Data Protection

I.        General Information on Data Processing

Thank you for your interest in our website. The protection of your privacy and the security of all business data is very important to us. In the following we provide detailed information about the way we handle your data.

Party responsible in line with art. 4 par. 7 EU General Data Protection Regulation (GDPR)

Schäfer Informatik GmbH
Viersener Straße 11
40549 Düsseldorf

telephone: +49 (0) 211 5065 9780
email: info@schaefer-informatik.de

 

1.       Extent of data processing

We only process the personal data of our users if it is necessary to provide a functioning website including all our content and services. The processing of personal data takes place regularly only if the users agrees to it, except if the user’s consent cannot be obtained in advance but the processing of data is granted by the law.

 

2.       Legislative basis for data processing

In case a user’s consent has been obtained for data processing, art. 6 par. 1 a GDPR serves as legislative basis.

Art. 6 par. 1 b GDPR serves as a legislative basis in case the processing of personal data is used for the fulfillment of a contract with the affected user as one of the contracting parties. That also applies to data processing necessary for the execution of pre-contractual measures.

Art. 6 par. 1 c GDPR serves as a legislative basis in case of compulsory processing of personal data due to a legal obligation.

Art. 6 par. 1 d GDPR serves as a legislative basis in case vital interests of the affected or any other natural party require the processing of personal data.

If data processing is necessary for the pursuit of our company’s or a third party’s valid interest and is not outweighed by the interests as well as basic rights and freedoms of the person affected, art. 6 par. 1 f GDPR is applied.

 

3.       Deletion of data

Data retention can occur if it is required by the European or national legislation. A user’s personal data will be deleted or blocked as soon as the purpose of its storage has been fulfilled. Furthermore, data will be deleted when the usual storage period has been completed. A further storage of data can be granted if it is necessary for a contract closing or performance.

Each time our website is viewed, our system automatically collects data from the user’s computer.

The following data is collected:

  • information about the browser type and the version used
  • user’s operating system
  • user’s internet service provider
  • user’s IP address
  • date and time of access
  • websirtes, from which the user accessed our website
  • websites, that are accessed by the user’s system through our website

The data is also saved in the logfiles of our system. This data is not stored together with a user’s other personal data.

The legislative basis for the temporary storage of data and logfiles is art. 6 par. 1 f GDPR.

 

4.       Purpose of data processing

The temporary storage of the IP address is necessary to provide our website to the user’s computer. For this purpose, the user’s IP address will be saved for the duration of the session.

The data storage in logfiles takes place to guarantee the operability of our website. In addition to that, this data helps us improve our website and ensure the security of our IT systems. An evaluation of data for marketing purposes does not take place.

These aims reflect our justified interest in data processing in accordance with art. 6 par. 1 f GDPR.

 

5.       Storage period

The data is deleted as soon as the purpose of its storage has been served. In case of data storage for the display of our website, data is deleted after the session has ended.

If data storage takes place in logfiles, data is deleted after a maximum of seven days. A further data storage is possible. In this case, the user’s IP address is deleted or changed so that it can no longer be matched to the user.

II.        Usage of Cookies

 

1.      Depiction and extent of data processing

Our website makes use of cookies. Cookies are text files that are stored on the user’s computer by the internet browser. If a user opens a website, cookies can be stored on the user’s operating system. This cookie contains a specific sequence of characters that will allow a clear identification of the browser once the website is opened again.

We use cookies to enhance the user-friendliness of our website. Some elements of our website require an identification of the browser even after the user has switched to a different website.

The cookies store the following data:

  • language settings
  • login information

Moreover, our website uses cookies that allows us to analyze the search behavior of our users. As a result, the following data can be transmitted:

  • entered search words
  • frequency of website viewings
  • usage of the website’s features

The collected data remains anonymous. Therefore, the data cannot be matched to the user. The data is not stored together with other personal data.

Upon opening our website, a pop-up informs the user about the usage of cookies for analytical purposes and refers him to our data protection policy. It is also pointed out the user how they can disable the storage of cookies in their browser settings.

 

2.      Legal basis for data processing

The legal basis for processing of personal data through the usage of technically indispensable cookies can be found in Art. 6 par. 1 f GDPR.

The legal basis for processing of personal data through the usage of cookies for analytical purposes with a user’s existing consent, is Art. 6 par. 1 f GDPR.

 

3.      Purpose of data processing

Technically indispensable cookies facilitate the usage of our website. Some features of our website could not be offered without cookies. These require an identification of the browser, even after the user has switched to another website.

We need cookies for the following features:

  • adaption of language settings
  • storage of search words

The data stored through technically indispensable cookies is not used to create user profiles.

These aims reflect our justified interest in the processing of personal data in line with art. 6 par. 1 f GDPR.

4.      Storage period, options for objection and removal

Cookies are transmitted to us from the user’s computer where they are stored. Therefore, a user has full control over the usage of cookies. A change in your browser’s settings will allow you to deactivate or restrict the cookies used. Cookies that are already saved can be deleted at any time automatically. If the cookies for our website are disabled, it might not be possible anymore to use some of our website’s features.

The transmission of Flash Cookies can only be disabled in your Flash Player settings.

III.            Contact Form and Contact via Email

1.           Depiciton and extent of data processing

Our website contains a contact form that can be used to establish contact electronically. If a user takes up this opportunity, the data entered in the form will be transmitted and saved.

When the message is sent, the following data will also be stored:

  • user’s IP address
  • date and time of registration

In the following, the user will be directed to this data protection statement. The data processing starts when the user gives their consent.

In addition to that, contact can be established via the given email address. In this case, the user’s personal data transmitted via email will be saved.

The data will not be given to third parties. It will only be used to process the conversation.

 

2.       Legal basis for data processing

With the user’s consent on hand, the legal basis for data processing is art. 6 par. 1 a GDPR.

The legal basis for data processing in the context of an email transmission is art. 6 par. 1 f GDPR. If the purpose of contact via email is a contract closing, an additional legal basis is art. 6 par. 1 b GDPR.

 

3.       Purpose of data processing

The processing of personal information entered in the form is only used to carry out further contact.

Additional personal data processed saved is supposed to prevent a misuse of the contact form and ensure the security of our IT systems.

 

4.       Storage period

The data is deleted as soon as it has served its purpose and the conversation with the user is finished. That is the case when the circumstances clearly indicate that a given issue has been resolved.

The additional saved personal data is deleted after a maximum of seven days.

5.       Options for objection and removal

The user can revoke his consent for the processing of personal data at any time. If the user establishes contact with us via email, he can also object to the processing of personal data at any time. In this case, the conversation will not be carried out further. All personal data that was saved for contact support will be deleted.

IV.        Rights of the Person Affected

1.       Right to information

You can demand a confirmation whether your personal data will be processed from the responsible party.

If data processing is taking place, you can inquire the following information:

(1)       the purposes for which your personal data is processed

(2)       the categories of personal data that are processed

(3)       recipients or categories of recipients that have or will be given your personal data

(4)       the planned storage period of your personal data, or the criteria for defining a storage period if a clear statement is not possible

(5)       right to correction or deletion of your personal data, right to objection or restriction of data processing

(6)       right to complaint at a controlling institution

(7)       all available information about the source of data if personal data is not gathered concerning the affected person

(8)       existence of automated decision-making and profiling in line with art. 22 par. 1 and 4 GDPR and information about the logic as well as the significance and consequences of such processing for the affected person

You have the right to inquire whether your personal data is passed on to a third country or international organizations. In this context, you can demand to be informed about the suitable guarantees in line with art. 46 GDPR.

2.       Right to correction

You can demand a correction or completion of your personal data if it is wrong or incomplete. The responsible party will make the according changes immediately.

3.       Right to restriction of processing

You can demand the processing of your personal data to be restricted under the following circumstances:

(1)       if you are arguing the correctness of your personal data and the responsible party is verifying the data

(2)       if the processing of personal data is illegitimate and you want a restriction of processing instead of a deletion of data

(3)       if the responsible party has no use for the personal data, however you need it for the execution or defense of a legal claim

(4)       if you have entered an objection to the processing of data in line with art. 21 par. 1 GDPR but it is not decided yet whether your reasons outweigh those of the responsible party

If the processing of your personal has been restricted, the data can only be processed fully with your consent, for the execution or defense of legal claims, the protection of rights of other natural or juridical parties or in case of an important public interest.

Once a restriction has been enforced due to one of the requirements named above, the responsible party will inform you if this restriction should be removed.

4.       Right to deletion

a)       Duty to delete

You can ask the responsible party to delete personal data und the responsible party will have to do so if one of the following reasons applies:

(1)       The purposes for which the personal data was collected are not valid anymore.

(2)     You revoke your consent for the processing in line with art. 6 par. 1 a GDPR and there is no other legal basis for data processing left.

(3)     You object to the processing of personal data in line with art. 21 par. 1/2 GDPR and there are no other superior reasons for processing.

(4)     Your personal data was wrongfully processed.

(5)     Personal data must be deleted if the responsible party is subject to certain union or state law.

(6)     Your personal data was collected for services provided by the information society in line with art. 8 par. 1 GDPR.

b)       Information for third parties

If the responsible party has published your personal data and is now obliged to delete it in line with art. 17 par. 1 GDPR, they will also take the necessary measures to inform those responsible for the data processing that you have asked for all links to, copies and replicas of your personal data to be deleted.

c)        Exceptions

The right to deletion is not in effect if data processing is necessary for

(1)     the execution of freedom of speech;

(2)     the performance of a legal duty that requires data processing due to union or state law or the fulfilment of a task that is of public interest;

(3)     protecting public interests in the area of public health in line with art. 9 par. 2 h and art. 9 par. 3 GDPR;

(4)     purposes of archiving, creating statistics or scientific and historical research in line with art. 89 par.1 GDPR, if the right named in a) does not seriously hinder the data processing or render it entirely impossible;

(5)     the execution or defense of legal claims.

5.       Recht to be informed

If you have made use of your rights to correction, deletion or restriction of data processing, the responsible party is obliged to inform all recipients of your personal data about your request unless this proves to be impossible or associated with a disproportionate amount of effort. You have the right to be informed about the recipients of your personal data.

6.       Recht to data transfer

You have the right to receive the personal data you provided to the responsible party in a common, structured, machine-readable format. Furthermore, you have the right to transfer the data to another responsible party without any obstruction from the initial one if

(1)     the consent to data processing is based on art. 6 par. 1 a GDPR or art. 9 par. 2 a GDPR or on a contract in line with art. 5 par. 1 b GDPR and

(2)     the data processing is taking place as part of an automated procedure.

You can also ask for your personal data to be transmitted from one responsible party to the other automatically if it is possible from a technical point of view. Freedoms and rights of other persons must not be hurt in the process. The right to data transfer is not in effect if the processing of personal data lies on the public interest.

7.       Right to objection

You have the right to object to the processing of personal data at any time. This also applies to profiling.

The responsible party will not process your data anymore unless they can give reasons outweighing your personal rights and freedoms or the data processing is necessary for the execution or defense of legal claims.

Moreover, you can object to the processing of personal data if it is used for direct advertising. If you object, the data processing will not be used for the purposes of direct advertising anymore.

In context of the services of the information society, you have the possibility to execute your right to objection through automated procedures with technical specifications.

8.       Right to withdrawal of consent to data processing

You can withdraw your consent to the processing of personal data at any time. However, it does not affect the legality of data processing that was taking place up until the point of your withdrawal of consent.

9.     Automated decisions in individual cases including profiling

You have the right not to be subjected to decisions based on an automated data processing, including profiling, which could have legal effects on you. This right is not in effect if the decision

(1)     is necessary for the closing of a contract between you and the responsible party;

(2)     is legitimate due to union or state law;

(3)     is carried out with your clear consent.

However, these decisions can not be based on special categories of personal data in line with art. 9 par. 1 GDPR if art. 9 par. 2 a GDPR is in effect and according measures for the protection of your rights, freedoms and interests have been taken.

The responsible party also carries out the protection of your rights, freedoms and interests in (1) and (3) which include the right to a persons intervention from the side of the responsible party , the right to state one’s own position and the right challenge the decision.

10. Right to complaint at a controlling institution

If believe that the processing of your personal data is not taking place in line with the directives of the GDPR, you have the right to file a complaint at a controlling institution.

The controlling institution will inform you about the status and results of your complaint as well as the possibility for a judicial remedy in line with art. 78 GDPR.