General Privacy Policy for Schüco Global Services KG
1. Collection of personal data
We are delighted that you are interested in Schüco Global Services KG (Schüco Service). Protecting your personal data is important to us. We treat your personal data as confidential and in accordance with the statutory data protection regulations as well as this privacy policy and the declaration on the use of cookies.
This website contains information about what personal data we collect from you when you use this site, for example. Personal data is any data relating to you as an individual and which can be used to identify you, for example. your name, address, e-mail address and user behaviour.
In addition to the use of our website purely for informational purposes, we offer various services which you may use if you are interested and if you consent to data processing (legal basis: Art. 6(1)(a) GDPR), such as the newsletter under Paragraph 8 of this privacy policy.
To use these services, you will need to provide additional personal data that we will then use to provide the relevant service or to contact you. The data processing principles set out in this privacy policy apply to this personal data. If you do not provide the required information, we may not be able to provide our service.
With regard to details such as consent, objection and revocation, we refer you to our special privacy policies for the jobs board.
Our website uses SSL and TLS encryption when transferring confidential content. Please note that there may be security vulnerabilities when transferring data over the internet (e.g. through e-mail communication). It is not possible to ensure complete protection of data against access by third parties.
This document can be downloaded and archived as a PDF: General Privacy Policy for Schüco Global Services KG (pdf, 142,7 KB). To open the PDF file, you will need the free Adobe Reader program (www.adobe.com), or a similar program which can process the PDF format. The document can also be printed.
2. Controller
The controller responsible for processing personal data in accordance with Article 4(7) of the General Data Protection Regulation (GDPR) is:
Schüco Global Services KG
Karolinenstraße 1-15
33609 Bielefeld
Germany
Tel.: +49 (0)521 783-0
E-mail: serviceteam@schueco.com
Website: www.schueco-service.com
The contact details of the data protection officer are as follows:
Schüco Global Services KG
Data protection
Karolinenstraße 1-15
33609 Bielefeld
Germany
If you have any questions or comments about data protection, please e-mail: datenschutz-SGS@schueco.com
3. Log files
Every time you visit our website, we automatically record data and information from your device's system and save it in so-called server log files. This data is information that relates to an identified or identifiable natural person (in this case, the website visitor). The data is transferred automatically by your browser when you visit our website. The following information is recorded:
· The time of visit to our website (request to the server of the host provider)
· URL of the website from which you have accessed our website
· The operating system you are using
· The type and version of the browser you are using
· The masked IP address of your computer
This data is processed in order to enable you to access our website from your device and correctly display our website on your device or in your browser. Furthermore, the data is used to optimise our website and ensure that our systems are secure. We do not analyse this data for marketing purposes. This data is recorded on the basis of Article 6(1)(f) GDPR. We have a legitimate interest in presenting a website that is optimised for your browser and enabling communication between our server and your end device. With regard to the latter, we need to process your IP address in particular. The data is retained for seven days. The recipient of the data is our server host, which works for us as part of a contractual agreement.
4. Your rights
You have the following rights with regard to your personal data:
a) Right of access
b) Right of rectification
c) Right to erasure (right to be forgotten)
d) Right to restriction of processing
e) Right to data portability
f) Right to object
g) Right to withdraw consent regarding data protection rights
You also have the right to make a complaint to a data protection supervisory authority about our processing of your personal data.
5. Storage period and blocking of personal data
Unless a more specific storage period is given within our privacy policies, we will delete your personal data as as soon as it is no longer required in order to fulfil the purpose for which it was collected. When you use the website purely for information purposes, the IP address is deleted from all systems used in connection with the operation of this website within 7 days. We will no longer be able to identify you from the remaining data.
If you use other services on our website, your data is usually stored on our systems for user management purposes. This data is regularly reviewed to determine whether it can be deleted. If data is no longer required in a relationship with a customer or interested party or if there is an overriding conflicting interest, we will delete the data concerned, provided that this is not prohibited by statutory retention obligations.
We will also delete your data if the storage of this data is not permitted (e.g. if the data is incorrect and it is not possible to correct it). Your data will be blocked instead of deleted if there are legal or factual obstacles preventing its deletion (e.g. special retention obligations).
If you make an authorised deletion request or revoke consent to data processing, your data will be deleted as soon as we no longer have any other legally permitted reason to store your personal data (e.g. retention periods relating to tax or commercial law); in the latter case, the data will be deleted when this reason no longer applies.
6. Transfer of data to third parties/use of cookies
As a general rule, we do not pass on the data that you provide to us to third parties without your express consent.
Our website uses cookies. Information on the use of cookies on our website can be found in our declaration on the use of cookies.
7. Right to object to data collection in special cases as well as to direct marketing (Article 21 GDPR)
If we pursue our legitimate interest or a legitimate interest of a third party as the legal basis for processing personal data (Article 6(1)(f) GDPR), you have a right to object in accordance with Article 21 GDPR:
In accordance with Article 21 GDPR, you have the right to object to the processing of personal data at any time. We will then no longer process the personal data for the purposes of direct marketing or associated profiling.
Moreover, we will not process your personal data for other purposes after receiving an objection unless we can provide compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims (see, for example, Article 21(1) GDPR, so-called "restricted right to object"). In this case, you must provide reasons for the objection, which result from your particular situation.
You can also make an objection to the processing of your personal data for reasons which result from your particular situation for processing which takes place for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest (see Article 21(6) GDPR).
8. Newsletter/advertising
We use the "double opt-in" method for our newsletter registration. This means that, following your registration, we will send an e-mail to the specified e-mail address, in which we will ask you to confirm that you wish to receive the newsletter. If you do not confirm the registration within 48 hours, your information will be locked and automatically deleted after one month. Furthermore, we save the IP address you use and the time of registration and confirmation in each case. The purpose of this process is to verify your registration and clear up any possible misuse of your personal data.
The only information required to send the newsletter is your e-mail address. Provision of additional, separately marked data is voluntary. This data will be used exclusively to be able to contact you personally or send you additional information. Following your confirmation, we will store your e-mail address for the purposes of sending the newsletter. The legal basis is Article 6 (1) (a) GDPR.
You can revoke your consent to receiving the newsletter and unsubscribe at any time. You can withdraw this consent by clicking on the link provided in every newsletter e-mail, sending an e-mail to newsletter@schueco.com or contacting us using the details provided in the legal notice.
You also have the option to consent to additional marketing correspondence (by e-mail, telephone or post) in other parts of our website. If you would like to receive this marketing, you must provide us with the information required for the selected method of contact (e.g. e-mail address, telephone number or address). If you register, we will use the double opt-in method described above.
You can of course object to the processing of your personal data for marketing purposes at any time, including after consenting to marketing. You can inform us of your objection to marketing by sending us an e-mail to datenschutz@schueco.com.
Following your removal from the newsletter distribution list, we or our newsletter provider may store your e-mail address on a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest to adhere to the legal regulations with regard to sending out the newsletter (legitimate interest within the meaning of Article 6(1)(f) GDPR). There is no time limit for storage on the blacklist. You can object to the storage if your interests override our legitimate interest.
9. Contact form
If you submit an enquiry using the contact form, we will store the data that you provide in this form, including your contact details, for the purposes of processing and coordinating your enquiry. The data entered in this form is processed on the basis of our legitimate interest in contacting you (Article 6(1)(f) GDPR). A further legal basis may be the initiation of a contract with you (Article 6(1)(b) GDPR).
We will store the data that you enter in the contact form until you request its deletion or until the purpose of storing this data no longer applies.
10. Social media icons in the website footer
Usually, when a user visits a website with an integrated social media button, the button solutions provided by the social networks (such as the Like button on Facebook) will transmit personal data to the respective social network as soon as the user visits the site.
For us, this is not the case. No plug-in buttons are incorporated into the footer of our website. Only icons are featured there. Upon clicking on these, they direct you to external links within the corresponding social media platforms. You are actively connected with the respective platforms only if you yourself activate them by clicking and, where applicable, log into the respective platform. No transfer of personal data takes place as a result of the integration of icons for social media platforms when our website is accessed.
11. Our social media presence (data processing through social networks)
We maintain public profiles on social networks. You will find a list of the individual social networks we use below.
Social networks such as Facebook or Twitter can generally extensively analyse your user behaviour when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media profiles will trigger a number of processes related to data protection.
In detail:
If you are logged into your social media account and visit our social media profile, the operator of the social media portal can link this visit to your user account. Your personal data may also be recorded even if you aren't logged in or don't have an account on the respective social media portal. In this case, the data is recorded through cookies, for example, which are stored on your device or through recording your IP address.
The operators of the social media portals use this recorded data to create user profiles in which your preferences and interests are stored. In this way, advertising related to your interests can be shown both within our outside the social media presence. If you have an account on the social network in question, advertising related to your interests can be displayed on all devices you are logged into or have been logged into.
Please also note that we cannot trace all processing activity on social media portals. Therefore, depending on the provider, additional processing activity may be carried out by the operators of the social media portals. Details on this can be found in the conditions of use and privacy policies of the social media portals in question.
Legal basis:
Our social media profiles are intended to provide the most extensive internet presence possible. This is a legitimate interest within the meaning of Article 6 (1)(f) of the GDPR. The analysis processes initiated by the social networks may relate to differing legal bases that must be specified by the operators of the social networks (e.g. consent within the meaning of Article 6(1)(a) GDPR).
Controller and assertion of rights:
If you visit our social media profiles (e.g. on Facebook), we and the operator of the social media platform are responsible for the data processing activity triggered by this visit. You can generally assert your rights (access, rectification, deletion, restriction of processing, data portability and appeal) against us or the operator of the social media portal in question (e.g. against Facebook). Please note that, despite our shared responsibility with the social media operators, we do not have full influence on data processing by the social media portals. Our options are largely determined by the company policy of each provider.
Storage period:
The data recorded by us straightaway via the social media presence is deleted by our systems as soon as you request deletion by us, revoke your consent to storage or the reason for the data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – especially retention periods – remain unaffected.
We have no control over the storage duration of your data that is stored by the operators of social networks for their own purposes. For further details on this, please refer directly to the operators of the social networks (e.g. in their privacy policy, see below).
Social media networks in detail:
Facebook:
We have a profile on Facebook. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter Meta). According to Meta, the recorded data is also transferred to the USA and other third countries. We have concluded an agreement on joint processing with Meta (Controller Addendum). This agreement specifies which data processing activities we or Meta are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can set your own advertising preferences in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.
The data transfer to the USA is based on the standard contractual clauses from the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
For further information, please refer to the Facebook privacy policy: https://www.facebook.com/about/privacy/.
Instagram:
We have a profile on Instagram. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The data transfer to the USA is based on the standard contractual clauses from the EU Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
Details on the processing of your personal data can be found in the Instagram privacy policy: https://help.instagram.com/519522125107875.
Pinterest:
We have a profile on Pinterest. The operator is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. Details on the processing of your personal data can be found in the Pinterest privacy policy: https://policy.pinterest.com/de/privacy-policy.
XING:
We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on the processing of your personal data can be found in the XING privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.
LinkedIn:
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you wish to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
The data transfer to the USA is based on the standard contractual clauses from the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
Details on the processing of your personal data can be found in the LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy.
YouTube:
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on the processing of your personal data can be found in the YouTube privacy policy: https://policies.google.com/privacy?hl=de.
12. Social media analytics software
We use Supermetrics on our website, a tool provided by Supermetrics OY, Kaivokatu 10A, 00100 Helsinki, Finland, for automatic consolidation of marketing data.
The data provided by the social media network operators is sent to us via the Supermetrics interface and processed by the Google Data Studio software. We have a legitimate interest to use this software in accordance with Article 6 (1)(f) GDPR.
Supermetrics enables us to transfer the data provided by the social media network operators directly to Google Data Studio, so we can analyse and visualise it there as a summary in the form of statistics. With the aid of Google Data Studio, social media campaigns can be assessed, insights into the target group can be gathered, and fan engagement and the viral spread of our own posts can be achieved.
We only have limited access to your user data. This user data is essentially your public profile data.
13. Legal basis of the processing
For processing activities carried out by Schüco Service for which we require consent for a specific purpose (e.g. newsletter, My Workplace, jobs board), the legal basis is Art. 6(1)(a) GDPR. If the processing of personal data is necessary in order to perform a contract where the data subject is you, such as processing activities that are required to deliver goods or provide another service or consideration, this processing is carried out on the basis of Article 6(1)(b) GDPR. The same applies to processing activities that are required for pre-contractual measures.
We have a legal obligation to process personal data, for instance to fulfil tax obligations; these processing activities are carried out on the basis of Article 6(1)(c) GDPR. In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured and their name, age, health insurance details and other vital information needed to be given to a doctor, hospital or other third party. The basis for this data processing would be Article 6(1)(d) GDPR.
Finally, processing activities may be carried out on the basis of Article 6(1)(f) GDPR. Processing activities that are not covered by any of the aforementioned legal bases are carried out on this legal basis if the processing activity concerned is necessary for the purposes of our legitimate interests or those of a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject. We are permitted to carry out such processing activities in particular because they have been specifically mentioned by the European legislator. The legislator considers that a legitimate interest could exist if the data subject is a customer of the controller (Sentence 2 of Recital 47 GDPR).
As soon as you have consented to the storage of cookies or access to information on your end device, the data will also be processed on the basis of Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutzgesetz – TTDSG). The consent may be revoked at any time.
Issued: February 2025