How we handle your data and your rights – information according to Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)
This data protection information applies to the collection, processing and use of your personal information when using our website and its subpages.
Scheidt & Bachmann GmbH (hereinafter "we" or "Scheidt & Bachmann") takes the protection of your personal information very seriously and adheres strictly to the rules set down by data protection legislation. The following statement provides an overview of how Scheidt & Bachmann ensures this protection and explains which types of data we collect for which purposes.
1. Responsibility for data processing
Responsibility for processing your personal information lies with:
Scheidt & Bachmann Österreich GmbH, Straubingstraße 4, 4030 Linz; Telephone: +43 732 321177; Fax: +43 732 321177 - 99; E-mail: firstname.lastname@example.org
2. Data Protection Officer:
You can reach our Data Protection Officer as follows:
Scheidt & Bachmann GmbH, Data Protection Officer, Breite Straße 132, 41238 Mönchengladbach; Telephone: +49 2166/266-839; Fax: +49 2166/266-254; E-mail: email@example.com
3. Which data do we process and from what sources?
We process personal data which you provide to us voluntarily or in the course of using our website.
For further details, please see Part II – Processing of personal data.
4. For what purpose do we process your data and on what legal basis?
We process your personal data for various purposes in line with the relevant data protection laws, in particular the GDPR and the Data Protection Act ("Datenschutzgesetz", DSG). The following generally apply in terms of the purpose of data processing: processing to meet contractual obligations (Article 6 Paragraph 1 Letter b GDPR), to safeguard legitimate interests (Article 6 Paragraph 1 Letter f GDPR), based on your consent (Article 6 Paragraph 1 Letter a GDPR) and/or based on statutory requirements (Article 6 Paragraph 1 Letter c GDPR).
For further details, please see Section II – Processing of personal data.
5. Who receives my data?
Service providers deployed by us and operating on our behalf (so-called "processors" cf. Article 4 No. 8 GDPR) can receive personal data. We use the following processors or categories of processor:
- IT service providers
- Google Inc.
In addition, we pass on your personal data to our subsidiaries, who also process personal data under their own responsibility (so-called "controllers", cf. Article 4 No. 7 GDPR).
6. Transfer of personal data to third countries
In cases described in Section II "Processing of personal data", we transfer your personal data to countries outside the European Economic Area (EEA) to the following recipients in third countries:
- Subsidiaries in Russia, Switzerland, Tunisia, Israel, USA and Canada
With regard to all recipients, we have implemented suitable guarantees (municipal data protection clauses in accordance with Art. 46 para. 2 DSGVO) to guarantee the security of your personal data. You may request a copy of these appropriate warranties. For this purpose, please contact the bodies designated in Section I, points 1 and 2.
7. Storage of data
We only process your personal data for as long as is necessary to serve the respective purpose of processing.
In addition, we are subject to various storage and documentation obligations, including those arising from the Business Code ("Unternehmensgesetzbuch" – UGB) and the Federal Fiscal Code ("Bundesabgabenordnung" – BAO). These obligations can apply for up to 7 years.
Finally, the duration of storage is also based on statutory limitation periods, which can be up to 30 years according to Paragraphs 1451 ff. of the Civil Code ("Allgemeinen Bürgerliches Gesetzbuch" – ABGB), whereby the regular limitation period is three years.
8. Your rights
Any person affected has the right of access according to Article 15 GDPR, the right to rectification according to Article 16 GDPR, the right to erasure according to Article 17 GDPR, the right to restriction of processing according to Article 18 GDPR and the right to data portability based on Article 20 GDPR. In order to exercise the above rights, please use the contacts specified above in Section 1 and 2 under Part I – General.
If you have issued your consent for us to process your data, you can cancel this at any time without any particular formal requirements. If possible, the cancellation should be sent to the contacts specified in Section 1 and 2 under Part I – General.
Users are also legally entitled to lodge a complaint with a supervisory authority (Article 77 GDPR). The supervisory authority responsible for Scheidt & Bachmann is:
- Österreichische Datenschutzbehörde, Wickenburggasse 8, 1080 Wien
You also have a right to object which is explained in more detail at the end of this data protection notice.
II. Processing of personal data
In order to make visiting our website more attractive and allow the use of certain functions, we use so-called cookies on various pages. Cookies are small text files which are stored on your end device. Cookies can be transmitted when a page is accessed, thereby allowing attribution of the user. Cookies help make it simpler for users to use web pages. Some of the cookies used by us are deleted when the browser session is finished, i.e. when the browser is closed (so-called session cookies). Other cookies remain on your end device and make it possible for us to recognise your browser again on your next visit (so-called persistent cookies).
You can set your browser so that your are informed when cookies are used and then decide in each individual case whether to accept them, or else you can rule out acceptance of cookies in certain cases or in general. You can delete cookies which have already been applied. If cookies are not accepted, the functionality of our website may be limited.
- Session ID
2. Automatic collection of access data/server logfiles
When you visit our website, the following set of data is automatically stored relating to each access:
- IP address
- Browser type/version
- Operating system used and resolution
- Previously visited website
- Time and frequency of server request
The personal data in logfiles is processed based on Article 6 Paragraph 1 Letter f GDPR. The purpose of data processing and our legitimate interest lie in the easier administration of our website and the possibility of identifying and pursuing hacking.
3. Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses so-called cookies – text files that are stored on your computer and allow analysis of your use of the website. The information generated by the cookie regarding your use of this website is generally transmitted to a Google server in the USA and stored there.
However, in case of the activation of IP anonymization on this website, your IP address is first abbreviated by Google within the member states of the European Union and in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymisation is active on this website.
On behalf of the operator of this website, Google uses this information to analyse your use of the website so as to compile reports on website activities for website operators and provide other services for the website operator connected with website use and internet use. Google does not link the IP address transferred by your browser in connection with Google Analytics to other data.
You can prevent the saving of cookies by making the appropriate setting in your browser software; however, we would like to point out that if you do so, you will not be able to use the full range of functions offered by this website. You can also prevent the data generated by the cookie relating to your use of the website (incl. your IP address) from being transmitted to Google and you can prevent the processing of this data by Google by downloading and installing the browser plug-in available under the following link (http://tools.google.com/dlpage/gaoptout?hl=de)
You can also prevent data collection by Google Analytics on our website by clicking on the following link. An opt-out cookie is applied which will prevent your data from being collected when visiting this website: Disable Google Analytics
Processing of personal data by Google Analytics is based on Article 6 Paragraph 1 Letter f GDPR. The purpose of data processing and our legitimate interest lie in the analysis and use of our website.
4. Google Maps
This website uses the Google product Google Maps. If you consent to the use of Google Maps on a subpage in which Google Maps is embedded and activate the plug-in, Google receives the information that you have accessed the relevant subpage of our website. In addition, data is collected which your browser sends to Google. This includes IP address, date and time of the request, amount of data transferred, operating system and the user interface, language and version of the browser software.
This occurs regardless of whether Google provides a user account via which you are logged in or no user account exists. If you are logged into Google, your data is attributed directly to your account. If you do not want the data to be attributed to your Google profile, you have to log out before activating the button. Google saves your data as use profiles and uses it for the purpose of advertising, market research and/or the needs-oriented design of its website. In order to exercise any rights such as a right to object to the creation of these user profiles, you must contact Google.
We have integrated YouTube videos in our website which are saved at www.youtube.com and can be played directly from our website. The videos are only activated if you specifically request this. These videos are also integrated in "extended data protection mode", i.e. no data about you as a user is sent to YouTube if you do not play the videos. Only when you play a video is the data transferred as specified in the next paragraph. We do not have any influence on this data transfer.
When you play the video, YouTube receives the information that you have accessed the relevant subpage of our website. In addition, data is collected which your browser sends to YouTube. This includes IP address, date and time of the request, amount of data transferred, operating system and the user interface, language and version of the browser software.
This occurs regardless of whether YouTube provides a user account via which you are logged in or no user account exists. If you are logged into Google, your data is attributed directly to your account. If you do not want the data to be attributed to your YouTube profile, you have to log out before activating the button. YouTube saves your data as use profiles and uses it for the purpose of advertising, market research and/or the needs-oriented design of its website. Such analysis (also in the case of users who are not logged in) serves the purpose of providing needs-oriented advertising and to inform other social network users about your activities on our website. In order to exercise any rights such as a right to object to the creation of these user profiles, you must contact Google.
On our website you will find contact forms which can be used to make contact electronically. Alternatively, it is possible to contact us via the e-mail addresses provided. If you contact us via one of these channels, we collect the personal data have entered and sent to us.
If you use the contact form, the personal data recorded comprises the master data entered (required fields: Mr./Mrs., last name, e-mail address, country; voluntary fields: first name, company, telephone number) and potentially any other personal data entered by you in the field labelled "Message". If you contact us directly by e-mail, we record your e-mail address and any personal data included in the text of the e-mail.
Processing is carried out based on Article 6 Paragraph 1 Letter f GDPR. The purpose of data processing and our legitimate interest lie in customer care and the ability to reply to messages sent to us.
Should it be necessary to answer your inquiry, we will pass on personal data to subsidiaries.
On our website you can sign up for various newsletters providing information on general company news, products, trade fairs and events.
In order to manage newsletter subscriptions we process the personal data sent to us via the registration form. This comprises master data (required fields: e-mail address, language, your interests; voluntary details: Mr./Mrs., title, name, company, country).
Processing is carried out based on Article 6 Paragraph 1 Letter f GDPR. The purpose of data processing and our legitimate interest lie in customer care and direct advertising.
8. Job vacancies
Our website also enables you to sign up for a newsletter containing details of new job vacancies.
In order to manage newsletter subscriptions we process the personal data sent to us via the registration form. This consists of the e-mail address, the areas of work you are interested in, your postcode and the geographical region in which you are interested in vacancies.
Processing is carried out based on Article 6 Paragraph 1 Letter f GDPR. The purpose of data processing and our legitimate interest lie in communicating job vacancies in our company to potential candidates.
We also occasionally carry out surveys, for example to assess customer satisfaction. Only customers invited by us are entitled to participate.
Surveys are always carried out anonymously. However, access codes are regularly sent out to customers for participation purposes. These can be attributed to the relevant customer. In the surveys themselves, some personal data is requested. If this is the case, however, submission of such details is voluntary and can be skipped. Processing of personal data is carried out based on Article 6 Paragraph 1 Letter f GDPR. The purpose and our legitimate interest lie in the analysis of customer satisfaction and product improvements.
10. Data area
We provide a data area in which we offer our customers and potential customers various documents for download. These include contract documents and product information, for example. Access is only provided for authorised users.
We process the following data for the purpose of access control: e-mail address, user name.
Processing of personal data is carried out based on Article 6 Paragraph 1 Letter f GDPR. The purpose and our legitimate interest lie in contract initiation, the provision of relevant documents and the prevention of unauthorised access to uploaded documents.
Information on your right to object according to Article 21a General Data Protection Regulation (GDPR)
You have the right at any time to object to personal data relating to you being processed based on Article 6 Paragraph 1 Letter f GDPR on grounds relating to your particular situation (data processing based on a balancing of interests); this also applies to any profiling based on this provision as defined by Article 4 No. 4 GDPR.
If you file an objection, we will no longer process your personal data, unless we can prove compelling, legitimate grounds for processing which override your interests, rights and freedoms or if the processing serves the enforcement, exercise or defence of legal rights.
In individual cases, we process your personal data for the purpose of direct advertising. You have the right at any time to object to the processing of personal data relating to you for the purpose of such advertising; this also applies to profiling insofar as it is has to do with such direct advertising.
If you object to the processing of data for the purpose of direct advertising, we will no longer process your personal data for this purpose.
There are no particular formal requirements for filing the objection; if possible it should be sent to the contacts specified above in Section 1 and 2 under Part I – General of this data protection notice.