Duty to provide information when collecting Personal data pursuant to Art. 13 and 14 GDPR

Details of the data controller (the company)


Schondelmaier GmbH Presswerk
77793 Gutach Germany

Phone: +49 7833 791-0
E-mail: datenschutz[at]schondelmaier.de


Data Protection Officer


If you have any questions regarding data protection, please contact our data protection officer at datenschutz[at]vimopro.de or at the following postal address:

vimopro GmbH
Benediktinerring 10
78050 Villingen-Schwenningen

Germany
Phone: +49 7721 6981151

Processing your personal data - purposes and legal basis



Data processing on the company's website


Log files

When our website is accessed, log files are recorded and remain stored for seven days. Such log files are automatically transmitted by your browser to us or the service provider of the website.

These are the following data:

• Browser type and version
• Referrer URL (from which website you came to us)
• Host name of the accessing computer
• Operating system used
• Time of the server request
• IP address

This data serves to ensure a technically flawless website and is therefore collected on the basis of Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in the error-free presentation of our online presence and the resulting optimisation of the website, if necessary.

Hosting


We host our website with the following provider:

Mittwald CM Service GmbH & Co KG
Königsberger Straße 4-6
32339 Espelkamp

This company is the recipient of your personal data and acts as a data processor for us. The servers are located in Germany.

For further information on the possibilities of objection and removal vis-à-vis Mittwald CM Service GmbH & Co. KG, please refer to the provider's privacy policy: https://www.mittwald.de/datenschutz.

Cookies


When you visit our website, small data records containing information may be stored in the browser of your end device. These data records are called cookies.

We use cookies on our website to enable certain functions such as saving the language selection of your shopping basket. When we use cookies, they are usually technically necessary cookies that do not require consent in accordance with the General Data Protection Regulation (GDPR) and the Telecommunications Telemedia Data Protection Act (TTDSG). If we use cookies that cannot be classified as necessary, we will ask you for your consent beforehand.

Our legal basis for setting technically necessary cookies is based on our legitimate interest (pursuant to Article 6(1)(f) of the General Data Protection Regulation) in improving the functionality of our website.

You can adjust your cookie settings at any time via the corresponding link in the footer of our pages.

Session cookies are deleted when you close your internet browser. Cookies can generally be deleted by you via the settings of your browser.

Contact requests / contact possibility


If you contact us (e.g. by contact form, telephone or e-mail), the data you provide will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. The processing of this data is based on Art. 6 para. 1 lit. b) GDPR, insofar as your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a) GDPR) by implied conduct with the contact.

The data you send us will remain with us until you request erasure, revoke your consent to storage or the purpose for storing the data no longer applies (e.g. after processing your enquiry has been completed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Google Fonts


To display external fonts, we have dynamically integrated Google Fonts on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, a subsidiary of the US-based Google LLC, hereinafter referred to as "Google".

We integrate the fonts on the basis of Art. 6 para. 1 lit f. Our legitimate interest lies in the uniform, optimised and economic operation of our websites.

The dynamic integration of the fonts means that network connections to Google servers are established when our websites are called up in order to reload the fonts. For technical reasons, your IP address, among other things, is transmitted to Google. Since Google has its headquarters in the USA and a large part of its servers are located there, data transfers also take place outside the EU. The EU Commission has not issued an adequacy decision for the USA, as the legal situation there does not guarantee that you can fully exercise your rights under the GDPR. The transmission of your IP address as personal data therefore involves a risk that cannot be completely minimised even by our EU standard contractual clauses with Google.

Google holds under

https://adssettings.google.com/authenticated (for registered users),
https://adssettings.google.com/ (for non-registered users) and

https://policies.google.com/privacy

The following information is available to you on our website: how the Group handles the data collected and what options are available to you to prevent the use of the data.

Vimeo



We use the video platform Vimeo on our website. Vimeo is a service of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA.

To illustrate and advertise our company and the manufacturing services of our products, you will find videos embedded directly on our pages. When you call up one of our Internet pages containing a video, connections are established to Vimeo servers in order to be able to display the video. This results in the transmission of your IP address to the provider. As this is a US service, this involves a third-country transfer for which there is no adequacy decision according to the EU Commission. This may result in increased risks for users, for example if access to user data is made more difficult. We do not have access to this user data. The accountability lies exclusively with Vimeo.

If you have given us your consent for the data processing associated with the integration of the videos, the legal basis is Art. 6 (1) a GDPR. In the absence of consent, we refer to Art. 6 (1) (f) GDPR as the legal basis. We have a legitimate interest in the use of audiovisual media on our websites to improve the quality of our website.

When videos are displayed by Vimeo, the provider establishes further connections to third-party providers over which we have no control. In particular, we cannot prevent Vimeo from processing the information collected in this way for profiling purposes and using it for its own purposes. For example, Vimeo may use Google Analytics to conduct its own usage analyses. Furthermore, Vimeo uses so-called content delivery networks for the optimised provision of content and distribution of bandwidth.

Vimeo also uses cookies that are automatically set when you access our pages. Unless we have received consent from you to do so, these are technically necessary cookies that are required for embedding the videos.

If you have a Vimeo account and are logged in to that account when you view a video, Vimeo may link the information collected to your account. You can prevent this aggregation of information by first logging out of your Vimeo account. In the settings of your Vimeo account, you may also be able to make further configurations, for example, to prevent your Vimeo history from being stored permanently. At this point, we refer you to the provider's data protection information:

http://vimeo.com/privacy

Here, Vimeo provides further information on how data is collected and used via the service and what options you have with regard to exercising your rights and protecting your privacy.

CloudFlare


We use the Content Delivery Network (CDN) of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich Germany (Cloudflare) on our Internet pages to accelerate the loading process of the pages. This establishes connections to servers of the CDN network and transfers your IP address. The legal basis according to Art. 6 para. 1 lit. f GDPR is our legitimate interest in a stable, fast and secure company website. Through the CDN, which consists of servers distributed worldwide, website content can be optimally delivered to the browser of the calling user. In the process, personal data may be processed in server log files by Cloudflare.

Cloudflare is a data processor within the meaning of Art. 28 of the GDPR and is bound by instructions, i.e. without its own interest in the processing of personal data. The storage of personal data by Cloudflare only takes place for as long as it is necessary for the purposes described. Our legitimate interest within the meaning of Art. 6 (1) sentence 1 lit. f GDPR is not to operate our own content delivery network.

Without the associated processing of data, the functionality of the website cannot be guaranteed.

Cloudflare provides further information on how you can exercise your rights to object and erasure vis-à-vis the provider at the following link: https://www.cloudflare.com/de-de/cloudflare-customer-dpa/

Cloudflare Germany GmbH is a subsidiary of Cloudflare, Inc, 101 Townsend St, San Francisco, CA 94107, USA. Accordingly, a transfer of your personal data, which is processed when using our website, to the USA cannot be ruled out. Cloudflare has stated that it has implemented compliance measures for international data transfers based on the EU Standard Contractual Clauses (SCCs). You can find these SCCs at: https://www.cloudflare.com/cloudflare_customer_SCCs-German.pdf

Facebook



We have a company profile on Facebook. We are jointly accountable with Meta Platforms Ireland Limited, based in Dublin, Ireland, for the processing of your data in relation to Facebook. Meta Platforms Ireland Limited is a subsidiary of Meta Platforms Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA.

When you visit our Facebook pages, usage data is collected via Facebook Insights and made available to us anonymously for marketing and analysis purposes.

To ensure that we comply with the requirements of the General Data Protection Regulation (GDPR), we have entered into an agreement with Facebook that governs the obligations of both parties. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

The processing of personal data that takes place in the context of the use of our company profile on Facebook is based on Art. 6 (1) lit. f GDPR. Our legitimate interest is to analyse, promote and sell our products and services.

It may also be the case that the processing is based on the consent of the user pursuant to Art. 6 (1) lit. a GDPR. This consent can be revoked at any time by the user contacting the Facebook operator directly. The corresponding contact form can be found under the following link:
https://www.facebook.com/help/contact/540977946302970. By consenting to the Facebook user agreement, you have also consented to the transfer of various information from Facebook to us.

When you visit our company profile on Facebook, Meta Platforms Ireland Limited, as the operator of the platform in the EU, processes data about you (e.g. personal information, IP address). This data is used to obtain statistical information about the use of our Facebook page.

If you contact us via Facebook, we use the personal data you enter to process your enquiry. As soon as your enquiry has been completed and there are no legal retention obligations (e.g. in the case of subsequent contract processing), we delete your data.

Meta Platforms Ireland Limited also uses cookies when processing the data. If you do not agree to this processing, you can prevent the installation of cookies by setting your browser accordingly. Cookies that have already been saved can also be deleted at any time. The settings for this depend on the respective browser. However, if you prevent or restrict the installation of cookies, this may mean that not all functions of Facebook can be fully used.

For more information on processing activities, how to stop them and how to erase data processed by Facebook, please refer to the provider's privacy policy:

https://www.facebook.com/privacy/policy/

It is not excluded that the processing by Meta Platforms Ireland Limited also takes place via Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025 in the USA.

We, as the operator of the Fanpage, do not make any decision regarding the processing of Insights data and any other information resulting from data subject rights, including legal basis, identity of the data controller and storage period of cookies on user terminals.

Instagram



Our company uses Instagram as part of our marketing strategy to promote our products and services and to communicate with prospects and customers. We are jointly accountable with Meta Platforms Ireland Limited for our presence on this social media platform. When you visit our online presence on Instagram, user data is processed by Meta Platforms Ireland Ltd, operator of the platform in the EU. This data includes, among other things, personal information and the IP address of the user. This data is used for statistical purposes and is also used by Meta Platforms Ireland Ltd. for market research and advertising as well as to create user profiles.

As a company, we process personal data on the basis of our legitimate interest in analysing, communicating, selling and promoting our products and services (Art. 6 para. 1 lit. f GDPR). In some cases, the user's consent may also be required in accordance with Art. 6 para. 1 lit. a GDPR are present. The user can transmit the revocation of this consent to the platform operator at any time (Art. 7 para. 3 GDPR).

If you contact us via Instagram, we use the personal data you provide to process your enquiry. As soon as we have answered your enquiry and there are no legal retention obligations, we delete your data.

Meta Platforms Ireland Ltd. may set cookies when processing your data. However, it is possible to prevent the installation of cookies by setting your browser accordingly. Cookies that have already been stored can be deleted at any time. Please note, however, that restricting or preventing the installation of cookies may mean that not all functions of Instagram can be fully used. You can find more information on this in Instagram's privacy policy.

We have set out the joint accountability with Meta Platforms Ireland Limited in an agreement available at https://www.facebook.com/legal/terms/page_controller_addendum. For more information on the processing activities, how to stop them and how to erase the data processed by Instagram, please refer to Instagram's privacy policy: https://help.instagram.com/519522125107875.

Please note that it is not excluded that the processing of your data also takes place via Meta Platforms, Inc., 1601 Willow Road, Menlo Park, California 94025 in the USA.

LinkedIn



We have a company page on the career platform LinkedIn. The provider of the platform is LinkedIn Ireland Unlimited Company in Ireland, a subsidiary of the LinkedIn Corporation based in the USA. There we can inform about news in our company, present ourselves and get in direct contact with interested parties and business partners. LinkedIn also allows you to use interactive functions such as sharing or commenting on posts or to write direct messages to us.

When you use or access our LinkedIn company page, personal data is processed by us and by LinkedIn. This data includes, among other things, personal information and the IP address of the user. We are joint data controllers within the meaning of the GDPR.

LinkedIn describes in its data protection information how the provider processes personal data and how you can exercise your rights in this regard: https://www.linkedin.com/legal/privacy-policy
Please note that it is not excluded that the processing of your data also takes place via the LinkedIn Corporation based in the USA.

As the operator of our company page on LinkedIn, we receive information through the platform about statistical evaluations that relate to the views of our company page. Unless you are logged into your LinkedIn profile, the data is anonymised so that we cannot draw any conclusions about individual page visitors. However, the statistics help us to continuously improve our company website and make it more attractive.

If you visit our company page while logged into your LinkedIn user account, we can track the visit to our page by your user account. If you do not wish this, you can log out of your user account before you visit our company page.

If you use interactive LinkedIn functions as a logged-in user, these activities are linked to your user account and are processed by LinkedIn. We have no influence on the functionality or visibility of your activities.

As a company, we process personal data on the basis of our legitimate interest in analysing, communicating, selling and advertising our products and services (Art. 6 para. 1 lit. f GDPR). In some cases, the user's consent may also be given in accordance with Art. 6 (1) a GDPR. The user can transmit the revocation of this consent to the platform operator at any time (Art. 7 para. 3 GDPR).

If you contact us via LinkedIn (e.g. by direct message), we process the information received from you for the purpose of responding to your enquiry on the basis of Art. 6 (1) lit. f GDPR. Depending on the enquiry, Art. 6 (1) lit. b GDPR may also serve as a legal basis for us if, for example, you are interested in a position in our company and this therefore involves pre-contractual measures.

As soon as we have answered your enquiry and there are no legal obligations to retain data, we delete your data.

Data processing in the company



We process personal data on the basis of data protection regulations of the General Data Protection Regulation (GDPR) as well as the Federal Data Protection Act (BDSG) and, if applicable, the data protection laws of the individual federal states. The data of the following groups of persons are processed by the respective responsible persons in the company for the fulfilment of tasks.

In detail, this means:

• Customer and prospective customer data are processed for the purpose of implementing and servicing the contractual relationship or the pre-contractual relationship as well as contact enquiries and communication on the basis of Art. 6 para. 1 sentence 1 letter b) GDPR and Art. 6 para. 1 sentence 1 letter c) GDPR.
• Personal data of our suppliers and service providers as well as their employees are processed for the initiation and implementation of our contractual relationships on the basis of Art. 6 (1) sentence 1 letter b) GDPR and Art. 6 (1) sentence 1 letter c) GDPR.
• Employee data is stored for the purpose of establishing, implementing and terminating employment relationships (Art. 88 GDPR, § 26 BDSG).
• Applicant data is stored for the purpose of carrying out the application procedure and deciding on the establishment of an employment relationship (Art. 88 GDPR, § 26 BDSG). Records of unsuccessful applicants are deleted a maximum of six months after the end of the application process.

Storage period


The personal data stored by us will be deleted in accordance with legal requirements. We delete the data as soon as they are no longer required for the purpose of processing, a given consent is revoked or other permissions cease to apply.Data that must still be stored, e.g. for reasons of commercial or tax law, or whose storage is still required for the assertion, exercise or defence of legal claims, will be deleted as soon as this is no longer the case.

Data subject rights


When we process personal data about you, you have the following data subject rights:

• a right of access to the data processed and a right to obtain a copy,
• a right of rectification if we process incorrect data about you,
• a right to erasure, unless exceptions apply as to why we are still storing the data, e.g. retention obligations or limitation periods
• a right to restriction of processing,
• a right to withdraw consent to data processing at any time,
• a right to object to processing in the public or legitimate interest,
• a right to data portability,
• a right of appeal to a data protection supervisor authority if you find that we are not processing your data properly. The State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg is responsible for our company. However, if you are in another federal state or not in Germany, you can also contact the data protection authority there.

Automated decision making


No automatic decision-making or profiling takes place.

data privacy statement