1. Collection of your personal data
This page explains what personal data we will collect from you when you use our website. Personal data are data that concern you personally and by which you can be identified, e.g. your name, your address, your email address and your user behaviour.
We offer, in addition to purely informational use of our website, various services that you can elect to use provided you have given your consent to data processing (legal basis: Article 6 (1) (a) of the General Data Protection Regulation (GDPR)), such as the newsletter service referred to in section 8 of this data protection statement.
For this purpose, you must provide further personal data that we will use to provide the relevant service or to contact you and to which the data processing principles set out in this data protection statement will apply. If you do not provide the required information, we may not be able to perform our service.
Regarding detailed matters, such as consent, objection and revocation, we refer you to our special data protection statements for:
- the “My workplace” restricted area
- the “Job exchange”
Our website uses SSL or TLS encryption for the transmission of confidential information. We would like to point out that data transmission using the Internet (e.g. when communicating by email) might not be secure and that it is impossible to ensure complete protection of data against access by third parties.
You can download this document in PDF format for your records: General data protection statement by Schüco International KG (pdf, 115.5 KB)
To open the PDF file (pdf, 115.5 KB) you will need to use the free Adobe Reader software (available from www.adobe.de ) or similar software that runs the PDF format. This document can also be printed out.
The controller, as defined in Article 4 (7) GDPR, for the processing of personal data is:
Schüco International KG
Tel.: +49 521 783-0
Contact details for our data protection officer:
Schüco International KG
Data Protection Department
If you have any questions or comments concerning data protection, you can send an email to: firstname.lastname@example.org
Each time you visit our website, we automatically collect data and information from your device’s system and store them in server log files. These data constitute information that relates to an identified or identifiable natural person (in this case, a visitor to our website). The data are automatically transmitted by your browser when you visit our website. This includes the following data:
- the time of your visit to our website (request to the host provider’s server),
- URL of the website from which you are visiting our website,
- the operating system that you are using,
- the type and version of browser that you are using,
- your computer’s IP address – masked
The purpose of this processing is to enable our website to be accessed from your device and our website to be displayed correctly on your device or in your browser. We also use the data to optimise our website and to ensure the security of our systems. We do not evaluate these data for marketing purposes. Our collection of these data relies on Article 6 (1) (f) GDPR. We have a legitimate interest in presenting you with a website that is optimised for your browser and in enabling communication between our server and your end device. Processing your IP address is especially important for the latter. We store these data for seven days. The recipient of the data is our server host, who works for us under a data processing agreement.
4. Your rights
You have the following rights regarding your personal data:
a) right to information
b) right to rectification
c) right to erasure (right to be forgotten)
d) right to restriction of processing
e) right to data portability
f) right to object
g) right to revoke a data protection consent
You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
5. Retention period and restriction of processing of personal data
Unless a more specific retention period is specified in our statements concerning data protection, your personal data will be deleted as soon as they are no longer required to fulfil the purpose for which they were collected. If you only use our website for information purposes, your IP address will be erased from all systems used in connection with operation of our website after seven days at the latest. We will then be unable to identify you from the remaining data.
If you use other services on our website, your data will generally be retained in our systems for user administration purposes. We review these regularly to determine whether data can be erased. If any data are no longer required for the purposes of a customer or interested party relationship, or a conflicting interest outweighs retention, we will erase such data, provided that there are no statutory retention obligations to the contrary.
Your data must also be erased if it is unlawful to store them (e.g. if they are inaccurate and their rectification is impossible). Data will be restricted rather than erased if there are legal or factual obstacles to their erasure (e.g. specific retention requirements).
If you assert a justified request for erasure or revoke your consent to data processing, your data will be erased unless we have other legally permissible reasons for retaining your personal data (e.g. retention periods under tax or commercial law); and, in the latter case, deletion will take place after the reasons for retention cease to apply.
We will generally not transfer your data to third parties without your express consent.
7. Right to object to the collection of data in special cases, and to direct advertising (Article 21 GDPR)
If we cite our own legitimate interest or the legitimate interest of a third party as the lawful basis for us to process your personal data (Article 6 (1) (f) GDPR), you can object under Article 21 GDPR.
Under Article 21 GDPR, you have the right to object to the processing of your personal data at any time. We will then cease to process your personal data for direct marketing or related profiling purposes.
We will also cease to process your personal data for other purposes after an objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims (see Article 21 (1) GDPR, the so-called “limited right of objection”). In this case, you must support your objection with grounds that arise out of your particular situation.
You may also object, on grounds that arise out of your particular situation, to your personal data being processed pursuant to Article 89 (1) GDPR for scientific or historical research purposes or statistical purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest (Article 21 (6) GDPR).
8. Newsletter/ Promotions
We use the so-called double opt-in procedure to register people to receive our newsletter. This means that, after you have registered, we will send you an email at the email address you have provided, asking you to confirm that you wish to receive our newsletter. If you do not confirm your registration within 48 hours, we will block your information and will automatically delete it after one month. In addition, we will store the IP addresses that you used and the times of your registration and confirmation. The purpose of this procedure is to be able to prove your registration or, if necessary, to resolve possible misuses of your personal data.
The only information we must have in order to send you our newsletter is your email address. Providing any additional, separately marked data is a matter of your own choice. We will only use these data to address you personally or to send you further information. After we receive your confirmation, we will store your email address for the purpose of sending you our newsletter. The legal basis is Article 6 (1) (a) GDPR.
You can at any time revoke your consent to our sending you our newsletter and unsubscribe from it. You can declare your revocation by clicking on the link provided in every newsletter email, by sending an email to email@example.com, or by sending a message to the contact details provided in the imprint.
In other parts of our website, you also have the option to consent to receiving further promotions from us (by email, telephone or post). If you wish to receive these promotions, the data (e.g. email address, telephone number, or postal address) that we require for the selected form of contact is mandatory. If you register, we will use the double opt-in procedure described above.
Of course, you can at any time (even after consenting to promotions) object to our processing of your personal data for promotional purposes. You can inform us of your objection to promotions by sending an email to firstname.lastname@example.org.
If you unsubscribe from the newsletter distribution list, we or our newsletter service provider may need to retain your email address in a blacklist in order to prevent any future mailings to you. We will only use data from the blacklist for this purpose and will not merge them with any other data. As well as serving your interests, this will serve our interest in complying with the legal requirements for sending newsletters (a legitimate interest within the meaning of Article 6 (1) (f) GDPR). Retention of your data in the blacklist will be unlimited in time. You can object to this retention if your interests outweigh our legitimate interest.
9. Schüco partner card and contact form
If you send us an enquiry using the contact form, we will save the information that you provide on the form, including your contact details, for the purpose of processing your enquiry and coordinating our response to it. Our processing of the data that you enter in the contact form is based on our legitimate interest in contacting you (if, for example, the partner you have selected does not contact you) and improving the quality of our advice (Article 6 (1) (f) GDPR). An additional legal basis may be preparing the ground for a contract with you (Article 6 (1) (b) GDPR).
We will retain the data that you enter in the contact form until you ask us to delete it or the purpose for which we are retaining it ceases to apply.
We will also transmit your data to any Schüco partners that we propose to you for your particular building project. If none of the Schüco partners that we propose to you can answer your enquiry or you have left the selection of suitable partners to us, we will transmit your data to Schüco partners that we select.
The Schüco partners that we propose to you will correspond to filter criteria that you have previously set, such as product selection and material. The list of results will automatically be displayed according to your distance from the Schüco partners.
10. Social media icons in our website’s footer
The button features that social networks provide (such as the Like button on Facebook) generally transfer personal data to the relevant social network as soon as a user visits a website that has an integrated social media button.
That is not the case with us. Our website’s footer does not integrate any plug-in buttons and only displays icons. These will refer you to the corresponding social media platforms via external links as soon as you click on them. You will only actively connect with the respective platforms if you click on them yourself and then register with them. Visiting our website will not cause a transfer of personal data to the social media platforms due to integration of the icons.
11. Our presence on social media (data processing by social networks)
We maintain publicly accessible profiles on social networks. Details of the social networks that we use are set out below.
Social networks such as Facebook and Twitter can generally analyse your user behaviour comprehensively if you visit their websites or websites with integrated social media content (e.g. Like buttons or advertising banners). Visiting our social media presences will trigger numerous processing operations that are relevant to data protection.
If you visit our social media presence while you are logged into your social media account, the operator of the social media portal will be able to trace your visit to your user account. However, your personal data may also be collected in certain circumstances even if you are not logged in or do not have an account with the relevant social media portal. This could happen, for example, via cookies that are stored on your end device or by collecting your IP address.
The operators of the social media portals can use the data collected in this way to create a user profile that records your preferences and interests. Interest-based advertising can then be displayed to you both inside and outside the particular social media presence. If you have an account with the social network, the interest-based advertising may be displayed on all of the devices that you are or were logged into.
Our social media presences are intended to ensure that our presence on the Internet is as comprehensive as possible. This represents a legitimate interest within the meaning of Article 6 (1) (f) GDPR. The analysis processes that the social networks perform may be based on different legal grounds, and the operators of the social networks should specify them (e.g. consent within the meaning of Article 6 (1) (a) GDPR).
Controller, and assertion of rights:
If you visit one of our social media presences (e.g. Facebook), we will be jointly responsible with the operator of the relevant social media platform for the data processing operations that your visit triggers. In principle, you can assert your rights (to information, rectification, erasure, restriction of processing, data portability, and objection) against both us and the operator of the relevant social media portal (e.g. against Facebook). Please note that, despite our joint responsibility with the operators of the social media portals, we cannot entirely influence the data processing procedures of the social media portals. The corporate policies of the relevant providers largely determine our own options.
We will erase from our systems any data that we collect directly via our social media presences as soon as you require us to erase them, you revoke your consent to our retaining them, or our purpose for retaining them ceases to apply. Any stored cookies will remain on your end device until you erase them. Mandatory statutory provisions, including retention periods, will continue to apply.
We have no influence over the period for which the operators of the social networks retain your data for their own purposes. Please contact the operators of the social networks directly for details (e.g. in their data protection statements, see below).
The social networks in detail:
We have a profile on Facebook. Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Meta”) provides this service. Meta has stated that the data it collects are also transmitted to the USA and other third countries. We have entered into a joint processing agreement (Controller Addendum) with Meta. This agreement specifies the data processing operations for which we or Meta are responsible when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can customise your advertising settings yourself in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
Data transmission to the USA is based on the EU Commission’s standard contractual clauses. Further information is available at:
https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
We have a profile on Instagram. Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland provides this service. Data transmission to the USA is based on the EU Commission’s standard contractual clauses. Further information is available at:
https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you would like to deactivate LinkedIn’s advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Data transmission to the USA is based on the EU Commission’s standard contractual clauses.
Details are available at: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs
12. Social Media Analytics Software
We use Supermetrics, a tool from Supermetrics OY, Kaivokatu 10A, 00100 Helsinki, Finland, on our website to automatically aggregate marketing data.
The data provided by the social media network operators is transmitted to us via the Supermetrics interface and processed in the "Google Data Studio" software. We have a legitimate interest in the use of this software pursuant to Art. 6 (1) f) DSGVO.
Supermetrics enables us to transmit the data provided by the social media network operators directly to Google Data Studio in order to be able to analyse and visualise them there as a summary in the form of statistics. With the help of Google Data Studio, measures of the social media appearances can be evaluated, insights into the target group can be gathered, fan engagement and the viral spread of your own posts can be gained.
We only have limited access to your user data. The user data is essentially your publicly accessible profile data.
13. Legal bases for our data processing
Article 6 (1) (a) GDPR serves as Schüco’s legal basis for processing operations where we obtain your consent to our processing for a specific purpose (e.g. the newsletter, ”My Workplace” or the Job exchange). If our processing of your personal data is necessary for the performance of a contract to which you are a party (as with processing operations that are necessary for the delivery of goods or the provision of some other performance or counter-performance), it will be based on Article 6 (1) (b) GDPR. The same applies to processing operations which are necessary in order to take steps at your request prior to entering into a contract.
If our processing of your data is needed in order to comply with a legal obligation to which we are subject (for example, for the performance of our tax obligations), it will be based on Article 6 (1) (c) GDPR. Our processing of your personal data might in rare cases become necessary in order to protect the vital interests of yourself or another natural person. This would be the case, for example, if a visitor were injured and we then had to give his or her name, age, health insurance details and other vital information to a doctor, hospital or other third party. In such a case, our processing would be based on Article 6 (1) (d) GDPR.
Finally, our processing operations could be based on Article 6 (1) (f) GDPR. Processing operations not covered by any of the aforementioned legal bases are carried out on this basis if the processing is necessary for the purposes of our legitimate interests or the legitimate interests of third parties, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding. We are clearly permitted to carry out such processing operations because they were specifically mentioned by the European legislature. It took the view that a legitimate interest could exist where the data subject is a client of the controller (second sentence of recital 47 GDPR).
If you have consented to the storage of cookies or to access to information in your end device, our data processing will additionally be carried out on the basis of section 25 (1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG). You can revoke your consent at any time.
Version: December 2022