Menu Close

Privacy Policy

H. Schomäcker GmbH

  • Privacy Policy

I. Name and Address of the Controller and Data Protection Officer:

The controller within the meaning of the applicable data privacy regulations is:

Managing Director

The company’s Data Protection Officer is:

Data Protection Officer

II. General Information on Data Processing

1. The scope of personal data processing

As a general rule, we collect and use the personally identifiable information (“personal data”) of our users only to the extent that doing so is necessary

  • to ensure that our website is functional
  • to perform our services

or if we have received the user’s consent.

An exception is made in situations where it is not possible to obtain consent in advance for practical reasons and processing the data is permitted in accordance with statutory provisions.

2. The legal basis for processing personal data

You will find the various legal bases provided under the EU General Data Protection Regulation (GDPR) regarding the processing of personal data below:

When personal data is processed

  • on the basis of consent granted by the data subject, Art. 6 (1) (a) of the GDPR is the legal basis;
  • to facilitate the performance of a contract with the data subject, Art. 6 (1) (b) of the GDPR is the legal basis;
  • because doing so is necessary in order to take steps prior to entering into a contract, Art. 6 (1) (b) of the GDPR is the legal basis;
  • because doing so is necessary in order for us to comply with one of our legal obligations, Art. 6 (1) (c) of the GDPR is the legal basis;
  • because doing so is necessary in order to protect the vital interests of the data subject or another natural person, Art. 6 (1) (d) of the GDPR is the legal basis;
  • because doing so is necessary for the purposes of the legitimate interests pursued by our company or by a third party and such interests override the interests or fundamental rights and freedoms of the data subject, Art. 6 (1) (f) of the GDPR is the legal basis.

3. Erasure of data and duration of retention

As a general rule, we erase or block personal data as soon as there is no longer any purpose for storing it. If we are obligated by law to retain data, it will be blocked or erased once the statutory retention obligation has expired, except where entering into a contract or the performance of a contract necessitates the continued retention of the data.

4. The recipient of the data collected

The sole recipient of data collected via the website is the specified controller. As a rule, no data is transmitted to third parties.

Because no contracts are entered into via our website, as a rule there is no legal or contractual obligation to provide personal data.

III. Provision of the Website and Creation of Log Files

1. The scope of data processing

Every time our website is accessed, our system automatically records data and certain items of information from the computer system accessing the website.

During this process, the following information is collected:

  • The user’s IP address
  • The date and time of access

The data is also stored in our system’s log files (these contain a record of all or certain computer system processes). This data is not saved together with any of the user’s personal data.

2. The legal basis for the data processing

The legal basis for temporarily storing data and for the log files is Art. 6 (1) (f) of the GDPR.

3. The purpose of the data processing

The system needs to temporarily store the IP address in order to be able to make the website accessible to the user’s computer. To ensure that this is possible, the user’s IP address must remain stored for the duration of the session.

This storage is accomplished by way of log files, which allow us to ensure the functionality of the website. Additionally, the data serves to assist us in optimising the website and ensuring the security of our IT systems.

These purposes also comprise our legitimate interest in data processing as set out in Art. 6 (1) (f) of the GDPR. Because we are not able to trace an IP address to a natural person without extensive effort, furthermore because an IP address is not considered sensitive data, and because this is immediately deleted after the visit to the website and we require it in order to provide our website, our interests override the interests of the data subject.

4. How long we store data

Once the data collected is no longer required to achieve the purpose for which it was collected (providing the website), it is deleted. In situations in which data is stored in log files, this occurs no later than seven days afterwards. It is possible that data will be stored for a longer period. In such case, however, users’ IP addresses are deleted or scrambled so that it is no longer possible to associate them with the accessing clients.

5. Opting out and removal

It is absolutely necessary to record data in order to provide the website, and it is absolutely necessary to store the data in log files to ensure the operation of the website. Because of this, users do not have an opt-out option.

IV. E-Mail Contact/Contact Form

1. The scope of data processing

When you are on our website, you can contact us by using the contact form or the e-mail addresses provided. The data is used solely to handle the conversation or inquiry.

2. Description and scope of data processing

If a user decides to use the contact form, the information entered into the input screen is sent to us and saved. Such data includes:

Required information:

  • First and last name
  • E-mail address

Optional information:

  •  Form of address
  • Company name
  • Phone number
  • Fax number
  • Street address, post code, and city
  • Contents of your message

At the time the message is sent, the following data is stored:

  • IP address
  • Time and date the information was sent

Alternatively, we can also be contacted using the e-mail addresses provided. In this case, the user’s personal data communicated with the e-mail will be saved.

This information will be used solely to handle the conversation or your inquiry. You will need to provide your postal address in order to request our catalogue.

3. The legal basis for the data processing

The legal basis for processing the data is Art. 6 (1) (f) of the GDPR. If the e-mail contact is aimed at entering into a contract, Art. 6 (1) (b) is also a legal basis for the processing.

4. The purpose of the data processing

Processing personal data from the input screen and the e-mail serves solely to allow us to address your contact request. In this regard, the required information allows us to protect against abuse. The foregoing also comprises a legitimate interest for us. Because you are the initiator of the contact, because this is done at your discretion and we inform you in advance how the data sent will be handled by us, our legitimate interest overrides your right to privacy in this regard.

The other personal data processed during the sending process helps us prevent abuse of the contact form and ensure the security of our IT systems. In this regard as well, our legitimate interest is overriding.

5. How long we store data

Once the data is no longer required to achieve the purpose for which it was collected, it is deleted. For the personal data from the contact form input screen and sent via e-mail, this is the case once

the respective conversation with the user has ended. The conversation has ended once it can be determined based on the circumstances that the issue in question has been settled in its entirety.

The personal data collected during the sending process (e.g., IP addresses) is deleted no later than after a period of seven days has elapsed.

6. Opting out and removal

The user can object to the storage of personal data at any time. In such case, the conversation cannot be continued. The objection can be lodged by e-mail, postal mail, or fax.

In such case, all personal data stored over the period of contact with us will be deleted.

V. Login Area Support (Service Center)

1. Description and scope of data processing

On our website, we provide our existing customers with a login to the support area, which they can use to reach our Service Center. The login area can only be used by customers whose personal data we have collected when establishing the contractual relationship, whom we have informed in this regard of the collection of their data and provided with corresponding login details. When customers use the login screen, we collect only the previously registered user name, password, IP address, and access date.

2. The legal basis for the data processing

In this respect, the legal basis for processing the data is Art. 6 (1) (b) of the GDPR.

3. The purpose of the data processing

Data is collected in the login area solely to facilitate the performance of the existing contract with the user.

4. How long we store data

Once the data is no longer required to achieve the purpose for which it was collected, it is deleted. This is the case when the data is no longer required for the performance of the contract. It may also be necessary to store the other party’s personal data after the contract has been entered into in order to satisfy duties under the contract or those prescribed by law.

5. Opting out and removal

Because the data facilitates the performance of a contract and is absolutely necessary for that purpose, deleting the data at an earlier date is possibly only if obligations under the contract or the law do not present an obstacle to deletion.

VI. The Data Subject’s Rights

If your personal data is processed, you are a “data subject” within the meaning of the GDPR, and you are entitled to the following rights:

1. Right to information

You can request that we provide you with confirmation as to whether personal data concerning yourself is processed by us.

If such processing takes place, you can request information from us regarding the following points:

  • the purpose for which your personal data is being processed;
  • the categories of personal data that are being processed;
  • the recipients and/or categories of recipients to whom the personal data concerning yourself has been or will be disclosed;
  • the planned length of time for which the personal data concerning yourself will be stored or, if it is not possible to provide specific information about this, the criteria used to determine the length of time;
  • the existence of the right to request from the controller rectification or erasure of your personal data or a right of restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Art. 22 (1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

Additionally, you have the right to request information as to whether the personal data in question will be transmitted to a non-EU country or international organisation. In this connection, you may request that you be informed of the appropriate safeguards associated with the transmission pursuant to Art. 46 of the GDPR.

2. Right to rectification

Where the processed personal data concerning yourself is incorrect or incomplete, you have the right to have this rectified and/or completed. We must then carry out the rectification without undue delay.

3. Right to restriction of processing

If the following conditions have been met, you can request that the processing of the personal data concerning yourself be restricted:

  • If you dispute the correctness of the personal data concerning yourself for a period of time that allows us to review the correctness of the personal data;
  • The processing by us is unlawful, you oppose the erasure of the personal data by us and instead request that we restrict the use of the personal data;
  • We no longer require the personal data for processing purposes, you nevertheless require this to establish, exercise, or defend against legal claims, or
  • If you have lodged an objection to the processing pursuant to Art. 21 (1) of the GDPR and it has not yet been determined whether our legitimate interests override yours.

Where the processing of personal data concerning yourself has been restricted, with the exception of its storage, such data may be processed only with your consent or for purposes of establishing, exercising, or defending against legal claims, or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing in accordance with the foregoing conditions has been limited, you will be informed by us prior to the restriction being lifted.

4. Right to erasure

a) Obligation to erase
You may request that we erase your personal data without undue delay. We are required to erase such data without undue delay if one of the following grounds applies:

  • Your personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • Your withdraw your consent on which the processing is based according to Art. 6 (1) (a) or Art. 9 (2) (a), and where there is no other legal ground for the processing.
  • You object to the processing pursuant to Art. 21 (1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) of the GDPR.
  • The personal data concerning yourself has been unlawfully processed.
  • The personal data concerning yourself must be erased for purposes of compliance with a legal obligation in Union or Member State law to which we are subject.
  • The personal data concerning yourself has been collected in relation to the offer of information society services referred to in Article 8 (1) of the GDPR.

b) Notifying third parties
Where we have made your personal data public and we are obligated under Art. 17 (1) of the GDPR to its erasure, we will take reasonable steps (also technical measures) to notify controllers that process the personal data that you have requested the erasure of all links to such personal data, copies, or replications of such personal data.

c) Exceptions
There is no right to erasure in situations in which processing is necessary

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
  • for reasons of public interest in the area of public health in accordance with Art. 9 (2) (h) and (i) and Art. 9 (3) of the GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) of the GDPR insofar as the right referred to in (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defence of legal claims.

5. Right to notification

Where you have asserted to us the right of rectification, erasure, or restriction of processing, we are obligated to notify all recipients to whom your personal data has been disclosed of the rectification, erasure of data, or restriction of processing unless this proves impossible or involves disproportionate effort for us.

You have the right to be notified by us of those recipients.

6. Right to data portability

You have the right to receive the personal information concerning yourself in a structured, commonly-used, and machine-readable format. Additionally, you have the right to transmit such data to another controller without hindrance by us, provided

  • the processing is based on consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) of the GDPR, or on a contract pursuant to Art. 6 (1) (b)., and
  • the processing is carried out by automated means.

In this regard, you have the right to have us transmit your data to another controller, provided doing so is technically feasible. However, this must not adversely affect the rights and freedoms of other individuals.

The exercise of the right to data portability does not apply to processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

7. Right to object

You have the right to object, at any time, to the processing of personal data concerning yourself performed based on Art. 6 (1) (e) or (f) of the GDPR on grounds relating to your particular situation; this also applies to profiling based on those provisions.

We will no longer process the personal data concerning yourself unless we can demonstrate compelling, legitimate grounds for the processing that override your interests, rights and freedoms or which facilitate the establishment, exercise, or defence of legal claims.

8. Right to withdraw consent granted under data privacy law

Where statements of consent have been made in accordance with data privacy law, you have the right to withdraw your consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent performed before its withdrawal.

9. Right to lodge a complaint with a supervisory authority

Any further administrative or judicial remedies notwithstanding, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data concerning yourself infringes the GDPR.

The supervisory authority with which the complaint has been lodged will inform you as the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 of the GDPR.