Privacy Policy
As the operator of this website, we take the protection of your personal data very seriously, treat it confidentially in accordance with the current statutory data protection regulations and this privacy policy. In the following, we inform you in accordance with Article 13 of the EU General Data Protection Regulation (EU GDPR) about the processing of your personal data (hereinafter referred to as “data”).
- Definitions
The following privacy policy is based on the terms used by the European legislator for the adoption of the EU GDPR. To make it easier to read and understand, we would like to explain the terminology used in advance.
We use the following terms, among others, in this privacy policy:
- a) Personal data
Personal data is all information referring to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- b) Data subject (user)
A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for processing.
- c) Processing
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
- d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.
- e) Profiling
Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
- f) Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
- g) Controller or controller responsible for processing
Controller or controller responsible for processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- h) Processor
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- i) Recipient
Recipient is a natural or legal person, public authority, agency or other body, to which the personal data is disclosed, whether it is a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union law or the law of the Member States are not considered recipients.
- j) Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, is authorised to process personal data.
- k) Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
- Controller responsible for processing
Albert Schäfer Nachf. GmbH
Julius-Hölder-Straße 41
70597 Stuttgart, Germany
Legal representative: Sibylle Bachmann-Gneiding
Tel.: +49 (0) 711 6330370
E-mail: bachmann@albert-schaefer.de
- General information on data processing
- a) Scope of data processing
We only process our users’ personal data to the extent necessary to provide a functional website and our content and services. The processing of our users’ personal data takes place regularly only with the consent of the respective user. An exception applies in cases where prior consent cannot be obtained for factual reasons and processing of the data is permitted by law.
- b) Legal basis for data processing
Insofar as we obtain the consent of the data subject for processing personal data, Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (EU GDPR) serves as the legal basis.
When processing personal data that is necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 lit. b EU GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c EU GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d EU GDPR serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f EU GDPR serves as the legal basis for processing.
- c) Duration of processing
We only process your data for as long as is necessary to fulfil the contract, to maintain our relationship, or in accordance with applicable legal provisions.
Different retention periods apply to the storage of business documents. For data with tax relevance, a retention period of 10 years generally applies in accordance with the German Fiscal Code, and six years for other data in accordance with the provisions of the German Commercial Code.
As long as you do not object, we will use your data within the framework of our trusting business relationship for the benefit of both parties.
If you wish your data to be erased, we will erase it immediately, provided that there are no legal obligations to retain it.
- SSL encryption
This website uses SSL encryption (Secure Socket Layer) for transmitting data from your browser to our server and to servers that provide files that we embed on our website. You can recognise the presence of SSL encryption by the text “https” in front of the address of the website that you open in the browser.
- Use of cookies
- a) Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use cookies to make our website more user-friendly. Some elements of our website require the browser to be identifiable even when changing sites. We also use cookies on our website that permit an analysis of the users’ surfing habits.
The user data collected in this way is pseudonymised using technical precautions. It is therefore no longer possible to assign the data to the respective user. The data is not stored together with users’ other personal data.
When accessing our website, the user is informed about the use of cookies for analysis purposes and their consent to processing the personal data used in this context is obtained. In this context, reference is also made to this Privacy Policy.
- b) Legal basis for data processing
The legal basis for processing personal data using technically necessary cookies is Art. 6 para. 1 lit. f EU GDPR.
The legal basis for processing personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a EU GDPR if the user has given consent to this.
- c) Purpose of processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. This requires the browser to be recognised even after a page change. The user data collected by technically necessary cookies is not used to create user profiles.
Analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer.
These purposes also constitute our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 lit. f EU GDPR.
- d) Duration of storage, objection and removal options
Cookies are stored on the user’s computer and transmitted by it to our website. As a user, you therefore also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
- Google fonts (web fonts)
a) Scope of data processing
Our website uses certain Google fonts for display. When a page is called up, the user’s browser loads these fonts. The IP address of the user, including the page (Internet address) that the user has visited, is sent to a Google Inc. server (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Further information on Google web fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/.
- b) Legal basis for data processing
The legal basis for processing a user’s personal data is Art. 6 Para. 1 lit. f EU GDPR.
- c) Purpose of data processing
Google fonts are used for the visual presentation of text content.
- Google Maps
a) Scope of data processing
We use Google Maps API on our website. When using Google Maps, Google also collects, processes and utilises data about how users use the map functions. The provider is Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Further information about data processing by Google can be found in the Google privacy policy at https://www.google.com/policies/privacy/.
- b) Legal basis for data processing
The legal basis for processing a user’s personal data is Art. 6 Para. 1 lit. f EU GDPR.
- c) Purpose of data processing
Google Maps is used for the visual representation of geographical information.
- d) Right of objection and removal
Users can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently objecting to the setting of cookies. This would also prevent Google from placing a cookie on the user’s computer system. In addition, this can be deleted at any time via the Internet browser or other software programmes.
- Your rights as a data subject
In accordance with EU GDPR, you have the following rights:
- a) Right to information
You can request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing has taken place, you can request the following information from the controller:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data to be processed;
(3) the recipients or categories of recipients to whom your personal data has been or will be disclosed;
(4) the planned duration of storage of your personal data or, if specific information on this is not possible, criteria for determining the storage period;
(5) the existence of a right to rectification or erasure of your personal data, a right to restriction of processing by the controller, or a right to object to such processing;
(6) the existence of a right of appeal to a supervisory authority;
(7) all available information on the origin of the data if the personal data is not collected from the data subject;
(8) the existence of automated decision-making including profiling in accordance with Art. 22 para. 1 and 4 EU GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether your personal data is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 EU GDPR in connection with the transfer.
- b) Right to rectification of your data
You have a right to rectification and/or completion vis-à-vis the controller if your processed personal data is incorrect or incomplete. The controller must make this correction immediately.
- c) Right to restriction of processing your data
Under the following conditions, you may request the restriction of processing of your personal data:
(1) if you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
(2) processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
(3) the controller no longer needs the personal data for the purposes of processing, but it is required by you for the establishment, exercise or defence of legal claims, or
(4) if you have objected to processing pursuant to Art. 21 para. 1 EU GDPR and it has not yet been established whether the legitimate reasons of the controller override your reasons.
If processing of your personal data has been restricted, this data – apart from its storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.
- d) Right to erasure of your data
- aa) Obligation to erase
You have the right to obtain from the controller the erasure of your personal data without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(1) Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
(2) You revoke your consent on which processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a EU GDPR and there is no other legal basis for processing.
(3) You object to processing pursuant to Art. 21 para. 1 EU GDPR and there are no overriding legitimate grounds for processing, or you object to processing pursuant to Art. 21 para 2 EU GDPR.
(4) Your personal data has been processed unlawfully.
(5) The deletion of your personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which the controller is subject.
(6) Your personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 EU GDPR.
- bb) Information to third parties
If the controller has made your personal data public and is obliged to erase it pursuant to Article 17 para 1 EU GDPR, they shall take reasonable steps, including technical measures, taking account of the available technology and the cost of implementation, to inform controllers responsible for processing the personal data that you as the data subject have requested the erasure by such controllers of all links to, or copies or replications of, this personal data.
- cc) Exceptions
The right to erasure does not exist if processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i and Art. 9 para. 3 EU GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 para. 1 EU GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of such processing, or
(5) for the assertion, exercise or defence of legal claims.
- e) Right to information
If you have asserted your right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.
You have the right to be informed about these recipients by the controller.
- f) Right to data portability
You have the right to receive your personal data, which you have provided to the controller, in a structured, standardised and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to which your personal data has been provided, where:
(1) processing is based on consent pursuant to Art. 6 para. 1 lit. a EU GDPR or Art. 9 para. 2 lit. a EU GDPR or on a contract pursuant to Art. 6 para. 1 lit. b EU GDPR, and
(2) processing is carried out by automated means.
In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. This must not impair the freedoms and rights of other persons.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
- g) Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on (e) or (f) of Article 6 para. 1 EU GDPR, including profiling based on those provisions.
The controller will no longer process your personal data unless they demonstrate compelling legitimate grounds for such processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
Notwithstanding Directive 2002/58/EC, you have the option of exercising your right to object in connection with the use of information society services by means of automated procedures using technical specifications.
- h) Right to revoke your declaration of consent under data protection law
You have the right to revoke your declaration of consent under data protection law at any time. Your withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- i) Right to lodge a complaint with the data protection supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data infringes the EU GDPR. The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 EU GDPR.
The competence of the supervisory authority depends on your place of residence. A list of supervisory authorities can be found here:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
This Privacy Policy was drawn up by b2.legal Rechtsanwälte.