Privacy Statement

Thank you for your interest in our company. Data privacy is of particular importance to management at Wilh. Schlechtendahl & Söhne GmbH & Co. KG. It is generally possible to use the Wilh. Schlechtendahl & Söhne GmbH & Co. KG website without providing personal data. However, if a data subject wishes to avail of the special services offered by our company through the website, it may become necessary to process personal data. If it is necessary to process personal data and if there is no legal basis for this processing, we will generally obtain the consent of the data subject.

Processing personal data, for example, the name, address, email address or telephone number of a data subject, will always be in harmony with the General Data Protection Regulation (GDPR) and in agreement with any country-specific data protection provisions applicable to Wilh. Schlechtendahl & Söhne GmbH & Co. KG. By way of this Privacy Statement, our company wishes to inform the public about the type, extent and purpose of the personal data collected, used and processed by us. Furthermore, data subjects are informed of their rights by way of this Privacy Statement.

Wilh. Schlechtendahl & Söhne GmbH & Co. KG, as the data controller, has implemented a number of technical and organisational measures in order to ensure as complete a protection as possible of the personal data processed through this website. Nonetheless, web-based data transfer may generally have security gaps, meaning that absolute protection cannot be guaranteed. For this reason, each data subject also has the option of transmitting personal data to us by alternative means, for example, by telephone.

1. Definitions

The Privacy Statement of Wilh. Schlechtendahl & Söhne GmbH & Co. KG is based on the terminology which was used by the European Regulator on enactment of the European General Data Protection Regulation (GDPR). Our Privacy Statement should be easily readable and comprehensible both for the public and for our customers and business partners. In order to ensure that this is the case, we are providing in advance an explanation of the terminology used.

We use the following terms, among others, in this Privacy Statement:

·         a)     Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as the ‘data subject’). An identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

·         b)     Data subject

Data subject is any identified or identifiable natural person whose personal data are processed by the data controller.

·         c)     Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

·         d)     Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of restricting its future processing.

·         e)     Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

·         f)      Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

·         g)     Data controller

Data controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria for its nomination may be provided for by Union or Member State law.

·         h)     Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.

·         i)       Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data within the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.

·         j)       Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, data controller, processor and persons who, under the direct authority of the data controller or processor, are authorised to process personal data.

·         k)     Consent

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of his or her personal data.

2. Name and address of the data controller

The data controller for the purposes of the General Data Protection Regulation, and of other data protection legislation applicable in the Member States of the European Union and other legislation of a data protection nature is:

Wilh. Schlechtendahl & Söhne GmbH & Co. KG

Hauptstraße 18-32

42579 Heiligenhaus

Germany

Tel.: 0049 (0) 2056 / 17-0

Email: wss@wss.de

Website: www.wss.de

3. Data protection officer

We have appointed a data protection officer for our company:

Wilh. Schlechtendahl & Söhne GmbH & Co. KG

Hauptstraße 18-32

42579 Heiligenhaus

Germany

Tel.: 0049 (0) 2056 / 17-1383

Email: datenschutz@wss.de

Any data subject may contact the data protection officer directly at any time regarding issues and suggestions in relation to data protection.

4. Collecting general data and information

The website of Wilh. Schlechtendahl & Söhne GmbH & Co. KG collects a set of general data and information each time a data subject or an automated system accesses the website. This general data and information are stored in the server log files. The following information may be collected: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the web page from which an accessing system has accessed our website (referred to as the “referrer”), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time our website is accessed, (6) an internet protocol address (IP address) in anonymised form, (7) the internet service provider of the accessing system and (8) other similar data and information that serve an emergency response in the event of attacks on our information technology systems.

When using this general data and information, Wilh. Schlechtendahl & Söhne GmbH & Co. KG does not draw any conclusions regarding the data subject. Rather, this information is used to (1) correctly deliver the content of our website, (2) optimise the content of our website and the advertising of this content, (3) ensure the permanent proper functioning of our information technology systems and of the technology of our website as well as (4) to provide criminal investigation authorities with the necessary information required for a prosecution in the event of a cyber attack. Therefore, Wilh. Schlechtendahl & Söhne GmbH & Co. KG will analyse the collected data and information firstly for statistical purposes and secondly with the aim of increasing data privacy and data security in our company, ultimately in order to ensure an ideal level of protection for the personal data processed by us. The anonymous data in the server log files is stored separately from all personal data provided by a data subject.

5. Contact options via the website

The website of Wilh. Schlechtendahl & Söhne GmbH & Co. KG contains, by law, information that allows for quick contact to be made electronically with our company in addition to allowing for direct communication with us, which also includes a general address for electronic post (email address). When a data subject makes contact with the data controller by email or using a contact form, the personal data transmitted by the data subject will be automatically stored. Such personal data transmitted voluntarily by a data subject to the data controller will be stored for the purposes of processing or for making contact with the data subject. This personal data will not be disclosed to third parties.

6. Routine erasure and blocking of personal data

The data controller will process and store personal data of the data subject only for the period required to achieve the purpose of the storage or where this is intended by the European legislator or another legislator in statutes or legislation to which the data controller is subject.

If the purpose of the storage lapses or if a storage period that is stipulated by the European legislator or another competent legislator expires, the personal data will be blocked or erased routinely and in line with statutory provisions.

7. Rights of the data subject

·         a)     Right to confirmation

Every data subject has the right, granted by the European legislator, to request from the controller confirmation as to whether or not their personal data is being processed. If a data subject wishes to avail of this right to confirmation, they may at any time contact our data protection officer or any member of staff working for the data controller.

·         b)     Right of access

Every data subject whose personal data is processed has the right, granted by the European legislator, to access their stored personal data and receive a copy of this information from the data controller, free of charge and at any time. Furthermore, the European legislator has to provide access to the data subject about the following:

o    the purpose of the processing

o    the categories of personal data that will be processed

o    the recipients or the categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or at international organisations

o    where possible, the planned duration of the storage of the personal data or, if this is not possible, the criteria to be applied when determining the duration

o    the existence of the right to rectification or erasure of their personal data or the right to restriction on processing by the data controller or the right to object to such processing

o    the existence of the right to object at a supervisory authority

o    if the personal data are not collected from the data subject: all available information about the origin of the data

o    The existence of automated decision making including profiling pursuant to Article 22(1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Furthermore, the data subject has the right to request information as to whether personal data has been transmitted to a third country or to an international organisation. If this is the case, the data subject generally has the right to access about the appropriate guarantees in connection with such transmission.

If a data subject wishes to avail of this right of access, they may contact our data protection officer or any member of staff working for the data controller at any time to this end.

·         c)     Right to rectification

Every data subject whose personal data is processed has the right, granted by the European legislator, to request the immediate rectification of inaccurate personal data about them. Furthermore, the data subject has the right, granted by the European legislator, and having regard to the purpose of the processing, to request the completion of incomplete personal data, also by way of a supplementary declaration.

If a data subject wishes to avail of this right to rectification, they may contact our data protection officer or a member of staff of the data controller at any time to this end.

·         d)     Right to erasure (right to be forgotten)

Every data subject whose personal data is processed has the right, granted by the European legislator, to request from the data controller that their personal data be erased without delay, if one of the following grounds is given and if the processing is not necessary:

o    The personal data were collected for purposes or otherwise processed for which they are no longer required.

o    The data subject withdraws consent on which the processing was based pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR, and there is no other legal basis for the processing.

o    The data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR.

o    The personal data have been unlawfully processed.

o    The personal data have to be erased in order to ensure compliance with a legal obligation under Union law or the law of a Member State, to which the data controller is subject.

o    The personal data were collected in relation to services offered by the information society pursuant to Article 8(1) GDPR.

If one of the above-mentioned grounds applies and a data subject wishes to have personal data erased that is stored by Wilh. Schlechtendahl & Söhne GmbH & Co. KG, the data subject may contact our data protection officer or a member of staff at the data controller at any time to this end. The data protection officer at Wilh. Schlechtendahl & Söhne GmbH & Co. KG or another member of staff will arrange for the request for erasure to be carried out without delay.

If the personal data was made public by Wilh. Schlechtendahl & Söhne GmbH & Co. KG and if our company as data controller is obliged pursuant to Article 17(1) GDPR to erase the personal data, then Wilh. Schlechtendahl & Söhne GmbH & Co. KG, having regard to the available technology and the cost of implementation, will take reasonable steps, including of a technical nature, to inform other data controllers who are processing the disclosed personal data, that the data subject has requested the erasure by such data controllers of all links to this personal data or of copies or replications of the personal data, provided the processing is not necessary. The data protection officer at Wilh. Schlechtendahl & Söhne GmbH & Co. KG or another member of staff will make the necessary arrangements in each individual case.

·         e)     Right to restriction of processing

Every data subject whose personal data is processed has the right, granted by the European legislator, to request the data controller to restrict processing, if one of the following grounds is given:

o    The data subject is disputing the accuracy of the personal data and specifically in relation to a period of time that allows the data controller to check the accuracy of the personal data.

o    The processing is unlawful and the data subject rejects the erasure of the personal data and instead requests the restriction of the use of the personal data.

o    The data controller no longer requires the personal data for the purposes of processing, but the data subject requires it for the purpose of the establishment, exercise or defence of legal claims.

o    The data subject has objected to the processing pursuant to Article 21(1) GDPR and it has not yet been verified whether the legitimate grounds of the data controller override the legitimate grounds of the data subject.

If one of the above-mentioned grounds applies and the data subject wishes to request the restriction of personal data that is stored with Wilh. Schlechtendahl & Söhne GmbH & Co. KG, the data subject may contact our data protection officer or a member of staff at our data controller at any time to this end. The data protection officer at Wilh. Schlechtendahl & Söhne GmbH & Co. KG or another member of staff will arrange for the restriction of processing.

·         f)      Right to data portability

Every data subject whose personal data is processed has the right, granted by the European legislator, to receive in a structured, commonly-used and machine-readable format their personal data that have been provided to a data controller by the data subject. In addition, the data subject has the right to transmit that data to another data controller without hindrance from the data controller to which the personal data has been provided, where the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or based on a contract pursuant to Article 6(1)(b) GDPR and the processing is carried out by automated means, provided the processing is not required for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.

Furthermore, in exercising this right to data portability, the data subject also has the right pursuant to Article 20(1) GDPR to have their personal data transmitted directly from one data controller to another, where technically feasible, and provided that the rights and freedoms of others are not affected in so doing.

In exercising the right to data portability, the data subject may at any time contact the data protection officer appointed by Wilh. Schlechtendahl & Söhne GmbH & Co. KG or another member of staff.

·         g)     Right to object

Every data subject whose personal data is processed has the right, granted by the European legislator, to object at any time, on grounds relating to their own particular situation, to the processing of their personal data that is based on Article 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.

Wilh. Schlechtendahl & Söhne GmbH & Co. KG , in the event of an objection, will no longer process the personal data, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or where the processing is for the purpose of the establishment, exercise or defence of legal claims..

If Wilh. Schlechtendahl & Söhne GmbH & Co. KG processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for the purpose of such marketing. This also applies to profiling if it is in connection with such direct marketing. If the data subject objects directly to Wilh. Schlechtendahl & Söhne GmbH & Co. KG about processing for the purposes of direct marketing, then Wilh. Schlechtendahl & Söhne GmbH & Co. KG will no longer process the personal data for such purposes.

In addition, the data subject has the right for reasons relating to their own particular situation, to object to the processing of their personal data, which were processed by Wilh. Schlechtendahl & Söhne GmbH & Co. KG for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) GDPR, unless such processing is required for the fulfilment of a task that is in the public interest.

In order to exercise the right to object, the data subject may contact the data protection officer directly at Wilh. Schlechtendahl & Söhne GmbH & Co. KG or another member of staff. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject has the option of exercising their right to object by automated means for which technical specifications are used.

·         h)     Automated decision making in an individual case including profiling

Every data subject whose personal data is processed has the right, granted by the European legislator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or which similarly significantly affects them, if the decision (1) is not required for the conclusion or performance of a contract between the data subject and the data controller, or (2) is permissible under Union or Member State law to which the data controller is subject and these laws also contain suitable measures to safeguard the rights and freedoms and legitimate interests of the data subject or (3) is carried out with the express consent of the data subject.

If the decision (1) is required for the conclusion or the performance of a contract between the data subject and the data controller or (2) if it is carried out with the express consent of the data subject, Wilh. Schlechtendahl & Söhne GmbH & Co. KG will take suitable steps to safeguard the rights and freedoms and the legitimate interests of the data subject, which involves at least the right to obtain human intervention on the part of the data controller, to express his or her point of view and to contest the decision.

If the data subject wishes to exercise rights in relation to automated decisions, they may contact the data protection officer or any other member of staff at the data controller at any time to this end.

·         i)       Right to withdraw consent to data processing

Every data subject whose personal data is processed has the right, granted by the European legislator, to withdraw consent to the processing of their personal data at any time.

If the data subject wishes to exercise their right to withdraw consent, they may contact the data protection officer or any other member of staff at the data controller at any time to this end.

8. Analytical tools and tools from third party providers

·         a)    Cookies

In some cases, this website uses cookies. Cookies do not damage the computer and do not contain viruses. Cookies are used to make our website more user friendly, effective and secure. Cookies are small text files that are filed on your computer and stored by your browser.

Most of the cookies used are referred to as “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. Cookies enable us to recognise your browser at your next visit.

You can set your browser in such a way that you will be notified that cookies are being set and you can allow them to be set only in an individual case, that you will be able to exclude cookies in certain cases or generally and that you will be able to activate the automated deletion of the cookies when you close your browser. The functionality of this website may be restricted if cookies are deactivated.

Cookies that are required to carry out electronic communications or to provide certain functions requested by you, will be stored on the basis of Article 6(1)(f) GDPR. The website provider has a legitimate interest in the storage of cookies in order to ensure a fault-free and optimised provision of its services. If other cookies (e.g. cookies used for the analysis of your surfing behaviour) are stored, they will be dealt with separately in this Privacy Statement.

·         b)    Server log files

The provider of the website automatically collects and stores data in what are referred to as server log files, which your browser transmits to us. These data are:

·         Browser type and browser version

·         operating system used

·         referrer URL

·         host name of accessing computer

·         time of server query

·         IP address

These data will not be associated with other data sources.

The basis for data processing is Article 6(1)(b) GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

·         c)    Contact form

When you send us a query via the contact form, the data from the contact form, together with any contact data you may have included there, will be stored by us for the purpose of processing your query and for possible follow-up queries. We will not disclose this data without your consent.

The data included in the contact form will therefore be processed exclusively on the basis of your consent (Article 6(1)(a) GDPR). You may withdraw this consent at any time. An informal notification by email to us is sufficient in this case. The lawfulness of any processing that was carried out prior to the withdrawal of consent will not be affected by this.

We will continue to store the data provided by you by way of the contact form until such time as you request its erasure, withdraw consent to its storage or the purpose for such data storage lapses (e.g. once your query has been conclusively addressed). Mandatory statutory requirements, in particular in reference to retention periods, remain unaffected by this.

·         d)    Google Maps

This website uses the Google Maps API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

It is necessary to store your IP address in order to use the functions of Google Maps. As a rule, this data is transmitted to a Google server in the USA and stored there. The provider of this website has no influence over this data transmission

We use Google Maps in order to provide an appealing presentation of our online content and for easier retrievability of the locations stated on our website. This constitutes a legitimate interest within the meaning of Article 6(1)(f) GDPR.

For additional information about handling user data, please see the Google privacy statement: https://www.google.de/intl/en/policies/privacy/.

9. Newsletter

We require your name and email address for your written subscription to an electronic newsletter or for the double opt-in process for registering the newsletter. Any other details are voluntary and will also be stored and used exclusively as part of your enquiry, e.g. in the case of queries.

10. Legal basis for processing

Article 6(1)(a) GDPR provides the legal basis for our company for processing procedures, where we obtain consent for a specific processing purpose. Processing is based on Article 6(1)(b) GDPR where the processing of personal data is required for the fulfilment of a contract, where one of the parties is the data subject, as is the case, for example, with processing procedures that are necessary for goods delivery or for the performance of another service or service in return. This also applies to processing procedures that are required for the performance of pre-contractual measures, for example, in the case of enquiries regarding our products or services. Processing is based on Article 6(1)(c) GDPR where our company is subject to a legal obligation which requires the processing of personal data, for example, for meeting tax obligations. In some rare cases the processing of personal data may become necessary in order to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor to our facility were to be injured and subsequently his name, age, health insurance data or other vital information had to be forwarded to a doctor, a hospital or another third party. In this case, processing would be based on Article 6(1)(d) GDPR. Finally, processing procedures may be based on Article 6(1)(f) GDPR. Processing procedures that are not covered by any of the above-mentioned legal bases are based on this Article, if the processing is required in order to safeguard a legitimate interest of our company or of a third party, provided the interests, basic rights and freedoms of the data subject are not overriding. We are particularly permitted to carry out such processing procedures as they are expressly mentioned by the European legislator. In this respect, the European legislator was of the opinion that a legitimate interest could be assumed if the data subject is a customer of the data controller (recital 47, sentence 2 GDPR).

11. Legitimate interests in processing that are pursued by the data controller or a third party

If the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is the performance of our business activity to the benefit of the well-being of all our staff and our shareholders.

12. Duration of the storage of personal data.

The criterion for the duration of the storage of personal data is the relevant statutory retention period. Once this period expires, the data in question will be routinely erased, provided they are no longer required for the performance of a contract or for contract initiation.

13. Statutory or contractual requirements for the provision of personal data; requirement for contractual conclusion; obligation of the data subject to provide personal data; possible consequences of the failure to provide personal data

We hereby declare that the provision of personal data is in part required by law (e.g. tax legislation) or that it may arise from contractual arrangements (e.g. details about a contractual partner). Sometimes, the conclusion of a contract may require that a data subject provides us with personal data which subsequently has to be processed by us. For example, the data subject is obliged to provide us with personal data if our company enters into a contract with the data subject. A failure to provide personal details could result in the contract with the data subject not being concluded. Prior to the data subject providing personal data, the data subject has to contact our data protection officer. Our data protection officer will then clarify for the data subject whether the provision of personal data is required by law or contractually or is required in order to conclude a contract, and whether there is an obligation to provide the personal data and about the consequences of the failure to provide personal data.

14. Existence of automated decision making

As a company that is very aware of our responsibilities, we dispense with automated decision making or profiling.

 

Source:

Privacy Statement generator of the Deutsche Gesellschaft für Datenschutz (German Association for Data Protection), in cooperation with the lawyers at WBS-LAW