Privacy Policy

We, Schülke & Mayr GmbH, as headquartes of the schülke group, operate the following social media sites:

- Facebook: https://www.facebook.com/myschulke/
- XING: https://www.xing.com/companies/sch%C3%BClke%26mayrgmbh
- LinkedIn: https://www.linkedin.com/company/schulke-&-mayr/
- YouTube: https://www.youtube.com/user/schuelkeChannel

You can find our contact details in the imprint.

In addition to us, the respective operator of the social media platform is also responsible for processing your personal data. As far as we can influence this and parameterize the data processing, we work within the scope of the possibilities available to us to ensure data protection-compliant handling by the operator of the social media platform. In this context, please also note the privacy policies of the respective social media platform.

The data you enter on our social media sites, such as user names, comments, videos, pictures, likes, public messages, etc., are published by the social media platform and are never processed by us for other purposes. We only reserve the right to delete content if this is necessary. Where appropriate, we will share your content on our site, if this is a function of the social media platform, and communicate with you via the social media platform.

If you send us a request on the social media platform, we may also refer you to other, secure communication channels that guarantee confidentiality, depending on the content. For example, you have the option at any time to send us your inquiries to the address given in the imprint or via our contact form. It is your own responsibility to choose the appropriate communication channel.

The legal basis for processing your data is Art. 6 Para. 1 S. 1 lit. f GDPR. The data processing takes place in the legitimate interest to conduct public relations for our company and to be able to communicate with you.

We also use our social media sites to carry out special campaigns, e.g. competitions or registration for online events. In this context, we only process the personal data that is absolutely necessary for participation or determining the winner and that you provide to us voluntarily. This includes your first and last name or your social media profile name, your email address and, if applicable, the content of your comments. In case of further measures resulting from the participation, e.g. the delivery of the prize or answering your questions, we would contact the transmitted email address and request further necessary data. In addition, the processing of your personal data set out in this privacy policy may take place in the context of visiting our social media account. 

The legal basis for processing your data is your consent pursuant to Art. 6 Para 1 S. 1 lit. a GDPR. You have the option at any time to object to the processing of your personal data in the context of these actions for the future. In this case, you will no longer be able to participate in the promotion. All personal data stored for this purpose will be deleted in this case, at the latest 6 months after the end of the promotion, unless there are legal obligations to keep records. Comments that you leave on the social media platform in this context can be deleted by yourself at any time.

Some social media platforms create statistics that are created on the basis of usage data and contain information about your interaction with our social media site. We cannot influence or prevent the implementation and provision of these statistics. However, we do not use optional statistics from the social media platform.

We process this information in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR in the legitimate interest of validating the use of our social media sites and improving our content in a target group-oriented manner.

In addition, we can occasionally use the social media platforms described to display targeted advertising. In this case, we use target group definitions that are made available to us by the social media provider. We only use anonymous target group definitions - we define characteristics, for example, on the basis of general demographic information, behavior, interests and connections. The operator of the social media platform uses these to display advertisements accordingly to its users. The legal basis for this is the consent that the operator of the social media platform has obtained from its users. If you want to revoke this consent, please use the revocation options provided by the provider of the social media platform, as the social media platform operator is responsible for this processing. Occasionally we or the provider of the social media platform also use publicly available data to define target groups. The legal basis for this processing is then Art. 6 Para. 1 S. 1 lit. f GDPR. The legitimate interest on our part is to define a target group that is as suitable as possible. We never use sensitive categories of personal data, which are mentioned in Art. 9 and 10 GDPR, to define target groups.

We do not use targeting based on location data. We do not pass on any personal data within the scope of the target group definition to the operator of the social media platform.

Occasionally we also use information about visits to or interaction with other sites (so-called remarketing) to define target groups. For this we use, among other things, also cookies. In these cases, however, we obtain the consent of the users in advance on the respective other sites via a consent banner and at this point provide information about the data processing. You can revoke this consent at any time by calling up the consent banner on the relevant website again.

If you would like to object to certain data processing over which we have an influence, please refer to the contact details given in the imprint.

We delete your personal data when it is no longer required for the aforementioned processing purposes and there are no statutory retention requirements to prevent deletion.

The operator of the social media platform uses web tracking methods. The web tracking can also take place regardless of whether you are logged in or registered with the social media platform.

We would therefore like to point out that it cannot be ruled out that the provider of the social media platform will use your profile and behavioral data to evaluate your habits, personal relationships, preferences, etc. In this respect, we have no influence on the processing of your data by the provider of the social media platform, so that you use the social media platform at your own risk.

You can find more detailed information on data processing by the provider of the social media platform, configuration options to protect your privacy and other options for objection and, if available and concluded, the agreement pursuant to Art. 26 GDPR in the provider's privacy policy:

- Facebook: https://www.facebook.com/about/privacy und
https://www.facebook.com/legal/terms/page_controller_addendum
- XING: https://privacy.xing.com
- LinkedIn: https://www.linkedin.com/static?key=privacy_policy und
https://legal.linkedin.com/pages-joint-controller-addendum
- YouTube: https://www.youtube.com/privacy

As a website user, you have the option of asserting the following rights towards us as well as towards the provider of the social media platform if the requirements are met:

Right of access (Art. 15 GDPR)
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case to obtain access to the personal data and the information specified in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, if necessary, the right to have incomplete personal data completed.

Right to erasure (Art. 17 GDPR)
You have the right to obtain an erasure of the personal data concerning you without undue delay, if one of the reasons listed in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)
If one of the conditions set forth in Art. 18 GDPR applies, you shall have the right to restrict the processing of your data to mere storage, e.g. if you revoke consent, to the processing, for the duration of a possible examination.

Right to data portability (Art. 20 GDPR)
In certain situations, listed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or demand a transmission of the data to another third party.

Right to object (Art. 21 GDPR)
If the data is processed pursuant to Art. 6 para. 1 s. 1 lit. f GDPR (data processing for the purposes of the legitimate interests), you have the right to object to the processing at any time for reasons arising out of your particular situation. We will then no longer process personal data, unless there are demonstrably compelling legitimate grounds for processing, which override the interests, rights and freedoms of the person concerned, or the processing serves the purpose of asserting, exercising or defending legal claims.
If the data is processed on the basis of legitimate interest for the purpose of direct advertising, you have your own right of objection, which you can assert at any time without giving reasons and the exercise of which leads to the termination of the processing for the purpose of direct advertising.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider the processing of the data concerning you infringes data protection regulations. The right to lodge a complaint may be invoked in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement.

Asserting your rights
Unless otherwise described above, please contact the office named in the respective imprint to assert your rights.

The controller responsible for the described data collection and processing is named in the imprint.

We collect and process personal data in accordance with the legal basis of Art. 6 Para. 1 S. 1 General Data Protection Regulation (GDPR), in particular on the following bases:

the data subject has given consent to the processing of his or her personal data for one or more specific purposes (right of withdrawal see "Your rights as a data subject"); 

the processing of your personal data is necessary to carry out pre-contractual measures that precede a contractually regulated business relationship or to fulfill the obligations arising from a contract concluded with you. This can include, for example, the processing of purchase orders, deliveries or payments, or the preparation and answering of requests for quotations from individuals, to determine the establishment or conditions of a contractual relationship;

processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. tax, commercial and foreign trade or sanctions law); 

the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. The legitimate interests are in particular the conclusion or implementation of contracts and other business relationships with our business partners, suppliers or interested parties for whom you may act as a representative or as an employee. Furthermore, legitimate interests are internal administrative purposes (e.g. for accounting) or to ensure IT security and IT operations as well as to carry out compliance investigations, to guarantee building and system security or to assert, exercise or defend of legal claims (right to object see "Your rights as a data subject").

Regarding any data processing in detail:

If we receive your business or private e-mail address or postal address in connection with our business relationship through consulting or the sale of a product or service, we can use this address for direct advertising for our own similar products or services, provided you have not objected to the processing. When collecting your address and every time it is used, we clearly point out that you can object to its use at any time without incurring any costs other than the transmission costs according to the basic tariffs.

It is used on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR and in the interest of promoting the sale of our goods or services. If you do not want direct mail, you can object to data processing for this purpose by contacting the office named in the imprint. If we are not allowed to process your data on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR, we will only do so on the basis of your previously declared voluntary consent (right of withdrawal see "Your rights as a data subject").

We process your data that you transmit to us in connection with the establishment of contact via contact form, telephone, fax, e-mail or post mail exclusively to process your request.

Depending on the content of your request, the legal basis here is, among other things, Art. 6 Para. 1 S. 1 lit. f GDPR. Our legitimate interest follows from the aforementioned purpose of processing and answering your request. If your request is aimed at the conclusion of a contract, the legal basis for processing can also be Art. 6 Para. 1 S. 1 lit. b GDPR.

If your contact is aimed at concluding a contract with us or if we already have a business relationship with you, we do not delete your data immediately, but may store it in our (CRM) system until the contractual and/or legal obligations have been fulfilled respectively a business relationship no longer exists and legal retention periods do not prevent deletion.

We process your personal data respectively personal data of the contact persons of your company in the context of consulting and the sale respectively purchase of goods and services for the purpose of performing pre-contractual measures and fulfilling the contract as well as for the continuous business relationship. The legal basis for this is Art. 6 Para. 1 S. 1 lit. b GDPR resp. Art. 6 Para. 1 S. 1 lit f GDPR. We process the following categories of data:

• Master data (e.g. surname, first name, address, position)
• Contact data (e.g. telephone/fax number, e-mail address)
• Communication data (e.g. call/consultation logs, offers)
• Contract/banking data (e.g. subject matter of contract, contract history, bank details)

The purpose of the processing of the aforementioned personal data is the initiation, implementation and fulfillment of the respective contractual relationship, the organisation and implementation of binding consultation appointments as well as our legitimate interest in maintaining an active business relationship with you (for the right to object in the event of data processing based on Art. 6 Para 1 S. 1 lit. f GDPR, see "Your rights as a data subject").

Your personal data as well as the personal data of the contact persons of your company will be deleted as soon as they are no longer required for achieving the purpose for which they were collected, i.e. when the contract on which the order is based has been fulfilled and all claims from the contractual relationship are statute-barred or there are no longer any statutory retention periods. In the case of continuous business relationship, we will delete your personal data (contact details of the contact person) if there is finally no longer interest in a continuous relationship and a business contact over a certain period of time no longer exists or your part has declared a corresponding objection to data processing, at the latest however after 10 years.

To conduct online meetings and events or job interviews via telephone / video conferences (hereinafter: "Online Meetings"), we use the tool "Teams" of the US provider Microsoft Corporation. For special event livestreams, the platform of the US providers Vimeo.com, Inc. or Zoom Video Communications, Inc. can also be used.

The processing of your data takes place on the basis of Art. 6 Para. 1 S. 1 lit. b GDPR, if your participation as an external participant ("guest") in the Online Meeting is necessary for the fulfillment of a contract concluded with you or for the implementation of pre-contractual measures or on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR in our legitimate interest of maintaining location-independent communication, the maintenance of business contacts and the provision of services owed. If you also voluntarily provide information about yourself when using the tool or voluntarily use functions that are not absolutely necessary, the associated data processing will take place on the basis of your revocable consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future (for the right to object see "Your rights as a data subject"). Please note that processing carried out before the revocation is not affected.

Depending on the type and scope of use of the tools, different types of data are collected or processed. This includes in particular

• Information about your person (e. g. first and last name, e-mail address, profile picture),
• Meeting metadata (e. g. date, time and duration of communication, participant IP address, MAC address, other device IDs (UDID), device type, operating system type and version, client version, camera type, microphone or speaker, type of connection),
• Text, audio and video data (e. g. chat histories, video and audio playback),
• Connection data (e. g. phone numbers, country names, start and end times, IP addresses).

If you participate in an Online Meeting as an external participant ("guest"), you will receive an access link from the host (schülke) by e-mail or calendar entry. For some online meetings, prior registration is also required (see registration forms). You can join Online Meetings directly from the browser without installing the apps. The service is then provided via the website by the respective service provider, who is responsible for data processing as the provider. You are free to use the chat functions during the Online Meeting. Likewise, you can decide whether to activate your camera and/or microphone or to leave it off. If you use the chat function, the text entries you make will be processed in order to display them in the Online Meeting and, if necessary, to log them. When you turn on your camera or microphone, the data from your device's microphone and any video camera from your device will be processed for the duration of the meeting.

Please note that pseudonymised participation is only possible for event livestreams. For other online meetings, your personal details are visible to all other participants and any information that you or others upload, provide or create during an Online Meeting will be processed for the duration of the meeting and will remain stored even after the end of the Online Meeting. There is no possibility of central deletion of the Online Meeting by the host. We therefore recommend that you as a participant do not use the chat function if you want to prevent storage in the Online Meeting.

In certain circumstances, we may record individual Online Meetings (primarily events) for the purpose of documentation or further publication afterwards. Both the audio track and the camera view of the participants can be recorded. You are free to activate the camera and microphone. Before the start of the recording, we will inform you of this and of the intended place of publication, if applicable. By continuing to participate under the settings you have selected, you hereby declare your consent to the recording and further use. If you participate without activating the camera and/or microphone, none of your personal data (except for your username or pseudonym) will be recorded. You can then also place questions via the chat. The chat content is not part of the recording. If the recording is published on the Intranet or Internet, we would like to point out that it will then be accessible worldwide and at any time and can be found with search engines and linked to other information. In principle, therefore, any information that is placed on the Internet can be copied and redistributed without any problems. A revocation of your consent with effect for the future is possible, provided that it is technically possible to remove your personal data from the recording (right of withdrawal see "Your rights as a data subject").

In the processing of your data the following external service provider and processor within the meaning of Art. 28 GDPR support us:

• Microsoft Corporation for the use of "Teams"; for further information please refer to: https://docs.microsoft.com/en-us/MicrosoftTeams/teams-privacy 
• Vimeo.com, Inc. for event livestreams; for further information please refer to: https://vimeo.com/privacy
  
• Zoom Video Communications, Inc. for event livestreams; for further information please refer to: https://explore.zoom.us/en/privacy

We are regularly active at exhibitions, congresses and other events as exhibitor and occasional organizer. During planning, implementation and follow-up, we process personal data if you are already in an active business relationship with us or if such a relationship is in the offing. In doing so, we process your personal data required in each case, e. g. in the context of registration for the event, on the basis of your participation in competitions or surveys offered by us and/or on the basis of personal contact or consultation.

If you register for one of our exclusive, possibly participant-limited events, your data will be processed on the basis of Art. 6 Para. 1 S. 1 lit. b GDPR for the purpose of planning and carrying out the event and, if necessary, issuing a proof of participation. An individual approach in the run-up to or after the event (e. g. as part of feedback or information about other similar events) is based on our legitimate interest in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR. We process further voluntarily provided data on the basis of your consent in accordance with Art. 6 Para. 1 S. 1 lit a GDPR.

In the case of freely accessible marketing events that are purely informational and at which, for example, no proof of participation is issued, we process the data required for this (names, contact details) on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR in the interest of providing information about our products or services. We process further voluntarily provided data on the basis of your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR.

The legal basis for participation in competitions and surveys is Art. 6 Para. 1 S. 1 lit. a GDPR. Contact requests are processed on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR. The purpose of the processing of your personal data is the execution and fulfilment of the respective activities as well as our legitimate interest in establishing or maintaining an active business relationship with you (information on your rights can be found under "Your rights as a data subject").

For the purpose of documentation or further publication afterwards, we can create photo and video recordings and record individual events or lectures. The focus of the camera view is primarily on the speaker and not on individual participants, whereby the audio track of individual participants can be recorded, provided that an active contribution emanates from them. Before the start of the event, we will inform you of the recordings and intended publication locations, if any. If possible, we will also set up recording-free areas at the venue. By registering to participate in our events, you hereby declare your consent to the possible recording and further use. If the recording is published on the intranet or Internet, we would like to point out that it will then be accessible worldwide and at any time and can be found with search engines and linked to other information. In principle, therefore, any information that is placed on the Internet can be copied and redistributed without any problems. A revocation of your consent with effect for the future is possible, provided that it is technically possible to remove your personal data from the recording (right of withdrawal see "Your rights as a data subject").

When you visit us at our headquarters, e.g. as part of an event, work meeting or service delivery, registration is required to ensure a smooth visit. Our employees are required to register visitors in advance. In the course of this, you will receive an e-mail to the known e-mail address previously provided to us, which will give you access to the visitor management system in order to complete your details and confirm any necessary information (e.g. house rules) in advance. Your first and last name as well as your e-mail address and, if applicable, your license plate number is mandatory data for visitor registration. Further information is marked as voluntary or optional. During your visit, you can then check in digitally via QR code and receive a corresponding visitor badge that legitimizes your access.

We process your data received in this context on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR in the legitimate interest of reliably carrying out access controls to our locations and implementing our obligations to ensure secure data processing in accordance with Art. 32 GDPR. If you provide further voluntary information about yourself during registration, the associated data processing will be carried out on the basis of your revocable consent in accordance with Art. 6 Para. 1 S. 1 lit a GDPR. You can revoke your consent at any time with effect for the future (for the right to object see "Your rights as a data subject"). 

Usually, your data will be deleted no later than 4 weeks after your visit. For regularly returning visitors, it is possible to give us consent for a longer storage, so that in this case your data will only be deleted after one year or the period specified in the consent. If an event occurs that requires the data to be stored for a longer period of time in order to fulfil the purpose of visitor management, such as a data protection or other security incident, etc., your data will be stored for the period for which it is required and then deleted immediately.

As part of our visitor management, we use a system of an external service provider (unival Group GmbH, Germany), which supports us as a processor bound by instructions in accordance with Art. 28 GDPR.

Unless we have already informed you in detail about the storage period, we delete personal data when it is no longer required for the aforementioned processing purposes, you have revoked your consent to data processing and there are no statutory retention requirements to prevent destruction/deletion.

We pass on your personal data within our company to the areas and persons who need this data to fulfil the respective purpose. Insofar as this is necessary within the scope of the purposes set out above, we may also transfer your personal data to companies affiliated with us.

Your data will not be passed on to third parties, i. e. outside the schülke group, or only if this is permitted under data protection law, e.g. to specialist/wholesalers or distribution partners, if this is necessary for the purpose of fulfilling the contract. 

We can also pass on your data to external service providers (a. o. providers for IT service, marketing, sales, data and document destruction) who support us with data processing in the context of order processing, strictly bound by instructions and on the basis of an order processing contract. We make sure that the data processing is limited as far as possible to within the European Union (EU) or the European Economic Area (EEA), e. g. by selecting storage locations on corresponding data centers in the European Union. Should data be processed or transferred to service providers outside the EU or EEA (e. g. the U.S.), the transfer will only take place if the EU Commission has confirmed an appropriate level of data protection for the third country, an appropriate level of data protection has been agreed with the data recipient (for example by means of standard contractual clauses) and further measures required to ensure an adequate level of data protection have been taken or you have given us your consent in accordance with the requirements of Art. 49 Para. 1 S. 1 lit. a GDPR.

As a data subject, the GDPR grants you certain rights when processing your personal data.

Right of access (Art. 15 GDPR)
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case to obtain access to the personal data and the information specified in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)
You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, if necessary, the right to have incomplete personal data completed.

Right to erasure (Art. 17 GDPR)
You have the right to obtain an erasure of the personal data concerning you without undue delay, if one of the reasons listed in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)
If one of the conditions set forth in Art. 18 GDPR applies, you shall have the right to restrict the processing of your data to mere storage, e.g. if you revoke consent, to the processing, for the duration of a possible examination.

Right to data portability (Art. 20 GDPR)
In certain situations, listed in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or demand a transmission of the data to another third party.

Right of withdrawal (Art. 7 GDPR)
If the processing of data takes place on the basis of your consent, you are entitled according to Art. 7 Para. 3 GDPR to revoke your consent to the use of your personal data at any time. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected.

Right to object (Art. 21 GDPR)
If the data is processed pursuant to Art. 6 Para. 1 S. 1 lit. f GDPR (data processing for the purposes of the legitimate interests), you have the right to object to the processing at any time for reasons arising out of your particular situation. We will then no longer process personal data, unless there are demonstrably compelling legitimate grounds for processing, which override the interests, rights and freedoms of the person concerned, or the processing serves the purpose of asserting, exercising or defending legal claims.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider the processing of the data concerning you infringes data protection regulations. The right to lodge a complaint may be invoked in particular in the Member State of your habitual residence, place of work or the place of the alleged infringement.

Asserting your rights
Unless otherwise described above, please contact the office named in the imprint to assert your rights as a data subject.

Please contact our data protection officer if you have any further questions, suggestions or wishes regarding data protection:

datenschutz nord GmbH
Sechslingspforte 2
22087 Hamburg 
Germany
www.dsn-group.de
schlkdtnschtz-nrdd 

If you contact our data protection officer, please also indicate the responsible body that is named in the imprint.