INFORMATION FOR PROSPECTIVE CUSTOMERS (WEBSITE)
regarding the processing of personal data in accordance with Article 13 of the General Data Protection Regulation (GDPR)
Welcome to SCHOTTEL HYDRO.
Thank you for your interest in our website. The protection of your personal data and your privacy is very important to us. The protection of your personal data and the protection of your privacy are very important to us. At this point, we would therefore like to inform you about the processing of your personal data when visiting our website. Of course, we comply with the legal provisions of the European Data Protection Regulation (DS-GVO), the Federal Data Protection Act (BDSG), the Telecommunications Telemedia Data Protection Act (TTDSG) and other data protection regulations.
Please note the explanations/definitions of terms at the end of the text.
You can visit our website anonymously at any time. We respect the freedom of the individual to decide when and for what purpose he or she wishes to provide certain personal information. We do not use any technologies to identify you or create personal profiles!
We collect personal data only to a limited extent and where necessary for the following:
- Provision of our services
- Contract performance (including initiation, conclusion, fulfilment and termination of a contract
- Processing and answering enquiries
- Safeguarding of our operations
- Improvement of our website
- Preventing, detecting and investigating potentially prohibited or illegal activities and asserting our General Terms and Conditions.
To ensure that you are fully familiar with the processing of personal data on our websites, we have compiled this clear and comprehensive information for you. We would like to assure you that we will make every necessary technical and organizational effort to protect your data.
Responsible for the processing of personal data is:
SCHOTTEL HYDRO GmbH
Mainzer Str. 99
Phone: +49 2628 610
Other information: see imprint
2 Types of data and data subjects
When you access our websites, we automatically process data of a general nature. These data, which may be stored (where applicable) in “server log files”, include:
- Your browser type* (type/version)
- Operating system of the accessing computer*
- The domain name of your internet provider (IP address)
- Time of website access
- Referrer URL* (site previously visited)
- And other similar general data (e.g. size of your browser window).
*If necessary, you can disable these data by making the appropriate settings in your system.
These data are used in accordance with Article 6 (1) b) GDPR to provide you with the websites and to display them correctly; they are accessed each time you use the internet.
Furthermore, the data are temporarily stored in accordance with Article 6 (1) f) GDPR for the purpose of fraud prevention and the investigation of attacks on our website if our system detects such attacks. If there is no such case, the respective IP address of the page accesses is only stored permanently in anonymized form.
The remaining (non-personal) data may be processed further for statistical purposes.
As a visitor to our website, you are a data subject as defined by the General Data Protection Regulation.
“Cookies” are small information packages that are stored on your computer by a domain and can only be processed again by this domain. Cookies cannot contain or spread malicious code or start programs.
4 Specific use of data
We observe the principle of data use for specific purposes and process your personal data only for those purposes for which you have provided the data. Your personal data will not be passed onto third parties without your express consent, unless this is necessary for the provision of the service or the execution of the contract. Furthermore, the transfer of data to state institutions and authorities entitled to receive information is only carried out within the scope of the legal obligation to provide information, or if we are obliged to provide information by court order.
We also take our in-house data protection very seriously. We have obligated our employees and the service companies we commission to maintain secrecy and to comply with the provisions of data protection law.
5 Third country
There is no deliberate transfer of personal data to third countries or to international organizations, nor is there any plan to do so. However, when a website is accessed, it cannot be guaranteed that the data will remain within the EU/EEA. Due to the way the internet works, it may be technically possible that a request on the way from you to us or a reply on the way back may be routed via a server in a non-secure third country. This cannot be prevented either. However, since we encrypt the data traffic between your browser and our server (see point 6 below), there is no particular risk here.
6 Data minimization, data economy and data security
In general, it is not necessary for you to provide personal data to use our website. However, in order for us to actually provide our services, we may need your personal data. This applies both to the sending of any information or ordered goods and to replies to individual requests.
If you commission us with the provision of a service or in connection with the sending of goods, we process your personal data in accordance with Article 6 (1) b) DS-GVO in principle only insofar as it is necessary for the provision of the service or the execution of the contract. For this purpose, it may be necessary to pass on your personal data to companies that we use to provide the service or to execute the contract. These are, for example, transport companies or other service providers. If we would like to process your personal data for certain actions or services with your consent (pursuant to Article 6 (1) a) DS-GVO), we will ask you for your express consent at the appropriate place on our website.
Your personal data is encrypted (tap-proof) on all pages with input fields and transmitted over the Internet using TLS/HTTPS (recognizable by the lock symbol in the URL line of the browser). We secure our website and other systems by technical and organizational measures against loss, destruction, access, modification or distribution of your data by unauthorized persons.
7 Making contact
You can contact us in a number of ways.
You may of course send an e-mail to our addresses published on the website. In this case, the personal data transmitted by e-mail will be stored.
If your request relates to a service offered by us, we will process your data on the basis of Article 6 (1)(b) GDPR. All other requests will only be processed on the basis of your consent (Article 6 (1)(a) GDPR).
During e-mail correspondence, it cannot be guaranteed that the data will remain within the EU/EEA. Due to the way the internet works, it may be technically possible that an e-mail on the way from us to you and vice versa may be routed via a server in a non-secure third country. Opt for the postal service if you want to send information confidentially, or encrypt the information/files separately (e.g. in an encrypted zip file) and send the key via another channel (e.g. SMS).
8 Storage period
Your processed personal data will only be stored for as long as it is necessary to fulfil the intended purpose. Once this purpose has been fulfilled, the data will be deleted, unless mandatory retention periods prevent this. In this case, the data will be limited in its processing so that they can only be used for the purpose that requires their retention (e.g. tax audit). Once these retention periods have expired, these data will also be deleted.
9 Profiling and automated decision-making
If we have access to the relevant information, a customer or prospective customer profile may be created in order to provide you with the best possible advice.
For this purpose, we use the following information in particular:
· Your contact data from registrations, requests and orders
SCHOTTEL does not use automated decision-making including profiling* with your personal data. However, we use so-called spam or junk filters in electronic communication to protect our systems. This involves the use of sender, time, content, character set and origin, among other things, to automatically sort out unwanted e-mails. If you feel that your e-mails have not arrived or are being rejected, please contact us via another communication channel (telephone, fax or letter).
* Merging individual data to gain insights into key aspects of personality.
10 Rights of data subjects
Subject to certain conditions or limitations as applicable, you have the following rights:
Right of access:
As a matter of principle, you have the right to request free information regarding:
- Data processed by us
- The processing purposes
- The categories of personal data processed and, where appropriate, the (categories of) recipients to whom the personal data has been or will be disclosed (including, where applicable, appropriate safeguards if the personal data are transferred outside the EU) and
- If possible, the intended duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration
- And if applicable, the origin of the data.
You also have the right to rectification, erasure, restriction of processing, the right of data portability, the right to object and the right to revoke consent at any time. This does not affect the legality of the processing of data up to the time of a revocation/objection. For the declaration of a revocation/objection, you will not be charged in addition to costs incurred by the basic rates. If costs are incurred in exercising the other rights, we shall inform you in advance. You may assert your rights against us via a designated channel (e.g. unsubscribe link) or any other communication channel (see “Controller” above or in the Imprint).
11 Queries regarding data protection and right of complaint
If you have any other queries about data processing on our website or about our processes, please contact the above-mentioned Controller or the Data Protection Officer of SCHOTTEL. You can also contact this person confidentially at Datenschutzbeauftragter(at)schottel.de if you think have a reason for complaint or if you notice a breach of data protection. Thank you very much for your support.
In addition, you have the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for the data controller is the Rhineland-Palatinate State Commissioner for Data Protection and Freedom of Information, P.O. Box 30 40, 55020 Mainz, Germany, e-mail: Poststelle(at)datenschutz.rlp.de, Internet: www.datenschutz.rlp.de
12 Social media platforms
We use a social media platform on Twitter as another way of getting in touch with you. In this case, personal data may also be processed outside the European Economic Area (EEA), but we have no control over this.
We name the (technical) platform operator below. Addresses and other contact details can also be found there, e.g. for requests for information.
As a registered user of this site, this information is also used independently of the respective device. Some of the data uses are permitted or may be justified by a legitimate interest in efficient advertising via a platform used worldwide (Article 6 (1)(f) GDPR). As Twitter determines the technologies used, we have no way of obtaining any necessary consents from you. Further details on this and on your user/data subject rights with the operator can be found in Twitter’s privacy policies.
The social media platform we use is only intended to provide a convenient way of communicating with those users who are already members of this network. It is not necessary and we do not recommend that you become a member of these networks in order to contact us. We also communicate information or special offers on other channels, in particular on our website.
We have concluded a contract with the European subsidiary of the US company for our presence on Twitter. The content of the contract is specified by Twitter. Although it is not necessary for technical or organizational reasons to process the personal data obtained in Europe outside of Europe, Twitter reserves the right to transfer the data to the USA. We have no influence on this.
Since July 2023, the transfer of personal data has been permitted on the basis of the EU-US Data Privacy Framework. At the time this privacy statement was created, Twitter was not certified accordingly. Alternatively, transmission is only possible with your express consent in view of the risks and dangers. Since we do not know or determine the reason for or the scope of the data transmitted in the USA, we cannot obtain any effective consent from you. We therefore ask you to only visit our social media presence or only follow the links there if you have an account with these services yourself.
For the short message service offered on “Twitter”, we use the technical platform and services of X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, is responsible for the data processing of persons living outside the United States.
We would like to advise you that you are solely responsible for using Twitter and its featured functions. In particular, this applies to the use of the interactive functions (e. g. sharing, rating).
Twitter had committed to the principles of the EU-US Privacy Shield, but the certificate was withdrawn. At the time of writing this data protection declaration, Twitter's status with regard to the EU-US Data Privacy Framework, which has been in force since July 2023, is inactive.
We have no control over the type and scope of the data processed by Twitter, how these data are processed and used, or how they are passed on to third parties. We also have no effective means of monitoring these activities.
By using Twitter, your personal data will be processed by X Corp./Twitter and, regardless of your place of residence, will be transferred to, stored and used in the United States, Ireland and any other country where X Corp. does business.
Twitter processes the data you voluntarily enter, such as your name and user name, e-mail address, telephone number or the contacts in your address book if you upload or synchronize it.
Twitter also evaluates the content you share to determine what topics you are interested in, stores and processes confidential messages that you send directly to other users; it can also determine your location using GPS data, wireless network information or your IP address to send you advertising or other content.
For analysis purposes, Twitter may use analytical tools such as Twitter Analytics or Google Analytics. We have no control over the use of such tools by Twitter, nor have we been informed of any such potential use of these. If tools of this type from Twitter are used for our SCHOTTEL HYDRO account, we have not commissioned, approved or otherwise supported this in any way. The data obtained from the analysis are likewise not made available to us. Only certain non-personal information about tweet activity is available to us via our account, such as the number of profile or link clicks via a particular tweet. Furthermore, we have no way of preventing or turning off the use of such tools on our Twitter account.
After all, Twitter also receives information when you view content, for example, even if you have not created an account. This “log data” may include your IP address, browser type, operating system, information about the website and pages you previously visited, your location, your mobile operator, the device you use (including device ID and application ID), the search terms you have used and cookie information.
Options to restrict the processing of your data are available in the general settings of your Twitter account and under the section “Privacy and Security”. Furthermore, you can restrict Twitter access to contact and calendar data, photos, location data, etc., on mobile devices (smartphones, tablet computers) in the device settings. However, this depends on the operating system used.
Other information on these topics is available on the Twitter help pages:
You can find out here how to view your own data on Twitter: help.twitter.com/de/managing-your-account/accessing-your-twitter-data
You can find information about the inferences drawn by Twitter about you here:
Information on the available personalization and data protection settings can be found here (with further references): twitter.com/settings/account/personalization
You can also request information using the Twitter Privacy Form or archive requests:
Data we process
We also process your data.
a) Purpose and legal basis
Data are processed for the purposes of our public relations work in accordance with Article 6 (1)(f) GDPR.
The initial recipient of the data is Twitter, which is responsible for any data that may be passed onto third parties for their own purposes. In addition, the recipient of publications is the public, i.e. potentially everyone.
c) Categories of personal data
We do not collect any data ourselves via our Twitter account and have not integrated any tweets or Twitter analysis/tracking tools into our website.
However, the data you enter on Twitter, in particular your user name and the content published under your account, will be processed by us to the extent that we may retweet or reply to your tweets or write tweets that refer to your account. The data that you freely publish and distribute on Twitter is thus included by us in our online presence on Twitter and made available to our followers.
d) Third country transfer
After the EU-US Data Privacy Framework came into force, this is a suitable legal basis, provided that the company involved is certified accordingly. Another legal basis is your express consent to the transmission of your personal data. You must first be sufficiently informed about the risks of the transmission. SCHOTTEL HYDRO does not initiate such a transfer, nor are we responsible for it.
Regulation (EU) 2016/79 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data (General Data Protection Regulation).
European Free Trade Association: Iceland, Liechtenstein, Norway and Switzerland.
EU-US Privacy Shield:
Terms/procedure agreed between the EU and the US that was the basis for an adequacy decision under Article 45 GDPR. This decision was declared invalid by the ECJ in July 2020 because third parties (US authorities) may (can) access your data without you being aware of it or having adequate legal protection against it. Therefore, a transfer of personal data to the USA on the basis of the EU-US Privacy Shield is no longer permitted.
EU-US Data Privacy Framework:
International data protection agreement agreed between the EU and the USA, which is the basis for the adequacy decision effective since July 2023 pursuant to Article 45 GDPR.
European Court of Justice
European Economic Area: EU, Iceland, Liechtenstein and Norway.
Any information relating to an identified or identifiable natural person [...]; (Article 4(1) of the GDPR).
The [...] legal person [...] who alone or jointly with others determines the purposes and means of the processing of personal data [...]; (Article 4(7) of the GDPR).
The terms used here, as far as they are determined in Article 4 of the GDPR, are used according to the definition there.
Author: SCHOTTEL HYDRO GmbH