Data Privacy

1. General information

This data privacy statement informs you about the handling of Gebr. SCHMID GmbH, Robert-Bosch-Straße 32-36, 72250 Freudenstadt, Germany (hereinafter referred to as “SCHMID”) with your personal data and serves the purpose of informing you in particular about the collection and use of your personal data in connection with the visit of the website offered by SCHMID (http://www.schmid-group.com), as well as various web presentations (Facebook, YouTube, Xing, LinkedIn), as well as the use of the services offered there.

Personal data, as defined by Article 6 para. 1 General Data Protection Regulation (GDPR) includes any information relating to an identified or identifiable natural person.

2. Company and contact details of the person responsible for data processing as well as the company data protection officer

Gebr. SCHMID GmbH
Robert-Bosch-Straße 32-36
72250 Freudenstadt / Germany

E-mail: datenschutz@schmid-group.com
Tel: +49 (0)7441 538-0
Fax : +49 (0)7441 538-121

The company data protection officer of Gebr. SCHMID GmbH may be contacted at the above-mentioned address, to the attention of the Data Protection Officer, as well as under datenschutz@schmid-group.com.

3. Privacy and third party websites

Our website and web presentations may contain links to and from third party websites. If you follow a link to such a website, please note that we can not guarantee the compliance with the data protection regulations. Please make sure you are aware of the applicable privacy policy before submitting personal information to these websites.

4. Data security

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data against dangers during data transfers and against becoming aware by third parties. These are adapted at a time according to the current state of the art. Within the website usage, we use the popular Secure Socket Layer (SSL) method in conjunction with 256-bit encryption. Whether a single page of our website is transmitted in encrypted form can be recognized by the fact that the address bar of the browser changes from “http: //” to “https: //”, and by the closed representation of the key or lock symbol in the lower status bar of your browser.

5. Details on data processing

a) Informative visit to the website

In the case of a purely informative visit to the website, i.e. if you do not register for the use of individual services, register or otherwise provide us with information, we will not collect any personal data, with the exception of data transmitted by your browser in order to enable you to visit the website. These are:

  • IP address,
  • Date and time of request,
  • Time zone difference to Greenwich Mean Time (GMT),
  • Content of the request (specific page),
  • Access status / HTTP status code,
  • Each transferred amount of data,
  • Website from which the request comes,
  • Browser,
  • Operating system and its surface,
  • Language and version of the browser software.

This information is temporarily recorded in a so-called logfile without your intervention and stored until the automatic deletion.
The IP address is processed for technical and administrative purposes regarding connection set-up and stability, to guarantee the security and functioning of our website and to be able to track any illegal attacks on the website, if required.
The legal basis for processing the IP address is Article 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest ensues from said security interest and the necessity of the unobstructed availability of our website.
In no case can we use the collected data for the purpose of drawing direct conclusions about you.

b) Cookies

Furthermore, when using the website so-called cookies are stored on your receiving device. Cookies are small text files that are stored on your device for the settings you have already made, such as ‘save language’ or ‘display settings’ in order to use them again on your next visit.These cookies do not contain any personal data.
We also use so-called session data. These are text files stored on our web server, which, like cookies, store data about your web page settings.
The text files created at this are neither evaluated nor kept and are deleted at regular intervals.
Most browsers accept cookies automatically. However, you can configure your browser in a way that no cookies are stored on your computer or that a note appears before a new cookie is created. The complete deactivation of cookies, however, may mean that you can not use all features of our website.
In addition our website will ask you to give your consent to the storage of cookies. Your consent to our cookies will be stored for four weeks, thereafter your consent will be needed again.
The use of appropriate cookies for these purposes is necessary to safeguard our legitimate interests under Article. 6 para. 1 sentence 1 lit. f GDPR. In no case we use the collected data for the purpose of drawing conclusions about you.

c) Google Analytics

We also use Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”). Google Analytics uses cookies that allow to analyze the visit of the website by you. The information generated by the cookie about your visit to the website is usually transmitted to a Google server in the USA and stored there. Due to the activation of IP anonymization on the website, however, your IP address will be shortened by Google beforehand within member states of the European Union or other contracting states to the Agreement on the European Economic Area.

Only in exceptional cases the full IP address will be transferred to a Google server in the USA and abbreviated there. On our behalf, Google will use this information to evaluate your visit to the website, to compile reports on website activities, and to provide us with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
Sessions and campaigns are stopped after a certain amount of time. By default, sessions will be terminated after 30 minutes of no activity and campaigns after six months. Time limit for campaigns can be a maximum of two years. For more information on Terms of Use and Privacy see:

https://www.google.com/analytics/terms/de.html

https://policies.google.com/privacy?hl=de

You can prevent the storage of cookies by a corresponding setting of your browser software. We point out, however, that in this case you may not be able to use all functions of our website in full. You may also prevent the collection of the cookie-generated and website-related data (including your IP address) to Google and the processing of such data by Google by installing the browser plugin available via the following link:

https://tools.google.com/dlpage/gaoptout?hl=de

In addition, opt-out cookies prevent future collection of your data when you visit this website. Click here to install the opt-out cookie.
The tracking measures implemented with Google Analytics are based on Article. 6 para. 1 sentence 1 lit. f GDPR. For the exceptional cases in which personal data is transferred to the US, Google has submitted to the EU-US Privacy Shield:

https://www.privacyshield.gov

With this we want to ensure a needs-based design and the continuous optimization of our website on the one hand. On the other hand, this measure serves to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you.

d) Social links / web presentations on Facebook, X (formerly Twitter), Google+, LinkedIn, Xing, YouTube

On our website we link to SCHMID accounts or profiles on social media networks of the third-party providers listed below. We also offer the option to share our website content on the social media networks of the third-party providers listed below. The social media account is embedded via a share button for the respective network, preventing a connection from automatically being established to the respective server of the social network when visiting any of our web pages with such linked social media content, for instance in order to display a post on the respective network itself. Only by your active click on the corresponding graphic you will be directed to the service of the respective social network. The legal basis is Article 6 para. 1 lit. a GDPR.
Information about you is then collected by the respective network. Initially this includes data such as your IP address, the date, time, and page visited. We do not know if or how this data is processed in the USA.
If you are signed in to your user account with the respective social network, the network provider is able to attribute the collected information about your visit to your personal account. If you interact via the respective network’s “share” button, this information may be saved to your user account and published. If you would like to prevent the collected information from being directly associated with your user account, you must first sign out before clicking the button. You also have the option of configuring your user account accordingly.
For more information about the services we provide on the website, please see the following:

a. Facebook Plugins
On our website plugins of the social network Facebook, provider Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04X2K5, Ireland as subsidiary of Meta Platforms Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA. The Facebook plugins can be recognized by the Facebook logo on our website An overview of the Facebook plugins can be found here:

https://developers.facebook.com/docs/plugins/

When you visit our website, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our website with your IP address. If you click on the Facebook “Like-Button” while you are logged in to your Facebook profile you can link the contents of our website to your Facebook profile. This allows Facebook to associate your visit to our website with your user account We like to point out that as a provider of the pages we do not obtain any knowledge of the content of the transmitted data or of their use by Facebook. For more information see the Facebook data privacy statement at:

https://facebook.com/policy.php

If you do not want Facebook to associate your visit to our website with your Facebook user account, please log out of your Facebook account.

b. X (formerly Twitter)
On our website features of the service X are included. These functions are provided by X Corp., 795 Folsom St., Suite 600, San Francisco, CA 94085, USA. By using X and the “Re-Tweet” function the websites you visit will be linked to your Twitter account and disclosed to other users. Thereby data are also transmitted to Twitter. We like to point out that as a provider of the pages we do not obtain any knowledge of the content of the transmitted data or of their use by Twitter. For more information see the data privacy statement of Twitter at:

https://twitter.com/privacy

Your privacy settings on Twitter can be changed in the account settings under:

https://twitter.com/account/settings

c. Google+
Our website uses features of Google+. Provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA.
Collection and disclosure of information:Use the Google+ button
to publish information worldwide. The Google+ button will provide you and other users with personalized contents from Google and our partners. Google stores both the information that you have given +1 for a content, as well as information about the page you have looked at when clicking +1. Your +1 can be faded in as hints along with your profile name and photo in Google services, such as search results, your Google profile, or elsewhere on websites and ads on the Internet.
Google records information about your + 1 activities to improve Google services for you and others. To use the Google+ button, you need a globally visible, public Google profile, which must contain at least the name chosen for the profile. This name is used in all Google services. In some cases, this name can also replace another name that you used when sharing contents through your Google account. The identity of your Google profile can be displayed to users who know your e-mail address or have other identifying information from you.
Use of the information collected: In addition to the intended purposes outlined above, the information you provide will be used in accordance with the applicable Google data protection regulations. Google may publish aggregated statistics on users’ +1-activities or may pass them on to users and partners such as publishers, advertisers, or related websites.

d. LinkedIn
Our website utilizes functions of the LinkedIn network. Provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of the LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA. Each time you visit one of our pages containing LinkedIn functions, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our websites with your IP address. When you press the “Recommend button” of LinkedIn and when you are logged in to your LinkedIn account, LinkedIn can assign your visit in our websites to you and your user account. We like to point out that as a provider of the pages we do not have any knowledge of the content of the transmitted data or of their use by LinkedIn.
For more information see the LinkedIn data privacy statement at:

https://www.linkedin.com/legal/privacy-policy

e. XING
Our website utilizes functions of the XING network. Provider is the New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. Each time you visit one of our pages containing XING functions, a connection to XING servers is established. As far as we know personal data are not stored. In particular, no IP addresses are stored and the usage behavior is not evaluated.
For more information about the data privacy and the XING Share button, please visit
XING’s data privacy statement at

https://www.xing.com/app/share?op=data_protection

f. YouTube Plugins
Our website uses plugins of the YouTube service. The service is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA. If you visit our website with a YouTube plugin, you will be connected to the servers of YouTube. Thereby the YouTube server is informed that you have visited our website. If you are logged into your YouTube account, you enable YouTube to assign your browsing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
For more information about how to deal with user data, please see the YouTube data privacy statement at:

https://policies.google.com/privacy?hl=de

g. Use of our e-mail addresses and our contact forms
For questions of any kind, we offer you the opportunity to contact us via the e-mail addresses mentioned on the website or the contact forms available there. In the case of contacting us, we will process the personal data provided by you for the purpose of answering your request. All information is voluntary.
The data processing for the purpose of contacting us happens in accordance with Article. 6 para. 1 sentence 1 lit. a GDPR based on your voluntarily granted consent.
The personal data collected by us in this context will be deleted after completion of the request you have made.

h. Application as supplier
If you want to apply as a supplier to us, we collect general information about the company, the contact on the part of the company (in particular communication data) as well as the relevant product groups.
The data processing takes place for the purpose of carrying out pre-contractual measures, which take place at your request (Article 6 para 1 sentence 1 lit. b GDPR).
The personal data collected by us in this context will be deleted after completion of the request made by you and stored in the event of the conclusion of a supply relationship for the execution of the contractual relationship.

i. Application as employee
Further data protection advice as part of your application as an employee, will be delivered to you in an appropriate position in the application tool of our website.

j. Portals
Upon request, SCHMID provides special portals for employees, customers and suppliers, for example the data exchange between SCHMID, customer and supplier, to secure access of employees and authorized external parties to the SCHMID network or parts thereof by setting up a VPN tunnel as well as the proper handling of contractual relationships with suppliers (Supplier Relationship Management).
After your registration you will be assigned a user name and password that will allow you to log in to the respective portal.
Communication data to the portals are stored in so-called log files, which are automatically deleted after a reasonable period. If you use our portals we store the data required for the fulfillment of the contract until your access finally expires.
The legal basis for the use of the portals is your consent in accordance with Article 6 para. 1 sentence 1 lit. a GDPR.

k. Newsletter
Provided that you have given your express consent in accordance with Article. 6 para. 1 sentence 1 lit. a GDPR, we will use your e-mail address to regularly send you our newsletter. The indication of an e-mail address is sufficient for receiving the newsletter.
We like to point out that we evaluate your user behavior when sending our newsletter. For this we use the services of Inxmail GmbH, Wentzingerstraße 17, D-79106 Freiburg. For the purpose of analysis the emails sent with Inxmail contain a so-called tracking pixel which connects to the servers of Inxmail when the email is opened. In this way it can be determined whether a newsletter message has been opened. Furthermore, we can use Inxmail to determine if and which links in the newsletters message are clicked on. All links in the email are so-called tracking links that allow to count your clicks. The data are collected in a strictly pseudonymous form i.e. the data will not be linked to your further personal data and a direct reference to your person will be excluded.
The deregistration is possible at any time, for example through a link at the end of each newsletter. Alternatively, you can also send your wish for deregistration to [# general e-mail address] by e-mail at any time. As soon as you will have revoked your consent, we will delete your data stored solely for the purpose of sending our newsletter. “

6. Rights of persons concerned

You have the right

  • to request information about your personal data processed by us, pursuant to Article 15 GDPR. In particular, you can request information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right for rectification, deletion, limitation of processing or objection, the existence of a right to appeal, the origin of your data, if it was not collected from us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information on their details;
  • to demand the immediate correction of incorrect or the completion of personal data stored by us, pursuant to Article 16 GDPR;
  • to request the deletion of your data stored by us, pursuant to Article 17 GDPR, unless the processing is required in order to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • to demand the restriction of the processing of your personal data pursuant to Article 18 GDPR, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject its deletion and we no longer need the data, but you require them to assert, exercise or defend legal claims or you have objected to processing, pursuant to Article 21 GDPR;
  • to receive your personal data provided to us in a structured, common and machine-readable format or to request the transfer to another person responsible; pursuant to Article 20 GDPR;
  • to revoke your once granted consent to us at any time, pursuant to Article para. 7 (3) GDPR. Simply send an e-mail to datenschutz@schmid-group.com, that we may not continue the data processing based on this consent in the future;
  • For information, rectification and deletion requests, please contact our data protection officer via the email address datenschutzbeauftragter@schmid-group.com.
  • Pursuant to Article 77 GDPR you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters.

7. Right of objection & data breaches

If your personal data are processed on the basis of legitimate interests pursuant to Article 6 para. 1 sentence 1 lit. f GDPR, you have the right to file an objection against the processing of your personal data pursuant to Article 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation. If you want to exercise your right of objection, please send an e-mail to datenschutz@schmid-group.com.

In case of data breaches please contact our data protection officer via the email address datenschutz@schmid-group.com.

8. Updating the data privacy statement

This data privacy statement is currently valid.
Due to the further development of the offers on our websites, web presentations and apps or due to changed legal or regulatory requirements, it may be necessary to change this data privacy statement. Necessary updates of the data privacy statement are not expressly announced by us. We, therefore, recommend that you read the data privacy statement again at regular intervals.
At any time you can call up and printout the then valid data privacy statement on our website.

Version: August 2023