1. General information on data processing
2. Provision of the website and creation logfiles
3. Contact form and E-Mail contact
4. Collection and processing of customer data
5. Information duties for applicants and employees
6. Provision of business cards
8. Third-party analytics and tools
9. Social media presences
10. Rights of data subjects
11. Data security
We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to inform you at this point which of your personal data we collect when you visit our website and for what purposes it is used. This data protection declaration applies to the Internet offering of Schlegel GmbH, which can be accessed under the domain www.schlegel-concepts.com as well as the various subdomains ("our website").
The responsible data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
Name and address of the responsible data controller:
Phone: +49 7142 98 99 80
Fax: +49 7142 98 99 830
Scope of processing of personal data
We only process personal data of our users to the extent that this is necessary for the provision of a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for actual reasons and the processing of the data is permitted by law.
According to Art. 4 (1) GDPR, personal data is all information relating to an identifiable or identifiable natural person. This includes, for example, first and last name, date of birth, private and official contact data, working hours and remuneration. Special data pursuant to Art. 9 para. 1 GDPR are data on racial and ethnic origin, political opinion, religious or ideological convictions, trade union membership, health and sex life. Your personal data will only be collected and processed in accordance with data protection regulations.
Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 (1) (a) EU General Data Protection Regulation (GDPR) serves as a legal basis.
In the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as a legal basis. This also applies to processing operations required to carry out pre-contractual actions.
Insofar as processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as a legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as a legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 (1) (f) GDPR serves as a legal basis for processing.
Data deletion and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, such storage may be provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires unless there is a need for further storage of the data for conclusion of a contract or fulfilment of the contract.
Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The following data is collected here:
The data is also stored in the log files of our system. Storage of this data together with other personal data of the user does not take place.
Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.
Purpose of data processing
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user’s IP address must be kept for the duration of the session. Storage in log files is done to ensure the functionality of the website.
In addition, the data is used to optimise the website and to ensure the security of our information technology systems. Evaluation of the data for marketing purposes does not take place in this context. Our legitimate interest in the processing of data pursuant to Art. 6 (1) (f) GDPR lies in these purposes.
Duration of storage
The data will be deleted as soon as they are no longer necessary for the purpose of their collection. In the event of collection of the data for the provision of the website, it will be deleted when the respective session has ended but at the latest after 14 days.
Possibility of objection and correction
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no possibility to object to such collection on the part of the user.
Description and scope of data processing
There is a contact form and an e-mail address on our website, which can be used for electronic contact. If a user makes use of this option, the data entered in the input mask will be transmitted to us and saved. This data is the following:
At the time of sending the message, the following data is also stored:
Alternatively, contact via the provided e-mail address is possible. In this event, the user’s personal data that is transmitted by e-mail will be stored. In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.
Legal basis for data processing
The legal basis for the processing of the data with the consent of the user is Art. 6 (1) (a) GDPR. The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR. If the e-mail contact aims to conclude a contract, then the additional legal basis for the processing is Art. 6 (1) (b) GDPR.
Purpose of data processing
The processing of personal data from the input mask serves us only to process the contact. In the event of contact via e-mail, the required legitimate interest in the processing of the data also lies here in. The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Personal data from the input form of the contact form and data sent by e-mail is deleted when the respective conversation with the user has ended. The conversation has ended when it can be inferred from the circumstances that the relevant facts have been finally clarified. The additional personal data collected during the sending process will be deleted at the latest after a period of 14 days
Possibility of objection and correction
The user has the possibility at any time to revoke their consent to the processing of the personal data. If the user contacts us by e-mail, they may object to the storage of their personal data at any time. In such an event, the conversation cannot continue. All personal data stored in the course of contact will be deleted in this case.
Disclosure of data
We do not transmit your personal data to third parties for purposes other than those listed below. We only share your personal data with third parties if:
• You have given your explicit consent for this according to Art. 6 (1) (a) sent. 1 GDPR,
• In the event that there is a legal obligation to disclosure pursuant to Art. 6 (1) (c) sent. 1 GDPR, and
• This is legally permissible and, according to Art. 6 (1) (b) sent. 1 GDPR, it is required for the settlement of contractual relationships with you.
We store, use and process the personal data you provide in the data collection sheet for customers. The legal basis for the storage of data is Art. 6 para. 1 (b) and (c) GDPR. This data protection declaration provides you with information on how Schlegel GmbH handles the personal data you provide in the data collection sheet. In accordance with Art. 13 (1) and (2) GDPR, as well as Art. 14 (1) and (2) GDPR (EU Data Protection Basic Regulation), we hereby inform you that we process the data collected from you only within the framework of our existing business relationship. Please read the following information and regulations carefully.
Purpose and legal basis of processing
We process your data for the possibility of establishing a cooperation, or the performance of a contractual relationship pursuant to Art. 6 (1) (b) GDPR. We assure you that your data will be treated confidentially. The processing of your personal data may also be necessary to safeguard our legitimate interests as a company, unless your interests or fundamental rights and freedoms prevail, Art. 6 (1) (f) GDPR. For the proper processing of the underlying contractual relationship, or the implementation of pre-contractual measures, communication can take place by means of distance communication, but also by e-mail.
Categories and origin of data
The categories of data are surname, first name, address, telephone number, fax number, e-mail address and other contact details of the company and the relevant contact person, which are relevant in the course of the pre-contractual measures and/or for the fulfilment of the contract. Furthermore, data may originate from your personal input or from publicly accessible sources.
Disclosure of data
Your data will be passed on to our employees within the scope of our business relationship or to third parties if this serves the fulfilment of the business purpose. This also includes transmission to manufacturers for the purpose of claiming warranty services and product recalls, other guarantors, lessees and financing institutions, experts, insurance companies and, if necessary, also for compliance with retention periods vis-à-vis the tax office, Art. 6 (1) (c) GDPR. Transmission to countries outside the EU does not take place and is not planned.
Automated decision making and profiling
Profiling and automated decision-making pursuant to Art. 22 GDPR does not take place. Should we use these procedures in individual cases, we will inform you of this separately if this is required by law.
By submitting this form, you confirm that you have read and agree to the information in this privacy statement regarding the processing and use of your personal data.
This data protection declaration provides you with information on how Schlegel GmbH handles information collected through your application, correspondence, e-mail contact or during an interview. In accordance with Art. 13 (1) and (2) GDPR, as well as Art. 14 (1) and (2) GDPR (EU Data Protection Regulation), we hereby inform you that we process the data collected from you only within the framework of the application procedure for the position you have applied for. The provision of your data is necessary for a possible conclusion of a contract. Furthermore, your data will be further processed when a contract is concluded.
Please read the following information and regulations carefully.
Purpose and legal basis of the processing
If you apply by e-mail, we need some personal information for the application process. We process your data for the possibility of establishing an employment relationship, i.e. for carrying out the application procedure in accordance with Art. 88 (1) GDPR in conjunction with § 26 (1) Federal Data Protection Act. We assure you that your personal data will be treated confidentially.
The processing of your personal data may also be necessary to protect our legitimate interests as a company, unless your interests or fundamental rights and freedoms prevail, Art. 6 (1) (f) GDPR.
A further purpose is the granting of consent for the processing of your personal data for the consideration of your application in future job advertisements. If an employment contract is concluded, the applicant data will be included in the personnel file. The information provided within the scope of the application and later in the personnel questionnaire will be processed for the conclusion, execution and termination of employment relationships. The processing of the employment relationship includes, for example, payment of wages and salaries, payment of income tax and social security contributions. In addition, management purposes, process optimisation, organisation of work, economic and personnel planning, preparation of personnel and other company decisions are also included. The legal basis of the processing is the contractual agreement within the framework of the employment contract. The legal basis is formed by the Working Hours Act, Works Constitution Act, Tax and Social Insurance Acts, the Municipal Supply Association Act (GKV), accounting obligations according to the German Commercial Code (HGB) and tax laws.
Categories of data
With your application you send us personal data.
This personal data includes, for example, name, date of birth, gender, address, contact data and qualifications. Furthermore, personal data may also result from the documentation of an interview or from evaluation documents prepared by us.
The application documents are used to inform you about your personality profile and your qualifications in the context of personnel decisions, personnel assessments and personnel planning. The legal basis for data processing is Art. 6 (1) (b) GDPR, § 26 para. 1 Federal Data Protection Act.
Working hours as well as sickness, vacation and other absences are recorded. Detailed recording of working hours is required by law. It is used to monitor statutory working time requirements, calculate wage entitlements, and monitor and statistically record attendance times as a basis for personnel decisions and personnel planning, as working time records for judicial and extrajudicial legal disputes, and for tax, social insurance, and auditing purposes.In the course of your employment, additional personal data may be automatically collected or stored in file systems.
Relevant categories of personal data may include, but are not limited to, information, documentation, reports and opinions on processes, organizational decisions, tasks and performance in which you are involved as an employee of our company, and any other personal data. Should cross-company processes be affected, the collected data may be passed on to other group companies, customers or business partners, insofar as this passing on is necessary and permissible under data protection law pursuant to Art. 6 GDPR, § 26 (1) Federal Data Protection Act.
Disclosure of data and categories of recipients
Your data will only be passed on to the employees in the personnel department responsible for the application procedure and to the employees of the respective specialist departments if this is necessary for the decision on the establishment of the employment relationship. The data will not be passed on to third parties during the application process.
If an employment relationship is established, your data will be passed on to internal departments which are responsible for the conclusion, execution and termination of the employment relationship. This also includes the Executive Board, the management, the Supervisory Board within the scope of its monitoring duties or experts commissioned by it. External bodies are, for example, service providers for payroll accounting, tax consultants, auditors, consultants, creditors of the employee in the case of seizure and transfer orders, as well as insurance companies. Further offices are offices and authorities, if data are requested or to be made available due to legal basis. These include, for example, social insurance institutions, tax authorities and the municipal pension association. Transmission to countries outside the EU does not take place and is not planned.
Deletion of data
In the course of the GDPR, personal data must be deleted after the purpose of this processing has been fulfilled. Your data will be deleted as soon as the specified position has been filled or the application has been revoked. After notification of the rejection decision, your data will be stored as long as it is necessary for the clarification of inquiries or disputes. If there is a legal retention period for longer storage, your data will be stored for this purpose. Your data can also be stored for longer if you give your consent for your application to be considered for future job advertisements until revoked. Your personal data will be deleted when the storage purpose ceases to apply or a statutory storage period expires. If an employment contract is concluded, the applicant data will be included in the personnel file. After termination of the contractual relationship, the data will be deleted after expiry of the statutory retention regulations or to prove the employment relationship and existing pension entitlements in the interest of the employee, if necessary up to the statutory retirement age.
You have the right to information pursuant to Art. 15 GDPR, correction pursuant to Art. 16 GDPR, deletion pursuant to Art. 17 GDPR, restriction pursuant to Art. 18 GDPR and opposition pursuant to Art. 21 GDPR as well as data transferability pursuant to Art. 20 GDPR. These can be found under item 10 of this declaration.
You can revoke your application or the voluntary information provided in the personnel questionnaire at any time without giving reasons by contacting us at the following address: Schlegel GmbH, Porschestraße 2, 74321 Bietigheim-Bissingen, Germany Phone: +49 (0)7142 / 98 99 80, Fax: +49 (0)7142 / 98 99 830, firstname.lastname@example.org
Consent for minors
If you are not yet of legal age, you must have previously obtained the authorisation of a legal guardian to apply with us. You also warrant that your information is correct.
If you are under the age of 18, please enclose a written consent from your legal guardian with your application. Please note that Schlegel GmbH may not consider your application otherwise, and we will delete your data due to legal requirements.
I consent that Schlegel GmbH may collect and processes the data of the applicant
_________________________ (last name, first name) submitted with the application.
Signature of legal guardian
Declaration on the duty to inform
We store, use and process the personal data provided by you on your business card. Legal basis for the storage of the data is Art. 6 (1) (a) and (b) and (c) GDPR. This data protection declaration provides you with information on how Schlegel GmbH handles the personal data you provide. According to Art. 13 (1) and (2) GDPR, as well as Art. 14 (1) and (2) GDPR (EU data protection basic regulation) we hereby inform you that we only process the data collected from you within the scope of our existing business relationship. Please read the following information and regulations carefully.
Purpose and legal basis of the processing
If you provide us with your business card as part of an initial contact or expressly provide us with your contact data by telephone for business initiation purposes, we will store your personal data on the basis of your verbally given consent (Art. 6 (1) (a) GDPR). In this case, the processing of your data is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures.
If you have given us your consent, we will also process your data to send you our newsletter.
The legal basis for processing the data is Art. 6 (1) sent. 1 (b) GDPR. When consent is given, the legal basis is Art. 6 (1) sent. 1 (a) GDPR.
For the proper processing of the underlying contractual relationship, or the implementation of pre-contractual measures, communication can take place by means of distance communication, but also by e-mail.
Categories and origin of data
The categories of data are surname, first name, address, telephone number, e-mail address of the contact person and other contact information given on the business card.Passing on the data. Your data will be passed on to our employees within the scope of our possible business relationship. Your data will not be passed on to third parties. A transfer to countries outside the EU does not take place and is not planned.
Your data will be passed on to our employees within the scope of our possible business relationship. Your data will not be passed on to third parties. A transfer to countries outside the EU does not take place and is not planned.
Deletion of data
Your personal data will be deleted as soon as the purpose of storage no longer applies. In addition, your personal data may be stored if the European or national legislator has provided for this in EU regulations, laws or other provisions to which the person responsible is subject or if, in individual cases, longer storage is necessary due to the assertion or possible assertion of claims against us in connection with a contract or pre-contractual measures.
If there is a legal obligation to retain data that prevents deletion, we will initially only block your data and only delete it after the obligation to retain data has expired.
This regulation applies to all data processing operations listed in this declaration, unless otherwise specified in individual cases.
The concrete storage period of the processed data cannot be influenced by us, but is determined by Cybot A/S. Further information can be found in the data protection notice for Cookiebot: https://www.cookiebot.com/de/privacy-policy/
We use Cookiebot CDN to properly deliver the content of our website. Cookiebot CDN is a service provided by Cybot A/S, which acts as a Content Delivery Network (CDN) on our website to provide functionality for other Cybot A/S services. For said services you will find a separate section in this privacy notice. This section only deals with the use of the CDN.
A CDN helps to provide content of our online offer, especially files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Cookiebot CDN.
The use of the Content Delivery Network is based on your consent pursuant to Art. 6 para. 1 lit. a. DSGVO. The concrete storage period of the processed data cannot be influenced by us, but is determined by Cybot A/S. Further information can be found in the data protection notice for Cookiebot CDN: https://www.cookiebot.com/de/privacy-policy/
When communicating via the XING career network, we use the technical platform and services of New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany, telephone: +49 40 419 131-0, fax: +49 40 419 131-11, e-mail: email@example.com
We may process data entered by you on XING, such as comments on posts on our company page, for example by replying to them. In addition, if you enter the us as an employer, it may be that your profile picture is displayed on the company page in the "Employee" field due to the functionality of XING.
The processing is based on Art. 6 I lit. f) GDPR. Our legitimate interest is to communicate with users via XING.
You can change your privacy settings in your user account. There you can, among other things, exclude people who are not your contacts from contacting you by message.b)
LinkedIn Ireland Unlimited Company (Ireland/EU - "LinkedIn") is the sole responsible party for the processing of personal data when you visit our LinkedIn page. For more information about the processing of personal data by LinkedIn, please visit https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
When you visit, follow or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and insights. This provides us with insights into the types of actions that people take on our site (so-called page insights). For this purpose, LinkedIn processes in particular such data that you have already provided to LinkedIn via the information in your profile, such as data on function, country, industry, seniority, company size and employment status. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page. With the page insights, LinkedIn does not provide us with any personal data about you. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members via the information in the Page Insights. This processing of personal data in the context of the Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company page and to improve our company page based on these insights. The legal basis for this processing is Article 6 (1) (f) GDPR. We have entered into a joint controller agreement with LinkedIn, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum. Thereafter, the following applies:
LinkedIn and we have agreed that the Irish Data Protection Commission is the lead supervisory authority overseeing processing for Page Insights. You always have the right to lodge a complaint with the Irish Data Protection Commission (see at www.dataprotection.ie) or any other supervisory authority.
When processing your personal data, the GDPR grants you certain rights:
A. Right of access (Art. 15 GDPR)
You have the right to request confirmation as to whether personal data concerning you are being processed; and if so, you have the right to obtain information about such processed personal data and the information listed in detail in Art. 15 GDPR.
B. Right to rectification and erasure (Art. 16 GDPR)
You have the right to request from us without undue delay the rectification of any inaccurate personal data concerning you. They also have the right to request the completion of incomplete personal data.
C. Right to erasure (Art. 17 GDPR)
You also have the right to request that personal data concerning you be deleted without undue delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued.
D. Right to restriction of processing (Art. 18 GDPR)
You have the right to request a restriction of the processing of your personal data if one of the conditions in Art. 18 GDPR for this is met, e.g. if you have objected to the processing, for the duration of a possible review.
E. Right to data portability (Art. 20 GDPR)
You have the right, in certain cases detailed in Art. 20 GDPR, to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of such data to a third party.
F. Right to object (Art. 21 GDPR)
You have the right to object at any time, on grounds relating to your particular situation, to processing based on Article 6 (1) sentence 1 lit. f GDPR.
Your personal data will then no longer be processed, unless there are demonstrably compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
G. Right of appeal to a supervisory authority
Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection provisions. The right of complaint may be asserted in particular before a supervisory authority in the Member State of your residence, your place of work or the place of the alleged infringement.
H. Right to revoke the data protection consent declaration
You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.
The revocation must be sent to:
Schlegel GmbH, Porschestraße 2, 74321 Bietigheim-Bissingen, Germany
Within the website visit, we use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed key or lock symbol in the lower status bar of your browser. We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
This data protection declaration is currently valid and has the status August 2021. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration. The current data protection declaration can be accessed and printed out by you at any time on our website under Data Protection.