LEGAL NOTICE

As of December 2019

Schiedel GmbH is responsible for the processing of personal data on this Website as defined by the European General Data Protection Regulation (“GDPR”). We thus act as Controller in the sense of Art. 4 no. 7 GDPR. By means of this Data Privacy Statement, Schiedel GmbH provides you with information regarding the nature, scope, and purpose of its processing of personal data, as well as regarding the rights pertaining to the individuals whose personal data are being processed by Schiedel GmbH. Personal data include all information related to an identified or identifiable natural person (the “Data Subject”), such as a person’s name or address, email address or online identifiers provided by their devices, applications, tools and protocols.

You can always visit our Website without having to actively provide personal data. The data that Schiedel GmbH processes based on a Website visit is explained below in Section 1 (“I. PRIVACY POLICY FOR ALL VISITORS OF THE WEBSITE”). The Website also offers services that you can only use if you actively provide us with personal data. These services, and the processing of data as a result of use of those respective services, are explained in Section 2 (“II. DATA PRIVACY STATEMENTS FOR USERS OF SPECIAL SERVICES”). You can find general data privacy information applicable to all kinds of data processing, e.g. regarding rights that you have as a Data Subject, in Section 3 (“III. GENERAL DATA PRIVACY INFORMATION”).

I. PRIVACY POLICY FOR ALL VISITORS OF THE WEBSITE

1. Access data

Schiedel GmbH collects log data every time the Website is accessed. Only technically required data are collected, i.e. the type and version of the browser, the user’s operating system, the referring URL (the website via which our Website was accessed), the date and time of access, the quantity of data transferred, the Internet Protocol address (IP address), and the Internet Service Provider of the accessing system. This information is kept by Schiedel GmbH for two weeks and then is deleted.

Schiedel GmbH will not  assign these data to specific persons or combine the data with other BMI Group data sources unless it is required to be able to provide law enforcement authorities with required information in the case of a cyber-attack. The data mentioned above are only used to provide Website content correctly, to optimize Website content and advertising and to ensure the long-term functionality of our IT systems and our Website technology. Schiedel GmbH therefore uses these data for both statistical purposes and to ensure data privacy and safety within the Company.

Data processing for the purposes mentioned above is carried out on the basis of the so-called balancing of interest clause of the GDPR (Art. 6(1) sentence 1 lit. f) GDPR).

2. Cookies and similar technologies

2.1 Cookies

The website uses “cookies”, which are small files that make it possible to store information related to the device on the end device of the user (PC, smartphone or similar). They serve to make the website more user-friendly, more effective and safer and in particular serve to optimize our offer for you and to be able to provide you with targeted information in the future.

Most of the cookies used by Schiedel GmbH are “session cookies”. They will be automatically deleted after the visit to the website. Other cookies remain on the end device until they are deleted. These cookies enable us to recognize your browser the next time you visit.

Users can influence the use of cookies. All common browsers have an option that restricts or completely prevents the storage of cookies. However, it is pointed out that the use and in particular the convenience of use are restricted without cookies. There is also the option to store many online advertising cookies from companies via the US website http://www.aboutads.info/choices or the European website http://www.youronlinechoices.com/uk/your-ad -choices / manage.

Basically, all usage data (such as IP addresses, user names, etc.) are saved using a pseudonym so that personal identification is excluded. The use of cookies can also be deactivated for our website at any time below by clicking the “opt-out” button.

As an alternative to the browser add-on or within browsers on mobile devices, please click this link Deactivate (Activate) to prevent Google Analytics from collecting data on this website in the future (the opt-out only works in this browser and only for this domain). An opt-out cookie is placed on your device. If you delete your cookies in this browser, you must click this link again.

2.2 Google Analytics

The website uses functions of the web analytics service Google Analytics. The provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called “cookies” (for more information, click here: support.google.com/analytics/answer/6004245). The information generated by the cookie about the use of the online offer by the user is usually transmitted to a Google server in the USA and stored there.

Google will use this information on behalf of Schiedel GmbH to evaluate the use of the online offer by Schiedel GmbH by users, to compile reports on the activities within this online offer and to further use the online offer and to provide us with services related to internet use. Pseudonymous user profiles can be created from the processed data.

Schiedel GmbH only uses Google Analytics with activated IP anonymization. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address is only transferred to a Google server in the USA and abbreviated there in exceptional cases.

The IP address transmitted by the user’s browser is not merged with other Google data. The users can prevent the storage of cookies by setting their browser software accordingly; Users can also prevent Google from collecting the data generated by the cookie and relating to their use of the online offer and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://www.youronlinechoices.com/uk/your-ad-choices/.

You can find further information on the use of data by Google for advertising purposes, setting and objection options on the Google website: https://www.google.com/intl/de/policies/privacy/partners (“Use of data by Google when you use our website or apps from our partners ”), http://www.google.com/policies/technologies/ads (“ Use of data for advertising purposes ”), http://www.google.de/settings/ads (“ Manage information that Google used to show you advertisements ”) and http://www.google.com/ads/preferences (“ Determine which advertisements Google shows you ”).

2.3 Google Tag Manager

This website also uses the Google Tag Manager of Google (see point (2) above). This service allows website tags to be managed through a single interface. The service does not set cookies and does not collect personal information. The service triggers other tags that may collect data. However, Google Tag Manager does not access this data. If disabled at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager.

2.4 YouTube

We have included YouTube videos in our online offering, which are stored on https://www.youtube.com and are directly playable from our website. [These are all embedded in the “enhanced privacy mode”, which means that no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos, the data mentioned in paragraph 2 will be transmitted. We have no influence on this data transfer.]

By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the data mentioned under § 3 of this declaration will be transmitted. This happens regardless of whether YouTube provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to associate with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for purposes of advertising, market research and / or custom design of its website. Such an evaluation is done in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about their activities on our website. You have a right to object to the creation of these User Profiles, and you must be directed to YouTube to use them.

For more information on the purpose and scope of your data collection and processing through YouTube, please read the privacy policy. You’ll also get more information about your rights and privacy settings here: https://www.google.com/intl/en/policies/privacy . Google also processes your personal information in the US and has submitted to the EU-US privacy shield https://www.privacyshield.gov/EU-US  framework.

2.5 Integration of Google Maps

On this website we use the offer of Google Maps. This allows us to show you interactive maps directly in the website and allow you to conveniently use the map feature.

By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 3 of this declaration will be transmitted. This is done regardless of whether Google provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and / or tailor-made website design. Such an evaluation is done in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about their activities on our website. You have a right of objection to the formation of these user profiles, and you must comply with this to Google.

For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the provider’s privacy policy. You can also find more information about your rights and privacy settings here: http://www.google.com/intl/en/policies/privacy . Google also processes your personal information in the United States and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US Framework .

3. Contact

The Website allows you to contact Schiedel GmbH via email to our Director of Group Communications. The personal data provided by each respective user is stored for the purpose of answering your request. The data is deleted as soon as it is no longer needed for these purposes, provided that this is not prevented by legal retention requirements or you have declared your consent to longer storage. The processing of your described above is necessary in order to answer your request (Art. 6(1) sentence 1 lit. b) GDPR). The processing of further data provided voluntarily by you in the contact form is based on the interest balancing clause of the GDPR (Art. 6(1) sentence 1 lit. f) GDPR).

II. DATA PRIVACY STATEMENTS FOR USERS OF SPECIAL SERVICES

1. Online applications

The Website gives you the opportunity to sign up for job alerts by email, apply for jobs online or via email for employment or training positions offered by the Schiedel GmbH and its affiliates. For such online alerts and applications, the Data Privacy Statement applies in addition to other legal requirements. On the basis of an online application initiated by you, we process the personal data you provide to Schiedel GmbH electronically for the purpose of the application. Such processing is necessary in order to take steps at your request prior to entering into a contract (cf. Art. 6(1) sentence 1 lit. b GDPR). Please read this Data Privacy Statement before you send us your personal data.

1.1 Data transmission

When applying to Schiedel GmbH and its affiliate companies online or via email you provide Schiedel GmbH with personal data such as name, postal and email address as well as information regarding your education and professional qualifications, certificates and other information and documents commonly used when applying for a job. In your own interest please only disclose special categories of personal data (such as ethnic background, political opinion, membership in a trade union, physical and mental health, or religious or philosophical belief,  collectively “Sensitive Data”, cf. Art. 9(1) GDPR) that you expressly wish us to receive. We do not expect you to submit nor request you to send such Sensitive Data.

1.2 Data storage, usage, and deletion

Schiedel GmbH stores and uses information and files provided by you only to record and process your application, which includes contacting you. If your application is successful, the information and files you provide may continue to be used in the course of an employment relationship with you. Otherwise, Schiedel GmbH will retain your information and files for a period of 6 months after completion of the hiring process (unless a shorter period is required by local law) in order to be able to answer any questions regarding your application, to comply with legal obligations and assert, exercise or defend any existing or potential claims. After expiry of this period, your data will typically be deleted.

If, by checking the corresponding box, or by indicating this when applying via email, you have given us approval to also send your information and files to other Schiedel GmbH companies, we will forward your application file to other group companies that might have open positions suited to you.

1.3 Cancellation; application withdrawal

III. GENERAL DATA PRIVACY INFORMATION

1. Information regarding the Data Protection Officer

The Schiedel GmbH  Data Protection Officer is:  Sebastian Kraska,  +49 (0) 89 18917360, BMIGroup@iitr.de

2. Legal basis for processing

Art. 6 para. 1 lit. a and Art. 7 GDPR serves Schiedel GmbH as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of any other service or consideration, the processing is based on Art. 6 para. 1 lit. b GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries about our products or services. The legal basis for the processing of data to fulfil the legal obligations of Schiedel GmbH is Art. 6 Para. 1 lit. c GDPR. The legal basis for processing to safeguard the legitimate interests of Schiedel GmbH is Art. 6 para. 1 lit. f GDPR.

3. Automated decision making

Schiedel GmbH foregoes automatic decision making and profiling.

4. Right to lodge a complaint with the supervisory authority

5. Rights of the data subject vis-à-vis Schiedel GmbH

If the Schiedel GmbH processes “personal data” from you as a “controller” within the meaning of the GDPR, you – as a so-called “data subject” within the meaning of the GDPR – have certain rights against the Schiedel GmbH which you will be informed of below.
If you would like to exercise one of these rights as a data subject, please contact our data protection officer or the following address: BMIgroup@iitr.de

A consent given by you can be revoked in principle using the same technical method as the consent.
As the person concerned, you have the following rights vis-à-vis Schiedel GmbH:

5.1 Right to confirmation

According to Art. 15 GDPR, every data subject has the right to ask the controller to confirm whether they are processing personal data.

5.2 Right to information

According to Art. 15 GDPR, every person affected by the processing of personal data has the right to information about this personal data and the following information:

• the processing purposes;
• the categories of personal data that are processed;
• the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations;
• if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
• the existence of a right to correction or deletion of the personal data relating to them or to restriction of processing by the person responsible or a right to object to this processing;
• the right to lodge a complaint with a supervisory authority;
• if the personal data is not collected from the data subject: all available information about the origin of the data;
• the existence of automated decision-making, including profiling, in accordance with Article 22 Paragraphs 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.

The data subject also has the right to information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to receive information about the appropriate guarantees in connection with the transfer.

The controller provides a copy of the personal data that are the subject of the processing.

5.3 Right to rectification

According to Art. 16 GDPR, every data subject has the right to request that the controller immediately correct any incorrect personal data concerning them. Taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data – also by means of a supplementary declaration.

5.4 Right to erasure (right to be forgotten)

According to Art. 17 GDPR, every person affected by the processing of personal data has the right to require the person responsible to delete their personal data immediately, unless there is an exception according to Art. 17 Para. 3 GDPR and one of the following reasons applies:

• The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
• The data subject withdraws their consent on which the processing was based in accordance with Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 Letter a GDPR, and there is no other legal basis for the processing.
• The data subject objects to the processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in accordance with Article 21 (2) GDPR.
• The personal data was processed illegally.
• The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the controller is subject.
• The personal data were collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.

If the personal data were made public by Schiedel GmbH, as the person responsible, is obliged to delete the personal data in accordance with Art. 17 Para. 1 GDPR, then Schiedel GmbH applies Taking into account the available technology and implementation costs, appropriate measures, including technical ones, to inform other data controllers who process the published personal data that the data subject has deleted all links from these other data controllers has requested this personal data or copies or replications of this personal data.

5.5 Right to restriction of processing

According to Art. 18 GDPR, every person affected by the processing of personal data has the right to request the controller to restrict processing if one of the following conditions is met:

• The data subject disputes the accuracy of the personal data for a period of time that enables the person responsible to check the accuracy of the personal data.
• The processing is unlawful, the data subject refuses to delete the personal data and instead requests that the use of the personal data be restricted.
• The controller no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims.
• The data subject has objected to processing in accordance with Art. 21 para. 1 GDPR and it is not yet clear whether the legitimate reasons of the person responsible outweigh those of the data subject.

5.6 Right to data portability

According to Art. 20 GDPR, every person affected by the processing of personal data has the right to receive the personal data concerning them, which was provided to a responsible person by the data subject, in a structured, common and machine-readable format. You also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that

• the processing on the consent according to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 lit. a GDPR or based on a contract in accordance with Art. 6 Para. 1 Letter b GDPR and
• processing is carried out using automated processes.

Furthermore, when exercising their right to data portability in accordance with Art. 20 Para. 1 GDPR, the data subject has the right to have the personal data transferred directly from one controller to another, insofar as this is technically feasible and if not the rights and freedoms of others are compromised.

However, this right to data portability does not apply to processing that is necessary for the performance of a task that is in the public interest or in the exercise of official authority that has been transferred to the person responsible.

5.7 Right to object

According to Art. 21 GDPR, every person affected by the processing of personal data has the right, for reasons that arise from their particular situation, at any time against the processing of personal data concerning them, which is based on Art. 6 Para. 1 lit. e or lit. f GDPR, to file an objection. This also applies to profile based on these provisions.

Schiedel GmbH will no longer process the personal data in the event of an objection unless we can demonstrate compelling legitimate grounds for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defence of legal claims.

If Schiedel GmbH processes personal data in order to carry out direct advertising, the data subject has the right to object to the processing of personal data for the purpose of such advertising at any time in accordance with Article 21 (2) GDPR. This also applies to profile insofar as it is connected to such direct advertising. If the data subject objects to Schiedel GmbH processing for direct marketing purposes, Schiedel GmbH will no longer process the personal data for these purposes.

In addition, the data subject has the right under Article 21 (3) GDPR to object to the processing of personal data relating to him or her, which is carried out at Schiedel GmbH for scientific or historical research purposes, for reasons that arise from their particular situation for statistical purposes in accordance with Art. 89 Para. 1 GDPR, to object unless such processing is necessary to fulfil a task in the public interest.

5.8 Right to withdraw consent

Any person affected by the processing of personal data has the right to revoke their consent to the processing of personal data at any time. However, the withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.