You can also prevent the storage of cookies by adjusting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a limitation of functionalities on this and other websites.
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by
- not giving your consent to the setting of the cookie or
- download and install the browser add-on for deactivating Google Analytics here
You can also prevent the storage of cookies by setting your browser software accordingly. However, if you configure your browser to refuse all cookies, this may limit the functionality of this and other websites.
Requirement to provide personal data
The provision of your data is absolutely voluntary and no explicit consent is required. You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there.
For more information about Google Analytics’ terms of use and Google’s privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/gb/ and https://policies.google.com/?hl=en.
