Data Protection

General information

We are pleased that you are visiting our webshop. The protection and security of your personal information when using our online store is very important to us. We would therefore like to take this opportunity to inform you which of your personal data we collect when you visit our online store and for what purposes it is used.

This data protection information applies to the Schmitter Hydraulik GmbH website: webshop.schmitter-hydraulik.de

Note on the responsible body

The controller for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR):

Schmitter Hydraulik GmbH
Represented by: Andreas Meder and Matthias Richter
Am Stöckleinsbrunnen 1
97762 Hammelburg

Phone: 09732 8888 0
E-Mail: kontakt@schmitter-hydraulik.de

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Data Protection Officer:

Jürgen Müller
Robert-Bosch-Str. 3
72622 Nürtingen
E-mail address: juergen.mueller@dsb-mueller.com

internal data protection coordinator:

Juliane Koberstein

Am Stöckleinsbrunnen 1

97762 Hammelburg
Phone: +49 9732 - 8888 - 1514
E-Mail: juliane.koberstein@schmitter-hydraulik.de

What is it about?

This data protection notice fulfills the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behavior when visiting a website/webshop.

Information for which we cannot (or only with disproportionate effort) establish a connection to your person, e.g. through anonymization, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose.

Stored personal data will be deleted as soon as the purpose of the processing has been achieved and there are no legitimate reasons for further storage of the data. We will inform you about the specific storage periods or criteria for storage in the individual processing operations. Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defense of legal claims and in the event of statutory retention obligations.

Who receives my data?

We only pass on your personal data that we process on our webshop to third parties if this is necessary for the fulfillment of the purposes and in
individual cases is covered by the legal basis (e.g. consent or protection of legitimate interests). In addition, in individual cases we pass on personal data to third parties if this serves the assertion, exercise or defense of legal claims. Possible recipients may then be, for example, law enforcement authorities, lawyers, auditors, courts, etc.

Insofar as we use service providers for the operation of our web store who process personal data on our behalf as part of order processing in accordance with Art. 28 GDPR, they may be recipients of your personal data. You can find more information on the use of processors and web services in the overview of the individual processing operations.

What rights can I assert with regard to the processing of my personal data?

Under the GDPR, you can assert a number of data subject rights against us. To assert these rights, you can contact us using the contact details provided above. Your rights under the GDPR include in particular

- Right to information: You can request information about your personal data stored by us (Art. 15 GDPR). This information concerns, among other things, the categories of data processed by us, the purposes for which we process them, the origin of the data if we have not collected them directly from you and, if applicable, the recipients to whom we have transmitted your data. You can obtain a free copy of your data that is the subject of the agreement from us. If you are interested in further copies, we reserve the right to charge you for the additional copies.

- Right to rectification and erasure: You have the right to obtain from us the rectification of inaccurate personal data concerning you and the right to have incomplete personal data completed (Art. 16 GDPR). In addition, you can also request the deletion of your data under the conditions of Art. 17 GDPR. This may be the case, for example, if

the data are no longer required for the purposes for which we collected or otherwise processed them;
you withdraw your consent, which is the basis for the data processing, and we lack any other legal basis for the processing;
you object to the processing of your data and there are no overriding legitimate grounds for the processing, or you object to data processing for direct marketing purposes;
we have processed the data unlawfully;
unless the processing is necessary,
to ensure compliance with a legal obligation that requires us to process your data, in particular with regard to statutory retention periods;
to assert, exercise or defend legal claims.

- Right to restriction of processing: You may also have the right to restrict the processing of your data, i.e. to mark the stored personal data with the aim of restricting its future processing. For this, one of the conditions specified in Art. 18 GDPR must be met, i.e.

you contest the accuracy of the data, for the period of time we need to verify the accuracy of the data;
the processing is unlawful and you oppose the erasure of your data and request the restriction of their use instead;
we no longer need your data, but you need it to assert, exercise or defend legal claims;
you have objected to processing pending the verification whether our legitimate interests override yours.

- Right to data portability: Finally, you may also have the right to receive the data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You can transmit this data to another controller without hindrance. You can also request that we transfer your data directly to another controller, insofar as this is technically feasible (Art. 20 GDPR).

- Right to object: You can object to the processing of your data at any time for reasons arising from your particular situation, provided that the data processing is based on our legitimate interests or those of a third party. In this case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims (Art. 21 GDPR). Irrespective of this right to object, you have the right to withdraw your consent to processing at any time.

- Right to complain to a data protection supervisory authority: You have the right to complain to the data protection supervisory authority responsible for you about our processing of your personal data if you believe that this violates applicable data protection law. The data protection supervisory authority responsible for us is

Bavarian State Office for Data Protection Supervision

Promenade 18

91522 Ansbach

Germany

How is my data processed in detail?

Below we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. There is no automated decision-making in individual cases, including profiling.

Data acquisition

Cookies

Some of the Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.

Cookies that are required to carry out the electronic communication process or to provide certain functions you have requested (e.g. shopping cart function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The webshop operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, these are treated separately in this privacy policy.

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies for certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. You can find these for the respective browsers under the following links:

Please note that if you do not accept cookies, the functionality of our web store may be restricted.

You can change the cookie preferences you set when you first visit our site at any time.

Browser plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of our online store. You can also prevent Google from collecting the data generated by the cookie and relating to your use of our web store (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link https://tools.google.com/dlpage/gaoptout?hl=de

Provision of our web store

When you access and use our web store, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

IP address of the requesting computer
Date and time of access
Name and URL of the retrieved file
Website from which the access is made (referrer URL)
Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

Our web store is not hosted by us, but by DIA Connecting Software GmbH & Co KG, which processes the aforementioned data on our behalf in accordance with Art. 28 GDPR.

Processing is carried out to safeguard our overriding legitimate interest in displaying our web store and ensuring security and stability on the basis of Art. 6 (f) GDPR. The collection of data and storage in log files is absolutely necessary for the operation of the web store. There is no right to object to the processing due to the exception under Art. 21 para. 1 GDPR. Insofar as further storage of the log files is required by law, the processing is carried out on the basis of Art. 6 para. 1 lit. c GDPR. There is no legal or contractual obligation to provide the data, but it is not technically possible to access our online store without providing the data.

The aforementioned data is stored for the duration of the display of the web store, as well as for technical reasons beyond that.

Further information can be found in the data protection information of DIA Connecting Software GmbH & Co. KG: https://dia-software.de/datenschutz/

Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.

The data entered in the contact form is therefore processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. All you need to do is send us an informal email. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.

Request by e-mail or telephone

If you contact us by e-mail or telephone, we will store and process your inquiry, including all personal data (name, inquiry), for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and / or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the inquiries addressed to us.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Processing of customer and contract data

We collect, process and use personal data only insofar as it is necessary for the establishment, content or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. We collect, process and use personal data about the use of our website (usage data) only insofar as this is necessary to enable or charge the user for the use of the service. The customer data collected will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.

The above statements also apply to the implementation of training courses for which you can register via the website.

Data transmission upon conclusion of contract for online stores, retailers and shipping of goods

We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the companies entrusted with the delivery of the goods or the credit institution commissioned with payment processing. Any further transmission of data will not take place or will only take place if you have expressly consented to the transmission. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures.

Data processing for order processing

In order to process your order, we work together with service providers who support us in whole or in part in the execution of concluded contracts. Certain personal data is transmitted to these service providers in accordance with the following information. The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract processing, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the commissioned credit institution within the scope of payment processing, insofar as this is necessary for payment processing. The legal basis for the transfer of data is Art. 6 para. 1 lit. b GDPR.

Creditworthiness and transmission to credit agencies

We generally give you the option of purchasing goods using unsecured payment methods (e.g. invoice, financing). Accordingly, we have a legitimate interest in protecting ourselves as well as possible against the occurrence of payment defaults. This is done, among other things, by checking the customer's creditworthiness before granting the option of using unsecure payment methods. As part of this check, we are entitled to use negative creditworthiness information that we have collected about the respective customer ourselves or received from a third party. The creditworthiness information is information about outstanding payment claims and information that directly indicates the risk of non-payment (e.g. insolvency, debtor counseling, deferral due to inability to pay).

As part of checking whether an insecure payment method can be granted, we are also entitled to obtain creditworthiness information about you and information about the probability of a fraudulent order (FraudPreCheck) from an external credit agency. We work with the following credit agency: Creditreform.

For the purpose of retrieving creditworthiness information, the following data in particular is transmitted to the external credit agency: First name, last name, postal address, date of birth.

As part of the credit check, we can use an automated process to decide whether to grant you the desired insecure payment method (installment/invoice payment). For example, if a negative credit report is submitted, the desired payment method can be automatically rejected.

Your data is processed as part of the credit check on the basis of Article 6(1)(b) GDPR and Article 6(1)(f) GDPR. In principle, we have a legitimate interest in carrying out a credit check when you select an insecure payment method (installment/invoice purchase).

Analysis tools and advertising

Matomo

We use the open source software tool Matomo (formerly PIWIK) on our webshop. The software places a cookie in your browser (for cookies, see above). If individual pages of our online store are accessed, the following data is stored:

Two bytes of the IP address of the user's accessing system (anonymized IP address)

The website called up

The website from which the user accessed the website (referrer)

The subpages that are accessed from the accessed website

The time spent on the website

The frequency of visits to the website

The software runs exclusively on the servers of our web store. Your personal data is only stored there. The data is not passed on to third parties. We process your data with the help of the Matomo analysis software for the purpose of evaluating the use of individual components and contents of our web store on the basis of your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

The actual storage period of the cookies set is 13 months.

In order to meet the requirements of data protection in general and the GDPR in particular, DIATrack Matomo only records your users anonymously. It is not possible to draw conclusions about individual users from the data alone! We achieve this by anonymizing the user's IP address. An IP address makes it possible to draw conclusions about a user and their location. DIATrack Matomo replaces the last two blocks of the IP address with zeros, which means that the user can no longer be clearly identified. The user also has the option to object to tracking at any time! On the one hand on the data protection page by unchecking the tracking permission and on the other hand by generally preventing tracking within their browser.

Slide Font Server

We use Dia Fonts as a service to provide fonts for our online offering. To obtain these fonts, you establish a connection to Dia Font servers, whereby your IP address is transmitted.
The use of Dia Fonts is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG. 21

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where no adequacy decision of the European Commission exists (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).

The specific storage period of the processed data cannot be influenced by us.

Consentmanager.net

We have integrated consentmanager.net into our webshop. Consentmanager.net is a consent solution from consentmanager AB, Håltegelvägen 1, B723 48 Västerås, Sweden, with which consent to the storage of cookies can be obtained and documented. consentmanager.net uses cookies or other web technologies to recognize users and to store the consent given or revoked.

The use of the service is based on the legally required consent to the use of cookies in accordance with Art. 6 para. 1 lit. c. GDPR.

The specific storage period of the processed data cannot be influenced by us, but is determined by Consentmanager.net. Further information can be found in the data protection information for consentmanager.net: https://www.consentmanager.net/datenschutz/.

Amazon Web Service

We use AWS S3 to properly provide the content of our web store. AWS S3 is a service of Amazon Web Services, Inc. which acts as a content delivery network (CDN) on our web store.

A CDN helps to provide the content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Amazon Web Services, Inc. servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of AWS S3.

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in the secure and efficient provision and optimization of our online offer in accordance with Art. 6 para. 1 lit. f. GDPR. GDPR.

In cases where there is no adequacy decision by the European Commission (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

The specific storage period of the processed data cannot be influenced by us, but is determined by Amazon Web Services, Inc. Further information can be found in the privacy policy for AWS S3: https://aws.amazon.com/de/privacy/.

Google Analytics

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of visits to our website, subpages visited and the time spent by visitors.

Google Analytics uses cookies and other browser technologies to evaluate user behavior and recognize users.

This information is used, among other things, to compile reports on the activity of the web store.

The use of Google Analytics is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google CDN: https://policies.google.com/privacy.

Objection to data collection

You can prevent Google Analytics from collecting your data by clicking on the following link. An opt-out cookie will be set which prevents the future collection of your data when you visit this web store: https://tools.google.com/dlpage/gaoptout?hl=de

You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Google CDN

We use Google CDN to properly provide the content of our online store. Google CDN is a service provided by Google Ireland Limited, which acts as a content delivery network (CDN) on our online store.

A CDN helps to make the content of our online offering, in particular files such as graphics or scripts, available more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google CDN.

Google Fonts

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, you establish a connection to the servers of Google Ireland Limited, whereby your IP address is transmitted.

The use of Google Fonts is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

Google Tag Manager

We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage webshop tags via an interface and enables us to control the precise integration of services on our webshop.

This allows us to flexibly integrate additional services in order to evaluate user access to our web store.

The use of Google Tag Manager is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

Google reCAPTCHA

We have integrated Google reCAPTCHA components into our webshop. Google
reCAPTCHA is a service of Google Ireland Limited and enables us to distinguish whether a contact request comes from a natural person or is automated by means of a program. When you access this content, you establish a connection to the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the time spent on the website and the user's mouse movements in order to distinguish between automated and human requests. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google reCAPTCHA.

The use of Google reCAPTCHA is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

Brevo

We have integrated components of the Brevo service into our webshop. Brevo is a service provided by Sendinblue GmbH and offers marketing automation for companies.

Brevo is used to store and transfer data entered in forms using cookies, to send marketing emails and automated messages and to create targeted campaigns.

Brevo also enables us to analyze whether the emails sent have been opened, how many users have received an email and whether users have unsubscribed from the newsletter after receiving an email.

In this case, your data will be forwarded to the operator of Brevo, Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin.

We process your data with the help of Brevo for the purpose of optimizing our web store and for marketing purposes on the basis of your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.

The specific storage period of the processed data cannot be influenced by us, but is determined by Sendinblue GmbH. Further information can be found in the data protection information for Brevo: https://www.brevo.com/de/legal/privacypolicy/.

Cloudflare CDN

We use Cloudflare CDN to properly provide the content of our web store. Cloudflare CDN is a service of Cloudflare, Inc. which acts as a content delivery network (CDN) on our webshop.

A CDN helps to provide the content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to Cloudflare, Inc. servers, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Cloudflare CDN.

The specific storage period of the processed data cannot be influenced by us, but is determined by Cloudflare, Inc. Further information can be found in the privacy policy for Cloudflare CDN: https://www.cloudflare.com/privacypolicy/.

IP anonymization

We have activated the IP anonymization function on this webshop. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the web store, to compile reports on web shop activities and to provide the website operator with other services relating to web shop use and Internet use. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.