The following data privacy statement applies to use of our website at www.scheppach.com
We place a high degree of value on data protection. Your personal data are collected and processed in accordance with applicable legal data protection regulations, especially the General Data Protection Regulation (GDPR).
1. Controller
The controller responsible for collection, processing, and use of your personal data as defined by Art. 4 No. 7 of the GDPR is
Scheppach GmbH
Günzburger Str. 69
D-89335 Ichenhausen, Germany
Telephone: +49 (0)8223/4002-99
Telefax: +49 (0)8223/4002-20
datenschutz@scheppach.com
www.scheppach.com
If you wish to object to collection, processing, or use of your data by us in whole or part in accordance with the data protection regulations, you may submit your objection to the controller.
You may save and print this data privacy statement at any time.
2. General purposes of processing
We use personal data for the purpose of operating the website www.scheppach.com
3. Which data do we use and why
3.1 Hosting
The hosting services utilised by us are used to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purposes of operating this website.
In this case, we process or our hosting provider processes inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties, and visitors of this website on the basis of our justified interests in efficient and secure provision of our website according to Art. 6 Para. 1 S. 1 f) of the GDPR in conjunction with Art. 28 of the GDPR.
3.2 Access data
We collect information about you when you use this website. We automatically collect information about your usage behaviour and your interaction with us, and register data about your computer or mobile device. We collect, save and use data about every access to our website (known as server log files). Access data includes:
- Name and URL of the file accessed
- Date and time of access
- Data quantity transferred
- Notification of successful access (HTTP response code)
- Browser type and browser version
- Operating system
- Referrer URL (i.e. the previously visited page)
- Websites that are accessed via the user’s system via our website
- Internet service provider of the user
- IP address and the requesting provider
We use this log data without assignment to you personally or other profile creation for statistical evaluation for the purpose of operating, securing, and optimising our website, but also for anonymous collection of the number of visitors to our website (traffic), as well as the scope and type of use of our website and services, and for billing purposes, i.e. to measure the number of clicks received by cooperation partners. On the basis of this information, we are able to provide personalised, location-based content, and analyse data traffic, look for and correct errors and improve our services.
This also represents our legitimate interest in accordance with Art 6 Para. 1 (f) of the GDPR.
We reserve the right to check log data retroactively if concrete suspicions indicate suspected illegal use. We save IP addresses for a limited period in the log files if this is required for security purposes, for the provision of services or billing a service, e.g. if you use one of our services. After cancelling the ordering process or payment receipt, we delete the IP address once this is no longer needed for security purposes. We also save IP addresses if we have concrete suspicions of a crime in connection with use of our website. As part of your account, we also save the date of your last visit (e.g. during registration, login, clicking on links, etc.).
3.3 Cookies
We use session cookies to optimise our website. A session cookie is a small text file that is sent by the respective server when a website is visited, and saved temporarily on your hard drive. This file as such contains a session ID, which is used to assign the same session to different requests by your browser. This enables your computer to be recognised again if you return to the website. These cookies are deleted after you close your browser. They are used so that you can enjoy the shopping cart function even after you have visited other websites.
To a small degree, we also use persistent cookies (these are also small text files that are stored on your consumer device), which remain on your consumer device and enable us to recognise your browser during your next visit. These cookies are saved on your hard drive and delete themselves automatically after the specified time. Their life span ranges from 1 month to 10 years. They enable us to present our services in a more user-friendly, effective, and secure way, and to display information on the page selected especially according to your interests, for example.
Our legitimate interest in the use of cookies according to Art 6 Para. 1 (f) of the GDPR is based on making our website more user-friendly, effective, and secure.
These cookies may also save the following data and information:
- Log-in information
- Language settings
- Search terms entered
-
Information about the number of access requests to our website, and use of the individual functions of our website.
When the cookie is activated, it will be assigned an identification number, but personal data will not be assigned to this identification number. Your name, your IP address, or similar data that could enable assignment of the cookie to you will not be saved in the cookie. On the basis of this cookie technology,we shall only receive pseudonymised information, e.g. with regard to which pages of our shop have been visited, which products were viewed, etc.
You can use your browser to specify that you are informed before cookies are set and, in individual cases, you can decide whether you want to accept cookies for certain cases or reject them in general, or if cookies should be prevented completely. This could limit the functionality of the website.
3.4 Data required to fulfil our contractual obligations
We process personal data that we require to fulfil our contractual obligations, e.g. name, address, e-mail address, products, billing and payment data. Collection of this data is required for contract completion.
Data is deleted after warranty periods and legal retention periods have elapsed. Data that are connected with the user account (see below) shall always remain to manage this account.
The legal basis for processing this data is Art. 6 Para. 1 (b) of the GDPR, since this data is required for us to fulfil our contractual obligations towards you.
3.5 Use of PayPal
All PayPal transactions are subject to PayPal’s data privacy statement. This is available at https://www.paypal.com/de/webapps/mpp/ua/privacy-prev
3.6 User account
You may create a user account on the website. If you wish to do this, we require the personal data requested from you during log-in. When logging in later, only your e-mail or your user name and the password selected by you are required.
In case of a new registration, we collect your essential data (e.g. name, address), communication data (e.g. e-mail address), payment data (bank information), and access data (user name and password).
In order to ensure proper registration and to prevent unauthorised registration by third parties, you will receive an activation link via e-mail after registration to activate your account. We will only save the data provided by you permanently in our system after successful registration.
You may have a user account that has been created deleted by us at any time without any additional costs beyond regular communication costs according to the basic rates. A message in text form sent to the contact data indicated in point 1 (e.g. e-mail, fax, letter) is sufficient for this. We shall then delete your saved personal data, provided this is not saved for processing orders or saved on the basis of legally required retention obligations.
The legal basis for processing this data is provided by your consent in accordance with Art. 6 Para. 1 (a) of the GDPR.
3.7 Newsletter
To register for the newsletter, the data requested during the registration process are required. Registrations for the newsletter are logged. After registration, you will receive a message to the e-mail address provided, which will request that you confirm your registration ("double opt-in"). This is required to prevent third parties using your e-mail address.
You may withdraw your consent to receive the newsletter at any time, therefore unsubscribing from the newsletter.
We shall save this registration data for as long as it is required for sending the newsletter. Logging the registration and the receiving address are saved for as long as interest in proving the original consent is present, which normally corresponds to the limitation period for civil claims, i.e. a maximum of three years.
The legal basis for sending the newsletter is your consent according to Art. 6 Para. 1 (a) in conjunction with Art. 7 of the GDPR and in conjunction with Section 7 Para. 2 No. 3 of the Act against Unfair Competition (UWG). The legal basis for logging registration is provided by our legitimate interest in proving that sending was performed on the basis of your consent.
You may withdraw your consent at any time without any additional costs beyond regular communication costs according to the basic rates. A message in text form sent to the contact data indicated in item 1 (e.g. e-mail, fax, letter) is sufficient for this. Naturally, every newsletter includes an unsubscribe link.
3.8 Product recommendations
We shall send you regular product recommendations via e-mail, independent of the newsletter. In this way, we shall provide you with information about products from our range that could interest you on the basis of your previous purchases or use of other services. In this case, we shall strictly adhere to legal regulations. You may object to this at any time without any additional costs beyond regular communication costs according to the basic rates. A message in text form sent to the contact data indicated in item 1 (e.g. e-mail, fax, letter) is sufficient for this. Naturally, every e-mail includes an unsubscribe link.
The legal basis for this is provided by your legal consent in accordance with Art. 6 Para. 1 (f) of the GDPR in conjunction with Section 7 Para. 3 of the UWG.
3.9 E-mail contact
If you contact us (e.g. via the contact form or e-mail), we shall process your information to respond to your request and in case of follow-up questions.
If data processing is necessary to complete pre-contractual measures resulting from your request, or if you are already a customer, in order to complete the contract, the legal basis for this data processing shall be Art. 6 Para. 1 (b) of the GDPR.
Further personal data will only be processed by us if you provide us your consent (Art. 6 Para. 1 (a) of the GDPR) or we have a legitimate interest in processing your data (Art. 6 Para. 1 (f) of the GDPR). A legitimate interest is present, for example, in answering your e-mail.
4. Google Analytics
We use Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, text files, which are saved on your computer and enable analysis of use of the website by you. The information created by the cookie during use of the website by the website visitor are normally transferred to a Google server in the USA and saved there.
This is also within our legitimate interest in accordance with Art 6 Para. 1 (f) of the GDPR.
Google is now subject to the Privacy Shield agreement in effect between the European Union and the USA and certified according to this agreement. In this case, Google is obliged to maintain the standards and regulations of the Europeandata protection regulations. For more information, see the following link to the article: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
We have activated IP anonymisation on this website (anonymizeIp). Google will truncate your IP address beforehand within the member states of the European Union or in other contractual states of the agreement concerning the European Economic Area. Only in some exceptional cases will the full IP address be transferred to Google servers in the USA and truncated there. Google uses this information on our behalf to evaluate use of the website by you, compile reports about website activities, and provide additional services connected with use of the website and the Internet to us.
The IP address transmitted to Google Analytics by your browser will not be combined with other Google data. You can prevent storage of cookies by changing the corresponding settings in your browser software; we nevertheless inform you that in this case, not all functions of the website will be fully available for use.
You may also prevent transmission of the data created by the cookie that is related to your use of the website (including your IP address) to Google and processing of this data by Google by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plug-in or within browsers on mobile devices, you can click the following link to set an opt-out cookie, which will prevent collection by Google Analytics within this website in the future (this opt-out cookie will only function in this browser and only for this domain. To delete these cookies in your browser, you will have to click this link again): http://tools.google.com/dlpage/gaoptout?hl=de.
5. Google Adwords
Our website uses the Google AdWords service. Google AdWords is an on-line advertising program from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).
In this case, we use the remarketing function within the Google AdWords service. By using the remarketing function, we are able to present users of our website with advertisements based on their interests on other websites within the Google display network (on Google itself, known as “Google Ads” or on other websites). This analyses interaction with the user on our website, e.g. which services the user was interested in to be able to display targeted advertising to the user on other pages, even after using our website. In this case, Google stores a number in the browser of users that visit certain Google services or websites in the Google display network. Using this number, which is referred to as a “cookie”, the visits of these users are recorded. This number is used for unique identification of a web browser on a certain computer and not for identification of a person, since personal data are not saved. The legal basis for this data processing is Article 6 Paragraph 1 (f) of the GDPR.
You can deactivate the use of cookies by Google by following this link and deactivating the plug-in provided there: www.google.com/settings/ads/plugin
More information about Google remarketing and the Google data privacy statement is available at: https://policies.google.com/?hl=de
6. Social media plug-ins
On our website, we use social media plug-ins from Facebook, Google+, and Twitter on the basis of Article 6 Paragraph 1 (f) of the GDPR to make our company more popular among users. The advertising objective this is based on may be considered a legitimate interest within the context of the GDPR. Responsibility for operation that conforms with data protection regulations must be ensured by the respective provider.
The purpose and scope of data collection and its further processing, and use of the data by the respective provider with regard to your rights and setting options to protect your privacy are provided to you in the respective data privacy statement of the provider, which we shall link to in the following. By logging out of social network pages and clearing cookies that have been set, you can prevent social networks assigning the data collected about you to your user account with the respective social network during your visit to www.scheppach.com/shop. If you do not wish for social networks to assign data collected via our website directly to your profile, you must log out of the corresponding social network before you visit our website.
By logging out beforehand from social network sites and deleting cookies that have been set, you can prevent social networks assigning data collected from your user account during your visit to www.scheppach.com/shop. If you do not wish for social networks to assign the data collected by our website directly to your profile, you must log out of the corresponding social networks prior to visiting our website.
6.1 Facebook, Google+, and YouTube
If you visit a page that contains one of these plug-ins, your browser will connect with Facebook or Google and the contents will be loaded from these pages. Your visit to this website can be traced by Facebook and Google, even if you do not actively use the functions of the social plug-in. If you have an account with Facebook or Google, you can use a social plug-in of this kind to share information with your friends. Scheppach does not have any influence on the content of these plug-ins and the detailed information transfer involved.
On their own websites, Facebook and Google provide detailed information about the scope, type, purpose, and further processing of your data. Here you will also find further information concerning your rights and setting options to protect your privacy.
Facebook data privacy statement: https://www.facebook.com/about/privacy
Google data privacy statement: https://www.google.com/intl/de/policies/privacy
Our website uses plug-ins provided by Google for its YouTube website. The operator of the page is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you visit one of our pages featuring the YouTube plug-in, a connection will be made with YouTube’s servers. In this case, the YouTube server will be informed regarding which of our pages you visited. If you are logged in to your YouTube account, you enable YouTube to assign your browsing behaviour directly to your personal profile. You may prevent this by logging out of your YouTube account.
Further information about handling user data is provided in the YouTube data privacy statement at www.google.de/intl/de/policies/privacy.
6.2 Twitter
This website also includes functions of the Twitter on-line service. These functions are offered by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). By using Twitter and the “Re-Tweet” function, websites visited by you are linked to your Twitter account and made known to other users. In this case, data will also be transferred to Twitter. Your Internet browser will connect directly to the Twitter servers in this case and transfer data to Twitter.
We inform you that we are not aware of the contents of the transmitted data and do not receive information about its use by Twitter. Further information about this is provided in the Twitter data privacy statement: https://twitter.com/privacy
You may change your data privacy settings at Twitter via the account settings in the following link: https://twitter.com/account/settings
6.3 Instagram
This website also integrates plug-ins from the social network Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA (“Instagram“). The Instagram plug-in can be recognised by the “Instagram button” on our website. When you click the "Instagram button" while you are logged in to your Instagram account, you may link to the contents of our page on your own Instagram profile. This allows Instagram to assign the visit to our page to your user account. We inform you that we are not aware of the contents of the transmitted data and do not receive information about its use by Instagram. Further information about this is provided in the Instagram data privacy statement: https://instagram.com/about/legal/privacy
7. Creditworthiness and transfer to credit reference agencies
Scheppach GmbH basically grants its customers the option to purchase our goods using unsecured payment methods (by invoice).
Companies that basically grant their customers unsecured payment methods have a legitimate interest in protecting themselves as well as possible before payment failures occur.
Among other aspects, this takes place by checking the creditworthiness of the customer before granting the option to take advantage of unsecured payment methods.
Within the scope of this check, Scheppach GmbH shall be entitled to use negative credit information that it has received/collected itself from the respective customer or in cooperation with an external credit reference agency.
We work together with the following credit reference: Verband der Vereine Creditreform e.V.
For the purpose of accessing credit information, the following data are transmitted to the external credit reference agency: Forename, surname, postal address, date of birth (if available).
In case of creditworthiness information, this involves information about publicly available payment claims and such information that could result in an immediate risk of a failure to pay (e.g. bankruptcy, debtor counselling, deferred payment based on inability to pay).
Scheppach GmbH shall furthermore be entitled to use information involving extremely atypical ordering processes (e.g. simultaneously ordering a number of goods to the same address while using a variety of user accounts). This is intended to prevent failed payments and protect our customers against abuse of their accounts and identities.
Within the scope of a credit check, we may use automated processes to decide whether the unsecured payment method (payment by invoice) is granted to you. In this way, transfer of a negative credit check by a credit reference agency or calculation of an insufficient score within the scope of "internal scoring" will result in rejection of the desired payment method.
You may assert your right with us that we complete a manual check of the automated decision.
You also have the right to express your own standpoint and the right to dispute the decision.
We basically have a legitimate interest in performing a credit check if you select an unsecured payment method (payment by invoice).
Processing your data within the scope of the credit check takes place on the basis of Art. 6 Para. 1 (b) of the GDPR and Art. 6 Paragraph 1 (f) of the GDPR.
8. Storage duration
Unless stated specifically, we will save your personal data only for as long as this is necessary to fulfil the pursued objectives.
In some cases, the law provides for storage of personal data, for example tax or commercial law. In these cases, data shall only be saved further by us for legal purposes, but it shall not be processed otherwise, and it shall be deleted once the legal retention period has elapsed.
9. Your rights as the affected data subject
According to applicable laws, you are entitled to various rights regarding your personal data. If you would like to assert these rights, please direct your request by e-mail or post including clear identification of your person to the address indicated in point 1.
The following provides an overview of your rights.
9.1 Right to confirmation and access
You have the right to clearly laid out information regarding processing of your personal data.
In particular:
You have the right to receive confirmation from us at any time about whether personal data concerning you are being processed. If this is the case, you have the right of free of charge access to personal data saved about you, including a copy of this data. You also have a right to the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
- the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
- the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;
- the existence of the right to lodge a complaint with a supervisory authority;
- if personal data are not collected from you, all information regarding the source of the data;
- the existence of an automated decision making process including profiling according to Art. 22 Para. 1 and 4 of the GDPR and at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
If personal data are transmitted to a third country or to an international organisation, then you have the right to be informed of the appropriate safeguards pursuant to Article 46 of the GDPR relating to the transfer.
9.2 Right to rectification
You have the right to obtain the rectification and completion of personal data concerning you.
In particular: You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
9.3 Right to erasure ("right to be forgotten")
In a number of cases, we shall be obligated to erase personal data affecting you.
In particular:
In accordance with Art. 17 Para. 1 of the GDPR, you have the right to obtain from us the erasure of personal data concerning you without undue delay and we have the obligation to erase personal data without undue delay where one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- You withdraw consent on which the processing is based according to Art. 6 Para. 1 P. 1 a) of the GDPR or Art. 9 Para. 2 a) of the GDPR, and where there is no other legal ground for the processing.
- You object to processing pursuant to Art. 21 Para. 1 of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 Para. 2 of the GDPR.
- The personal data have been unlawfully processed.
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
- The personal data have been collected in relation to the offer of information society services referred to Art. 8 Para. 1 of the GDPR.
If we have made the personal data public and we are obliged pursuant to Art. 17 Para. 1 of the GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
9.4 Right to restriction of processing
In a number of cases, you have the right to obtain from us restriction of processing of your personal data.
In particular:
You have the right to obtain from us restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data,
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims, or
- you have objected to processing pursuant to Art. 21 Para. 1 of the GDPR pending the verification whether the legitimate grounds of us override those of you.
9.5 Right to data portability
You have the right to receive, to transmit, or to have transmitted personal data concerning you in a machine-readable format from us.
In particular:
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable formatand you have the right to transmit this data to another controller data processor without hindrance, where
- the processing is based on consent pursuant according to Art. 6 Para. 1 S. 1 a) of the GDPR or Art. 9 Para. 2 a) of the GDPR or on a contract pursuant to Art. 6 Para. 1 S. 1 b) of the GDPR and
- the processing is carried out by automated means.
In exercising your right to data portability pursuant to paragraph 1, you have the right to have the personal data transmitted directly from us to another controller, where technically feasible.
9.6 Right to object
You have the right to object to lawful processing of your personal data by us on grounds relating to your personal situation and our grounds for the processing do not override this
In particular:
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 Para. 1 P. 1 e) or f) of the GDPR, including profiling based on those provisions. We shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where we process personal data for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89 Para. 1 of the GDPR, you, on grounds relating to your particular situation, shall have the right to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
9.7 Automated individual decision-making, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Automated decision making process based on the personal data collected shall not take place.
9.8 Right to withdraw legal data protection
You have the right to withdraw consent concerning processing of the personal data at any time.
9.9 Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you is unlawful.
10. Data security
We are totally committed to the security of your data within the scope of applicable data protection laws and the technical possibilities.
Your personal data are transferred to us encrypted. This applies to your orders and also to the customer log-in. We use the SSL encoding system (Secure Socket Layer), but would still advise you that data transfer on the Internet (e.g. when communicating by e-mail) is subject to security vulnerabilities. Seamless protection of your data against access by third parties is not possible.
In order to safeguard your data, we take technical and organisational security measures according to Art. 32 of the GDPR, which we continuously readjust to ensure that it is state of the art.
We also cannot guarantee that our service is available at certain times; faults, interruptions, and failures cannot be ruled out. The servers we use are secured regularly and with care.
11. Forwarding data to third parties, no data transfer to non-EU countries
We basically use your personal data only within our company.
If and insofar as we employ third parties within the scope of fulfilling our contracts (e.g. logistics service providers), they shall only receive personal data within the scope required for providing the corresponding service.
If we outsource specific parts of data processing (“contract processing”), we shall contractually obligate the contract processor only to use personal data in accordance with the requirements of data protection laws and to ensure protection of the rights of the data subject.
Transmission of data to positions or people outside the EU according to the case specified in this statement in point 4 does not take place and is not planned.
12. The right to lodge a complaint with the competent supervisory authority
In the event of legal data protection violations, the data subject is entitled lodge a complaint with the competent supervisory authority.
The competent supervisory authority in the event of legal data protection questions is the state data protection officer of the state where the company has its headquarters. In this case, Bavaria.
A list of data protection officers and their contact data is available to you via the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
13. Processing applicant data
Processing your personal applicant data by Scheppach GmbH and the data protection rights available to you are described at the following link: https://www.scheppach.com/verarbeitung-bewerberdaten.aspx
14. Data protection officer
If you still have questions or concerns regarding data protection, please contact our data protection officer:
Prof. Dr. Achim Dehnert
Leiter IIL-Inst.f.Informationslogistik GmbH
Edison Allee 5-7
D-89231 Neu-Ulm
Telefon: +49 - 171 - 537 6151
E-Mail-Adresse:datenschutz@scheppach.com