Revision date 28.04.2021 Version 1.4
Information on how your personal data is handled
a Initial overview
At the time of collection of their data, we must inform you in a clear, understandable manner about the handling of their personal data. Here you will find a brief overview
- who our company is and how you can contact us or the responsible person; there we provide you with the relevant contact details;
- for what purpose we will use your personal data;
- which categories of personal data we will process from you;
- on which legal basis we process your personal data;
- how long we will retain your personal data;
- who may receive your personal data;
- whether the personal data will be transferred to a country outside the EU;
- the fact that you have basic data protection rights, e.g. related to:
- restricted processing
- data transfer
- objection or
- detailed information on automated decision-making processes.
- In addition, you will find further information on how data from external and internal applicants is handled,
- on the collection and storage of data when visiting our website and our myschwartz customer portal,
- on how data is handled with regard to the use of social media platforms,
- and on how data is handled when video conferences are conducted.
Please remember that personal data is required as part of our corporate work. Without personal data, we are unable to fulfill your requests, support you as a contractual partner, or provide you with information about our activities, our services or our company. Of course, we will only collect the data necessary for this purpose. If we ask for additional data from you, we will inform you of this and point out that this information is voluntary. By the way, we do not carry out any automated decision-making processes.
Data protection has a very high priority for us. Therefore, we would like to inform you clearly and comprehensibly about how we process your personal data – of course in compliance with the applicable legal provisions, such as the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG 2018) and all other relevant data protection regulations. We have defined how we handle personal data in our data protection management system, which is currently under development, and act accordingly.
In addition, you may at any time contact us directly or the responsible data protection supervisory authority (North Rhine-Westphalia State Commissioner for Data Protection and Freedom of Information, P.O. Box 20 04 44 40102 Düsseldorf, Germany, phone: +49 211/384 24-0, fax: +49 211/384 24-999, e-mail: email@example.com, https://www.ldi.nrw.de) and lodge a complaint with them, if necessary.
Contact details of the responsible person
schwartz GmbH (hereinafter: schwartz)
Edison Street 5
52152 Simmerath, Germany
Phone: +49 2473 94 88-10
Fax: +49 2473 94 88-11
Contact details of the Data Protection Officer
Mr. Hans-Jürgen Fellgiebel
Bickerather Str. 3
Which data we process in detail and for what purpose we use it depends on the services you access. Information about the purposes of our data processing can be found in the respective contract documents, forms, declarations of consent as well as in other information provided to you in this context. This data protection information is part of our contract texts, website or other documents that we provide or have provided to you. We primarily process personal data by default for the following purposes:
- applicant management
- employee administration
- order management
- operation of the website and the myschwartz customer portal
- publications on the website, on the myschwartz customer portal and on social media platforms
- management of participants in training programs and at events.
We also process your data in the following cases for the purpose of
- sending (by post, e-mail, etc.) company information, unless you have objected to this
- communication (analog and digital)
- obtaining information from credit agencies
- using your e-mail address for marketing purposes, newsletters
- fulfilling legal requirements, such as tax laws, mandatory insurances, etc.
- fulfilling legal security, control and reporting obligations
- archiving data for security purposes and for fulfilling verification obligations
- disclosure in the context of official/judicial measures
- conducting video conferences.
The categories of personal data that we may process from you are, depending on the services you use, as follows:
- master data (e.g. name, telephone number, e-mail address, address, etc.) of customers (including potential), suppliers and service providers (including potential), data of applicants, participants in training programs and events, other interested parties, as well as other categories of persons associated with the aforementioned persons who may be involved in the context of the respective affiliations (e.g. family members, employees of service providers and/or suppliers, etc.).
- contact data on the aforementioned categories of persons (addresses, telephone numbers, e-mail addresses, etc.)
- transaction data on the aforementioned categories of persons (interests, orders, participation in training programs and events of all kinds, etc.)
- bank account data as well as payment details and, if applicable, creditworthiness
- usage data on websites and customer portals provided by us (IP address, time when pages were accessed, pages visited, etc.)
- consent data, for documenting granted / revoked consents.
If you are in an employment relationship with us, we process your personal data for the purposes of establishing, implementing and terminating the associated contractual relationship based on Art. 6 (1) b in conjunction with Art. 88 GDPR and §26 BDSG 2018.
If we are in another form of contractual relationship, or if we communicate in the context of pre-contractual measures, however, we process your personal data in order to implement related contracts and carry out measures and activities in this context. These processing operations are based on Art. 6 (1) b GDPR.
In addition, we process your data for the following purposes based on the legal grounds listed below:
- customer management (Art. 6 (1) b GDPR).
- supplier management (Art. 6 (1) b GDPR)
- employee administration (Art. 6 (1) c GDPR)
- administration (Art. 6 (1) c GDPR)
- operation of the company’s website and myschwartz customer portal, in particular to provide you with the desired page content you have requested as well as to ensure the necessary security during their operation (Art. 6 (1) f GDPR)
- publication of photos on the website and on the myschwartz customer portal (Art. 6 (1) f and, if applicable, a GDPR), provided you have given us your consent to do so
- market research and opinion polling, unless you have objected (Art. 6 (1) f or Art. 6 (1) a GDPR)
- obtaining information from credit agencies (Art. 6 (1) f GDPR)
- use of your e-mail address for marketing purposes, newsletters (Art. 6 (1) f or Art. 6 (1)a GDPR)
- compliance with legal requirements, such as tax laws, etc. (Art. 6 (1) c GDPR)
- fulfilling legal control and reporting obligations (Art. 6 (1) e GDPR)
- archiving data for security purposes (Art. 6 (1) c GDPR)
- fulfilling obligations to provide evidence (Art. 6 (1) c GDPR)
- disclosure in the context of official/judicial measures (Art. 6 (1) e GDPR).
If we process further personal data about you based on Art. 6 (1) f GDPR – in the sense of balancing interests – we will inform you separately in advance.
We process and store your data only as long as it is necessary for our activities or as long as legal storage obligations (e.g. HGB, AO, etc.) require it. In some cases, this may mean that data is stored for several years.
As a matter of principle, your personal data will only be made available to internal or external recipients who need it to fulfill contractual or legal obligations or to perform their tasks. This means that data will be passed on or disclosed
- to entities that process data as processors or under joint responsibility with us (e.g. HR, legal department, data centers, maintenance, archiving, accounting, data disposal, purchasing, customer administration, marketing, sales, information and communication technology, website administration, auditors, banks, printers, delivery services, logistics, employee representation bodies, etc.).
- in the case of a legitimate interest, to authorities, lawyers, associations, courts, appraisers, credit agencies, debt collection companies, etc.
- to other possible third parties if you have given us your express consent to do so.
We will not pass on your data for any other purpose.
Service providers that we have commissioned in the context of order processing or in the sense of joint responsibility may only use the data for the purposes for which we have passed it on to them. This is contractually regulated, and the same general conditions apply to data processing there as apply with us.
Data transfer outside the EU
You can exercise your data protection rights against us under certain conditions:
- You have the right to receive information about your data stored by us in accordance with the terms of Art. 15 GDPR – if necessary, with restrictions.
- If your data stored by us is inaccurate or incorrect, you may request that it be corrected in accordance with Art. 16 GDPR.
- In compliance with Art. 17 GDPR, you can request that the personal data stored about you be deleted. However, this only applies as long as the deletion does not conflict with any other statutory provisions.
- If the requirements of Art. 18 GDPR are met, you may request that the processing of your data be restricted.
- According to Art. 21 GDPR, you have the right to object to the processing of your data under certain conditions. This means that we must stop processing your data when you exercise this right.
- In certain circumstances, you have the right to demand that we provide you with your personal data under the conditions of Art. 20 GDPR.
- You have the right to revoke any consent given at any time with effect for the future. From this point on, your personal data will no longer be processed for the purposes to which you object. The objection can be made informally.
For instance, if you have given your express consent in accordance with Art. 6 (1) p. 1 lit. a GDPR, we will use your e-mail address to send you our newsletter on a regular basis. You may unsubscribe at any time, for example via the link at the bottom of each newsletter. Alternatively, you are welcome to send your unsubscribe request by e-mail to firstname.lastname@example.org at any time.
As part of the existing contractual relationships with our customers, we send information relating to contracts or services by e-mail to the contact e-mail addresses stored with us as customer information, especially with regard to services. This includes, for example, information on upcoming maintenance and service intervals or current technical information on the products purchased from us. If you do not wish to receive this information, you can notify us at any time by sending an e-mail to email@example.com or by clicking on the unsubscribe link provided in each customer notification. If you would like to specify a different or additional contact from your company to receive the information, please e-mail us at firstname.lastname@example.org.
If you wish to exercise any of the aforementioned rights, please contact us in writing, if possible, at the above-mentioned address of the responsible person (see contact details) or contact us directly by e-mail at email@example.com.
Additional information regarding data from external and internal applicants
Personal data relating to you is generally collected directly from you – for example, as part of the application process – on the basis of Article 26 (1) of the German Federal Data Protection Act (BDSG) as amended on May 25 2018.
In addition, we may also have received data from third parties (e.g. employment websites such as Azubiyo, Indeed, Monster or similar employment agencies).
We may also process personal data that we have permissibly obtained from publicly available sources (e.g. professional social networks).
The categories of personal data processed from applicants include, in particular, your master data (such as first name, last name, name affixes, nationality, personnel number), contact data (such as private address, (mobile) phone number, e-mail address), as well as all application process data (cover letter, resumé, (employment or other certificates, proof of qualifications).
If you have also voluntarily provided other categories of personal data (such as health data, religious affiliation, degree of disability) in the letter of application or in the course of the application process, this data will only be processed if you have given your consent.
We process personal employee and applicant data on the basis of and in compliance with the European General Data Protection Regulation (EU GDPR), the German Federal Data Protection Act (BDSG) and all other relevant regulations governing German labor law (e.g. German General Equal Treatment Act (AGG), German Works Council Constitution Act (BetrVG), German Social Code Book (SGB), etc.).
The primary purpose of processing your personal data as part of the application process is to carry out the application procedure, in particular to determine the extent to which you are suitable for the advertised position. We need to process your applicant data in order to decide whether to enter into an employment relationship with you. The primary legal basis for this is Article 88 GDPR in conjunction with Article 26 (1) BDSG.
10.1 Data transfer:
Within our company, your personal data will only be disclosed to those persons and departments who need it to make decisions about your employment and to fulfill our legal and contractual obligations.
Otherwise, we will only transfer your personal data – e.g. to investigating authorities – if we are legally obliged to do so.
10.2 Data storage period:
Personal applicant data transmitted to us will be deleted as soon as it is no longer required for the above-mentioned purposes; at the latest after 6 months. This does not apply if you have agreed to a longer storage period, if the storage is required for evidence purposes, or if legal regulations prevent deletion. For example, we retain your applicant data for as long as there is a possibility that you will assert legal claims against us, e.g. due to violation of provisions of the AGG.
If, on the other hand, your application leads to the establishment of an employment contract with you, your data will continue to be stored and used for the purposes of the usual administrative and organizational processes and for implementing the employment relationship in compliance with the applicable legal regulations.
10.3 Your rights:
Like all other data subjects, applicants and employees are, of course, entitled to the data subject rights in accordance with Articles 15 to 22 of the GDPR when their personal data is processed by companies.
Additional information on the collection and storage of personal data when visiting our website and using our myschwartz customer portal:
When accessing our website www.schwartz-wba.com and our customer portal www.my.schwartz-wba.com, information is automatically sent to the server of our website and our customer portal by the browser used on your end device. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:
- IP address of the requesting computer,
- date and time of access,
- name and URL of the accessed file,
- website from which the access was made (referrer URL),
- browser used and, if applicable, the operating system of your computer as well as the name of your access provider.
The aforementioned data are processed by us for the following purposes:
- ensuring a smooth connection to the website,
- ensuring the comfortable use of our website,
- evaluation of system security and stability as well as
- for other administrative purposes.
The legal basis for processing data is Art. (1) f GDPR. Art. 6 (1) e GDPR. Our legitimate interest is derived from the purposes of data collection listed above. We will never use the collected data to draw conclusions about your person.
In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we gain direct knowledge about your identity.
We also use temporary cookies to optimize user-friendliness, which are stored on your end device for a specific period of time. If you visit our site again to use our services, the system automatically recognizes that you have already been to our website in the past and which entries and settings you have made so that you do not have to enter them again.
The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests and those of third parties in accordance with Art. 6 (1) p. 1 lit. f GDPR.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, disabling cookies completely may mean that you cannot use all the features of our website.
Cookies are small text files that are stored on your hard drive associated with the browser you are using and through which the entity that sets the cookie (in this case, us) receives certain information. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the use of the Internet generally more user-friendly and effective.
Our website uses the following cookies:
– transient cookies (temporary use)
– persistent cookies (time-limited use)
Transient cookies are automatically deleted as soon as you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests made by your browser can be assigned to the joint session. This enables your computer to be recognized when you return to the website.
Persistent cookies are automatically deleted after a specific period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can configure your browser settings according to your preferences and, for example, refuse to accept cookies. However, we would like to point out that you may no longer be able to use all the features of this website if you do so.
This information is stored separately from any other data transmitted to us. In particular, cookie data is not linked to your other data (e.g. related to contact inquiries or online applications).
11.2 Analysis tools / tracking tools
The tracking measures listed below and used by us are carried out based on Art. 6 (1) p. 1 lit. f GDPR. With the tracking measures used, we want to ensure the needs-based design and the ongoing optimization of our website and our myschwartz customer portal. We also utilize the tracking measures to collect statistics on the use of our website and to evaluate them so that we can optimize our services for you. These interests are to be regarded as legitimate in the sense of the aforementioned regulation.
The respective purposes of data processing and data categories can be found in the corresponding tracking tools.
- a) Google Analytics
For the purpose of designing and continuously optimizing our web pages in line with requirements, we use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter called “Google”). In this context, pseudonymized usage profiles are created and cookies are used (see Section 4). The information generated by cookies about your use of this website, such as
- browser type/version,
- operating system used,
- referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time the server request was made,
and additionally when using the myschwartz customer portal:
- selection of certain services and related time data
- input of search terms and FAQ entries
- download activities
- language changes
- removal or addition of attachments
- tracking requests,
is transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to usage of the website and Internet for the purposes of market research and tailoring these web pages to requirements. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. IP addresses are anonymized to prevent them from being assigned (IP masking).
You may refuse to accept cookies by activating the appropriate settings on your browser; however, please note that if you do this, you may not be able to use all the features of this website.
You can also prevent the collection of data generated by cookies and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting your data by clicking on this link. An opt-out cookie will be set, which prevents the future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.
Further information on data protection in connection with Google Analytics can be found, for example, on the Google Analytics help page (https://support.google.com/analytics/answer/6004245?hl=de).
- b) Google Adwords Conversion Tracking
In order to collect statistics on the use of our website and to evaluate them for the purpose of optimizing our website for you, we also use Google Conversion Tracking. In this process, Google Adwords sets a cookie (see Section 4) on your computer if you have accessed our website via a Google ad.
These cookies lose their validity after 30 days and are not used for personal identification purposes. If the user visits certain pages of the Adwords customer’s website and the cookie has not yet expired, Google and the customer can recognize that the user clicked on the ad and was redirected to this page.
Each Adwords customer receives a different cookie. Cookies can therefore not be tracked via the website tracked by Adwords customers. The information obtained using the conversion cookie is used to create conversion statistics for Adwords customers who have opted for conversion tracking. Adwords customers find out how many users clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
11.3 Comfort features
You can disable the use of these techniques by activating the appropriate settings in your browser. If you do so, you may be unable to use some of the features of our website.
11.4 Webhosting AWS (Amazon Web Services)
For our myschwartz customer portal, we also use services provided by Amazon Web Services EMEA SARL, Luxembourg (https://aws.amazon.com/de/legal/aws-emea#1) to process personal data. In the contract with AWS, only regions located in the EU or the EEA were explicitly named as storage locations. For its part, AWS uses sub-service providers for data processing, in particular Amazon.com Inc. based in Seattle/USA. The list of further sub-service providers used by Amazon.com Inc. can be found under the above link. Consequently, some of the data is processed outside the EU. However, there is an adequate level of data protection for data transfers and processing by or to Amazon.com Inc. in the USA subject to a data protection agreement (so-called EU Standard Contractual Clauses) issued by the EU Commission in accordance with the review procedure pursuant to Art. 93(2) GDPR, which we have concluded with AWS.
You can find out more details about data protection at Amazon Web Services here: https://aws.amazon.com/de/compliance/eu-us-privacy-shield-faq/
12. Collection and storage of personal data when participating in videoconferences organized by us
We use “Jitsi Meet” to organize video conferences. In this context, personal data is used as follows:
When you access the page linked to the video conference in the invitation, we collect data that is technically necessary for us to display the website to you and to ensure that the website functions correctly. In doing so, we collect data that your browser sends to our server (so-called “server log files”):
– date and time of access
– IP addresses
– name of the conference / meeting
All access to Jitsi Meet is stored in log files for a maximum of 5 days and then deleted. In the event of an attack on the website, the above-mentioned data may be exempted from deletion if required as evidence until any illegal act has been clarified.
In accordance with the Jitsi Meet function, video and audio data and – when using the built-in chat function – any text data are transmitted to the other respective users of the same conference (meeting).
Accordingly, the personal data of the users is only collected during the use of Jitsi Meet. This personal data is not stored on the server.
13. Online presence on social media platforms
We have an online presence on social networks and platforms such as Xing, LinkedIn, Facebook, Instagram and YouTube in order to communicate with customers, interested parties and users who are active there, and to inform them about our services and in general about data protection. As regards the operation of these online presences, we are jointly responsible with the aforementioned providers.
We would like to point out that LinkedIn, Facebook, Instagram and YouTube in particular may process user data outside the European Union. This may result in risks for users because, for example, it could make it more difficult for users to exercise their rights.
Furthermore, user data is generally processed by the platforms for market research and advertising purposes. For instance, usage profiles can be created from the usage behavior and resulting interests of users. The usage profiles can in turn be utilized, for example, to place advertisements on these and other sites that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the users’ computers to record their usage behavior and interests. Furthermore, data independent of the devices employed by the users may also be stored in the usage profiles (especially if the users are members of the respective platforms and are logged in to them). schwartz GmbH does not gain access to any of the actual usage data. We only use general usage statistics to check the effectiveness of usage.
The processing of users’ personal data is based on our legitimate interests in effectively informing and communicating with users in accordance with Art. 6(1) f. GDPR. If users are asked by the respective providers to agree to T&Cs for which the data processing is required, the legal basis of the processing is Art. 6 (1) b., Art. 7 GDPR.
For a detailed description of the respective processing and the options to object (opt-out), we refer to the information supplied by the providers in the links below.
Also when requesting information and exercising user rights, we point out that these can be most effectively asserted with the providers. Only the providers have access to user data and can take appropriate action and provide information directly. If you still need help, please feel free to contact us.
14. Rights of use of data disclosed in Legal Notice
We expressly object to the use of our contact data, published herein as part of our legal disclosure obligation , by third parties for the purpose of sending unsolicited advertising and information material.
We expressly reserve the right to take legal action if unsolicited advertising information, such as spam mail, is sent to us.