1. General Information

This data privacy statement informs you about the handling of Gebr. SCHMID GmbH, Robert-Bosch-Straße 32-36, 72250 Freudenstadt (hereinafter referred to as “SCHMID”) with your personal data and serves the purpose of informing you in particular about the collection and use of your personal data in connection with the visit of the website offered by SCHMID (http://www.schmid-group.com), as well as various web presentations (Facebook, YouTube, Xing, LinkedIn), as well as the use of the services offered there. Personal data means any information concerning the personal or material circumstances of an identified or identifiable individual. This is all the data that is personally related to you, such as name, address, e-mail address, user behavior (for this see “6. Details on data processing”).

 

2. Company and contact details of the person responsible for data processing as well as the company data protection officer

Gebr. SCHMID GmbH
Robert-Bosch-Straße 32-36
72250 Freudenstadt / Germany

E-mail: datenschutz@schmid-group.com
Tel:      +49 (0)7441 538-0
Fax :    +49 (0)7441 538-121

The company data protection officer of Gebr. SCHMID GmbH can be contacted at the above address, to the attention of the data protection officer, as well as under datenschutz@schmid-group.com.

 

3. Requirements of data processing

We collect and use your personal data only to the extent that we are legally permitted to do so, in particular insofar as this is necessary for the establishment, content-related design or termination of a contractual relationship with you in order to enable you to visit our website and web presentations and to make use of the services offered there or as far as you have consented to the processing of your personal data. Also a transmission of your data takes place only under the mentioned conditions or if we are obliged by a judicial or official order to pass on the data.

 

4. Privacy and third party websites

Our website and web presentations may contain links to and from third party websites. If you follow a link to such a website, please note that we can not guarantee the compliance with the data protection regulations. Please make sure you are aware of the applicable privacy policy before submitting personal information to these websites.

 

5. Data security

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data against dangers during data transfers and against becoming aware by third parties. These are adapted at a time according to the current state of the art. Within the website usage, we use the popular Secure Socket Layer (SSL) method in conjunction with 256-bit encryption. Whether a single page of our website is transmitted in encrypted form can be recognized by the fact that the address bar of the browser changes from “http: //” to “https: //”, and by the closed representation of the key or lock symbol in the lower status bar of your browser.

 

6. Details on data processing

a) Informative visit to the website

In the case of a purely informative visit to the website, i.e. if you do not register for the use of individual services, register or otherwise provide us with information, we will not collect any personal data, with the exception of data transmitted by your browser in order to enable you to visit the website. These are:

  • IP address,
  • Date and time of request,
  • Time zone difference to Greenwich Mean Time (GMT),
  • Content of the request (specific page),
  • Access status / HTTP status code,
  • Each transferred amount of data,
  • Website from which the request comes,
  • Browser,
  • Operating system and its surface,
  • Language and version of the browser software.

This information is temporarily recorded in a so-called logfile without your intervention and stored until the automatic deletion. We use this data to ensure a smooth connection set-up to our website, convenient use of it, and evaluation of system security and stability.

The processing of data for these purposes is necessary to safeguard our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f General Data Protection Regulation (“GDPR”). In no case we use the collected data for the purpose of drawing conclusions about you.

 

b) Cookies

Furthermore, when using the website so-called cookies are stored on your receiving device. Cookies are small text files that are stored on your device for the settings you have already made, such as ‘save language’ or ‘display settings’ in order to use them again on your next visit.
These cookies do not contain any personal data.

We also use so-called session data. These are text files stored on our web server, which, like cookies, store data about your web page settings.
The text files created at this are neither evaluated nor kept and are deleted at regular intervals.

Most browsers accept cookies automatically. However, you can configure your browser in a way that no cookies are stored on your computer or that a note appears before a new cookie is created. The complete deactivation of cookies, however, may mean that you can not use all features of our website.

In addition our website will ask you to give your consent to the storage of cookies. Your consent to our cookies will be stored for four weeks, thereafter your consent will be needed again.

The use of appropriate cookies for these purposes is necessary to safeguard our legitimate interests under Art. 6 para. 1 sentence 1 lit. f GDPR.   In no case we use the collected data for the purpose of drawing conclusions about you.

 

c) Google Analytics

We also use Google Analytics, a web analytics service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“Google”). Google Analytics uses cookies that allow to analyze the visit of the website by you. The information generated by the cookie about your visit to the website is usually transmitted to a Google server in the USA and stored there. Due to the activation of IP anonymization on the website, however, your IP address will be shortened by Google beforehand within member states of the European Union or other contracting states to the Agreement on the European Economic Area.

Only in exceptional cases the full IP address will be transferred to a Google server in the USA and abbreviated there. On our behalf, Google will use this information to evaluate your visit to the website, to compile reports on website activities, and to provide us with other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Sessions and campaigns are stopped after a certain amount of time. By default, sessions will be terminated after 30 minutes of no activity and campaigns after six months. Time limit for campaigns can be a maximum of two years. For more information on Terms of Use and Privacy see:

https://www.google.com/analytics/terms/de.html

https://policies.google.com/privacy?hl=de

You can prevent the storage of cookies by a corresponding setting of your browser software. We point out, however, that in this case you may not be able to use all functions of our website in full. You may also prevent the collection of the cookie-generated and website-related data (including your IP address) to Google and the processing of such data by Google by installing the browser plugin available via the following link: 

https://tools.google.com/dlpage/gaoptout?hl=de

In addition, opt-out cookies prevent future collection of your data when you visit this website. Click here to install the opt-out cookie.

The tracking measures implemented with Google Analytics are based on Art. 6 para. 1 sentence 1 lit. f GDPR. For the exceptional cases in which personal data is transferred to the US, Google has submitted to the EU-US Privacy Shield:

https://www.privacyshield.gov

With this we want to ensure a needs-based design and the continuous optimization of our website on the one hand. On the other hand, this measure serves to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you.

 

d) Social links / web presentations on Facebook, Twitter, Google+, LinkedIn, Xing, YouTube

Our website also includes links to services such as Facebook, Twitter, Google+, LinkedIn, Xing and YouTube, where we have our own web presentations.  After clicking on the integrated graphic you will be redirected to the website of the respective provider, i.e. only then will user information be transmitted to the respective provider.

If you click on a link to corresponding services on our website, your browser establishes a direct connection with the servers of the respective provider. By clicking on the link, the provider receives the information that your browser has accessed the corresponding page of our web presentation, even if you do not have your own user account with the respective provider or are currently logged in there. This information is transmitted by your browser directly to a server of the respective provider and stored there.

If you are logged in to a provider, the provider can assign the visit to our website directly to your user account. If you interact with appropriate plugins, e.g. if you press the “LIKE” – or “SHARE” button on Facebook, the corresponding information is also transmitted directly to the respective server of the provider and stored there. The information may also be published on your profile with the respective provider and displayed to your contacts.

The respective provider may use this information for the purpose of advertising, market research, and needs-based design of his service. To this end, the provider creates usage, interest and relationship profiles, e.g. to evaluate your use of our website in relation to advertisements displayed to you by the provider, to inform other users about your activities on our website, and to provide other services related to the use of the provider.

If you do not want the provider to assign the data collected via our website to your user account, you must log out of your respective web presentation before visiting our website.

Our web presentations are based on Art. 6 para. 1 sentence 1 lit. f GDPR in order to make our company better known and to provide the user with additional information. For the cases in which personal data are transferred to the US, the service providers or their representatives have subjected themselves  to the EU-US Privacy Shield:

https://www.privacyshield.gov

For more information about the services we provide on the website, please see the following:

 

a. Facebook Plugins

On our website plugins of the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA (“Facebook”) are integrated. The Facebook plugins can be recognized by the Facebook logo on our website An overview of the Facebook plugins can be found here:

https://developers.facebook.com/docs/plugins/

When you visit our website, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our website with your IP address. If you click on the Facebook “Like-Button” while you are logged in to your Facebook profile you can link the contents of our website to your Facebook profile. This allows Facebook to associate your visit to our website with your user account We like to point out that as a provider of the pages we do not obtain any knowledge of the content of the transmitted data or of their use by Facebook. For more information see the Facebook data privacy statement at:

https://facebook.com/policy.php

If you do not want Facebook to associate your visit to our website with your Facebook user account, please log out of your Facebook account.

 

b. Twitter

On our website features of the service Twitter are included. These functions are provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the “Re-Tweet” function the websites you visit will be linked to your Twitter account and disclosed to other users. Thereby data are also transmitted to Twitter. We like to point out that as a provider of the pages we do not obtain any knowledge of the content of the transmitted data or of their use by Twitter. For more information see the data privacy statement of Twitter at:

https://twitter.com/privacy.

Your privacy settings on Twitter can be changed in the account settings under:

https://twitter.com/account/settings

 

c. Google+

Our website uses features of Google+. Provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA.

Collection and disclosure of information:Use the Google+ button

to publish information worldwide.  The Google+ button will provide you and other users with personalized contents from Google and our partners. Google stores both the information that you have given +1 for a content, as well as information about the page you have looked at when clicking +1. Your +1 can be faded in as hints along with your profile name and photo in Google services, such as search results, your Google profile, or elsewhere on websites and ads on the Internet.

Google records information about your + 1 activities to improve Google services for you and others. To use the Google+ button, you need a globally visible, public Google profile, which must contain at least the name chosen for the profile. This name is used in all Google services. In some cases, this name can also replace another  name that you used when sharing contents through your Google account. The identity of your Google profile can be displayed to users who know your e-mail address or have other identifying information from you.

Use of the information collected: In addition to the intended purposes outlined above, the information you provide will be used in accordance with the applicable Google data protection regulations. Google may publish aggregated statistics on users’ +1-activities or may pass them on to users and partners such as publishers, advertisers, or related websites.

 

d. LinkedIn

Our website utilizes functions of the LinkedIn network. Provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you visit one of our pages containing LinkedIn functions, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our websites  with your IP address. When you press the “Recommend button” of LinkedIn and when you are logged in to your LinkedIn account, LinkedIn can assign your visit in our websites to you and your user account. We like to point out that as a provider of the pages we do not have any knowledge of the content of the transmitted data or of their use by LinkedIn.

For more information see the LinkedIn data privacy statement at:

https://www.linkedin.com/legal/privacy-policy

 

e. XING

Our website utilizes functions of the XING network. Provider is the XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time you visit one of our pages containing XING functions, a connection to XING servers is established. As far as we know personal data are not stored. In particular, no IP addresses are stored and the usage behavior is not evaluated.

For more information about the data privacy and the XING Share button, please visit

XING’s data privacy statement at

https://www.xing.com/app/share?op=data_protection

 

f. YouTube Plugins

Our website uses plugins of the YouTube service. The service is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”). If you visit our website with a YouTube plugin, you will be connected to the servers of YouTube. Thereby the YouTube server is informed that you have visited our website.  If you are logged into your YouTube account, you enable YouTube to assign your browsing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

For more information about how to deal with user data, please see  the YouTube data privacy statement at:

https://policies.google.com/privacy?hl=de

 

g. Use of our e-mail addresses and our contact forms

For questions of any kind, we offer you the opportunity to contact us via the e-mail addresses mentioned on the website or the contact forms available there. In the case of contacting us, we will process the personal data provided by you for the purpose of answering your request. All information is voluntary.

The data processing for the purpose of contacting us happens in accordance with art. 6 para. 1 sentence 1 lit. a GDPR based on your voluntarily granted consent.

The personal data collected by us in this context will be deleted after completion of the request you have made.

 

h. Application as supplier

If you want to apply as a supplier to us, we collect general information about the company, the contact on the part of the company (in particular communication data) as well as the relevant product groups.

The data processing takes place for the purpose of carrying out pre-contractual measures, which take place at your request (article 6 (1) sentence 1 (b) GDPR).

The personal data collected by us in this context will be deleted after completion of the request made by you and stored in the event of the conclusion of a supply relationship for the execution of the contractual relationship.

 

i. Application as employee

Further data protection advice as part of your application as an employee, will be delivered to you in an appropriate position in the application tool of our website.

 

j. Portals

Upon request, SCHMID provides special portals for employees, customers and suppliers, for example the data exchange between SCHMID, customer and supplier, to secure access of employees and authorized external parties to the SCHMID network or parts thereof by setting up a VPN tunnel as well as the proper handling of contractual relationships with suppliers (Supplier Relationship Management).

After your registration you will be assigned a user name and password that will allow you to log in to the respective portal.

Communication data to the portals are stored in so-called log files, which are automatically deleted after a reasonable period. If you use our portals we store the data required for the fulfillment of the contract until your access finally expires.

The legal basis for the use of the portals is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

 

k. Newsletter

Provided that you have given your express consent in accordance with art. 6 para. 1 sentence 1 lit. a GDPR, we will use your e-mail address to regularly send you our newsletter. The indication of an e-mail address is sufficient for receiving the newsletter.

We like to point out that we evaluate your user behavior when sending our newsletter. For this we use the services of Inxmail GmbH, Wentzingerstraße 17, D-79106 Freiburg (“Inxmail”). For the purpose of analysis the emails sent with Inxmail contain a so-called tracking pixel which connects to the servers of Inxmail when the email is opened. In this way it can be determined whether a newsletter message has been opened. Furthermore, we can use Inxmail to determine if and which links in the newsletters message are clicked on. All links in the email are so-called tracking links that allow to count your clicks. The data are collected in a strictly pseudonymous form i.e. the data will not be linked to your further personal data and a direct reference to your person will be excluded.

The deregistration is possible at any time, for example through a link at the end of each newsletter. Alternatively, you can also send your wish for deregistration to [# general e-mail address] by e-mail at any time. As soon as you will have revoked your consent, we will delete your data stored solely for the purpose of sending our newsletter. “

 

7. Rights of persons concerned

You have the right

  • to request information about your personal data processed by us, pursuant to article 15 GDPR. In particular, you can request information on the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right for rectification, deletion, limitation of processing or objection, the existence of a right to appeal, the origin of your data, if it was not collected from us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information on their details;
  • to demand the immediate correction of incorrect or the completion of personal data stored by us, pursuant to article 16 GDPR;
  • to request the deletion of your data stored by us, pursuant to article 17 GDPR, unless the processing is required in order to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • to demand the restriction of the processing of your personal data pursuant to article 18 GDPR, as far as the accuracy of the data is disputed by you, the processing is unlawful, but you reject its deletion and we no longer need the data, but you require them to assert, exercise or defend legal claims or you have objected to processing, pursuant to article 21 GDPR;
  • to receive your personal data provided to us in a structured, common and machine-readable format or to request the transfer to another person responsible; pursuant to article 20 GDPR;
  • to revoke your once granted consent to us at any time, pursuant to article 7 (3) GDPR. Simply send an e-mail to datenschutz@schmid-group.com. that we may not continue the data processing based on this consent in the future;
  • For information, rectification and deletion requests, please contact our data protection officer via the email address datenschutzbeauftragter@SCHMID.com.
  • Pursuant to article 77 GDPR you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters.

 

8. Right of objection & data breaches

If your personal data are processed on the basis of legitimate interests pursuant to article 6 (1) sentence 1 lit. f GDPR, you have the right to file an objection against the processing of your personal data pursuant to article 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation. If you want to exercise your right of objection, please send an e-mail to datenschutz@schmid-group.com.

In case of data breaches please contact our data protection officer via the email address datenschutz@schmid-group.com.

 

9. Updating the data privacy statement

This data privacy statement is currently valid.

Due to the further development of the offers on our websites, web presentations and apps or due to changed legal or regulatory requirements, it may be necessary to change this data privacy statement.  Necessary updates of the data privacy statement are not expressly announced by us. We, therefore, recommend that you read the data privacy statement  again at regular intervals.

At any time you can call up and printout the then valid data privacy statement on our website.

 

 

Version: May 2018