Privacy Policy – Werner Schmid GmbH

Scope

This privacy declaration informs users of our website (following „services“) of the nature, extend and purpose of the collection and usage of personal identifiable information (“pii”) by Werner Schmid GmbH, Weichselstr. 21, 36043 Fulda, Germany.

By visiting and using our website, you acknowledge the practices and policies outlined in this privacy declaration.

Usage of personal identifiable information

Personal identifiable information (PII) as defined by article 4 of the European General Data Protection Regulation (GDPR) means any information concerning the personal or material circumstances of an identified or identifiable individual. This includes e.g. information such as name, postal address, e-mail-address, telephone number, information regarding interests and memberships, but under certain circumstances also usage data such as IP address.

Of course, we adhere to legal requirements of the GDPR as well as the German “Bundesdatenschutzgesetz” (BDSG resp. BDSG-neu) and other applicable regulation. Personal identifiable information are only collected, processed, used and transmitted when it is necessary as well as allowed by law or you have explicitly consented.

Access data / server logfiles

When you are accessing the website of Werner Schmid GmbH, information about that access are saved in a server logfile. Information about the users of our websites are of course only collected when necessary for the provision of our services.

We (respectively our webspace provider) collects data regarding every access to our services (so-called server logfiles). The collected data includes:

Name of the website accessed
Date and time of the access
Type of browser, including version and operating system
Referrer URL, if transmitted by the browser
IP address, which is anonymized after a few days by shortening

Our webspace provider stores the logfiles for a maximum of 9 weeks, then they are deleted automatically. However, after a few days IP addresses are shortened; after that, no conclusion to the accessing individual is possible.

We (respectively our webspace provider) generally do not use these data. We do, however, reserve the right to review the logfiles retrospectively if indications lead to the legitimate suspicion of an unlawful usage.

Contact

The PII necessary for establishing contact with via Email or mail (especially contact data and communication content) is only used within Werner Schmid GmbH and only for the purpose of answering your contact request. Without your explicit consent, we will never hand over said data to any third party and we will delete the data after the ceasing of the purpose for storing and potential storage periods necessary for the compliance to a law.

If we are attending a trade fair, we may offer you the opportunity to obtain a free trade fair ticket via our website. A contact form is used for this purpose. If a user makes use of this offer, the data used in the input mask will be transmitted to us and stored.

This data must usually be entered:

Surname, first name (mandatory field)
Gender (mandatory field)
Company name
Area of interest
Interest in the products of Werner Schmid GmbH (mandatory field)
E-mail address (mandatory field)
Free text field
Confirmation of the privacy policy (mandatory field)

You also have the option of subscribing to our customer newsletter.

Purpose of data processing: The data collected is used exclusively to provide the free trade fair ticket, to establish contact and for possible registration for our customer newsletter. Any further processing of the data will only take place if this is permitted by law or if the user has expressly consented.

Legal basis for processing: The data is processed on the basis of Art. 6 para. 1 lit. b GDPR (processing for the performance of a contract or pre-contractual measures) and Art. 6 para. 1 lit. a GDPR (consent of the user) if a registration for the customer letter takes place.

Storage period: The data is only stored for as long as is necessary to achieve the purpose for which it was collected or for as long as there are statutory retention obligations. After the purpose has been fulfilled or these periods have expired, the data will be deleted.

Cookies

When accessing our websites, one or more cookies are stored on your PC. A cookie is a small file that includes a certain character string to identify your browser. Using such cookies, our webspace provider improves the comfort and quality of our services, e.g. to store user configurations. In our case, two cookies are used:

for the language selection, so you do not need to re-select the language after every page change,
for the cookie banner, so it does not re-appear after being confirmed.

Of course, cookies do not do any harm on your PC and do not contain viruses.

Our Website does not use tracking cookies or other tracking mechanisms.

A usage of our services is possible without the usage of cookies. You can configure your browser to deactivate the storage of cookies, to restrict the usage of cookies to certain websites or to inform you before a cookie is stored. You can delete all cookies from your harddrive by using the privacy settings of your browser. In certain cases, this might restrict the functionality and the usability of our services.

Handling of applicant’s data

If you chose to apply for a job at Werner Schmid GmbH, we will handle your application in accordance with data protection regulation. This is regardless of whether your application is sent via email or mail.

Please take into consideration that unencrypted emails can possibly be accessed by an unauthorized third party, if said party has the necessary know how. We therefore recommend an application via traditional mail. If you chose to apply via email, a possible access of third parties is not within our realm of influence or responsibility.

Applications will only be made accessible for personnel that is relevant for the hiring regarding the open position or (in the case of speculative application) that might have a fitting positin available.

If an applicant is hired, the application becomes part of the personal file and is stored accordingly. In this case, digital copies of the application will be deleted. In the case of a rejection, the application will be stored for four months and then deleted (in case of digital applications) or destroyed resp. sent back (in case of hardcopy applications). A longer storage (i.e. for the case that a fitting position becomes available in the future) is only done in exceptional cases and with the explicit consent of the applicant. This consent can always be revoked.

Data Protection Officer

Werner Schmid GmbH has appointed a data protection officer. He can be reached at:

dsb@werner-schmid.de.

Personal rights: Revocation, changes, corrections and updates

Upon application, you have the right to receive information about the personal information stored about you. You can also objet to the usage of your data. In addition, you have the right that incorrect data is corrected and that your personal data is deleted or restricted unless a statutory retention period does not prevent this. A given consent can always be withdrawn. All these rights are free of charge.

In case of any questions, please contact dsb@werner-schmid.de.

If you are unhappy with our usage of your data or we keep you from exercising your right within a responsible period of time, you have the right to complain at your oversight agency.

The oversight agency for Hessen can be reached via the following website:

https://www.datenschutz.hessen.de/kontakt.htm

Version: 2020-09-24

Privacy Policy: Social Media

I. Registration on social media platforms

On the social media platforms on which we present our company, it is possible for users to register by providing their personal data. The data is entered into an input mask and transmitted to the provider of the platform and stored. Registration on the respective social media platforms is voluntary on the part of the user. We would like to point out that each user uses our presence on social media platforms and their functions on their own responsibility. This applies in particular to the use of interactive functions, such as commenting, sharing or rating. When you visit our pages on social media platforms, the provider of the platform collects user information, such as the IP address, via the end device used by the user. Our company is not involved in the processing of personal data when using the interactive functions and during the registration process on the social media platforms. Information on the legal basis for data processing, purpose of data processing, duration of storage, requests for information, objection and removal options can be found in the data protection notices of the respective platform providers.

For all other processing of personal data, joint responsibility applies in accordance with Art. 26 of the EU General Data Protection Regulation (EU GDPR). You can find the privacy policy relating to our company at the top of this page.

II. Contact via a social media platform (contact form, chat)

On some of the social media platforms, it is possible to make contact internally via the service (e.g. via a contact form or chat). If a user makes use of this option, the data entered in the input mask will be processed in the systems of the respective service, transmitted to us and stored on the systems of the provider of the respective platform. The use of a social media platform to contact us is voluntary on the part of the user. The data protection regulations of the respective service apply in principle to the processing of personal data that takes place in the course of making contact via the systems of a social media platform.

1. description and scope of data processing

In order to process your request, it may be necessary for your personal data to be processed internally at Werner Schmid GmbH. The following regulations apply to the internal processing of your message at Werner Schmid GmbH:

2. Legal basis for data processing

The legal basis for the processing of data for processing an inquiry from the user is Art. 6 para. 1 sentence 1 lit. f GDPR. If the contact is aimed at the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR.

3. Purpose of the data processing

The internal processing of the personal data that we have received from the contact options of the social media platforms serves us solely to process the contact.

4. duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

5. possibility of objection and removal

If a user’s personal data is processed internally to process the inquiry, the user can object to the storage of their personal data by Werner Schmid GmbH at any time. In such a case, the conversation cannot be continued. All personal data stored internally in the course of contacting us will be deleted in this case.

III. Facebook (a Produkt of Meta)

Name and address of the controller:
The joint controllers for the operation of this Facebook page within the meaning of the EU GDPR are

Meta Platforms Ireland Limited (hereinafter “Facebook” or “Meta”)
4 Grand Canal Square
Grand Canal Harbour
Dublin 2
Irland

and

our company (see above)

1. information about our Facebook page

We operate this page to draw attention to our jobs, products and our company and to get in touch with you. Further information about us and our activities, companies, etc. can be found on our website.

As the operator of the Facebook page, we have no interest in the collection and further processing of your personal data for analysis or marketing purposes.
The operation of this Facebook page, including the processing of users’ personal data, is based on our legitimate interests in a contemporary and supportive information and interaction opportunity for and with our users and visitors in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

2. processing of personal data by Meta

Meta Platforms, Inc is the US parent company of Meta Platforms Ireland Li-mited. The headquarters of Meta’s parent company is located in a third country from a data protection perspective.

The European General Data Protection Regulation (GDPR) requires that the transfer of personal data that is already being processed or is to be processed after its transfer to a third country or an international organization is only permitted if a level of data protection comparable to the requirements of the GDPR is guaranteed.

Meta Platforms, Inc is certified according to the “EU-US Data Privacy Frame-work” (DPF). The DPF is an (individual) agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA (existence of an adequacy decision by the EU Commission within the meaning of Art. 45 para. 1, 3 GDPR). Every DPF-certified company undertakes to comply with these data protection standards. The list of certified companies can be found at: https://www.dataprivacyframework.gov/list. There you can search for the provider name and view the certification directly.

Meta processes user data for the following purposes, among others: Advertising (analysis, creation of personalized advertising), creation of user profiles and market research. Meta uses cookies, i.e. small text files that are stored on users’ end devices, to store and further process this information. If the user has a Facebook profile and is logged in to it, the storage and analysis also takes place across devices.

If you have any questions about your rights vis-à-vis Facebook, please contact Facebook directly. Your general rights under the GDPR can be found above in this privacy policy.

If requests for information are made to us as the site operator, we are obliged by the additional agreement with Meta to forward these requests to Meta within 7 days, whether from private individuals or public authorities. This also results from the above-mentioned Controller Addendum https://www.facebook.com/legal/terms/page_controller_addendum

If you no longer wish the data processing described here to take place in future, please remove the link between your user profile and our site by using the “I no longer like this page” function.

Meta’s privacy policy contains further information on data processing https://www.facebook.com/about/privacy/ and here you will find opt-out options: https://www.facebook.com/settings?tab=ads

3. statistical data (Insights)

Facebook “Insights” are statistical data of different categories that are available to us. These statistics are generated and provided by Facebook. As the operator of the site, we have no influence on the generation and presentation of this data. This function cannot be deactivated to prevent the generation and processing of data. Facebook provides us with the following data about our Facebook page for a selectable period of time: Total number of page views, “Like” information, page activity, post interactions, reach, video views, post reach, comments, shared content, responses, proportion of men and women, country and city of origin, language, views and clicks in the store, clicks on route planners, clicks on telephone numbers, data on linked Facebook groups.

We use this available data to make our Facebook page more attractive to users (e.g. distribution by age and gender for an adapted approach, scheduling of our posts, visual optimization for end devices. In accordance with the Facebook terms of use, which every user has agreed to when creating a Facebook profile, we can identify the subscribers and fans of the page and view their profiles and other information shared by them.

I. XING

Name and address of the controller:
The joint controllers responsible for the operation of this XING page within the meaning of the EU General Data Protection Regulation and other data protection regulations are

New Work SE (hereinafter “XING”)
Dammtorstraße 30
20354 Hamburg
Deutschland

and

our company (see above)

1. information about our use of XING

We operate this site to draw attention to our jobs, products and our company and to get in touch with you. Further information about us and our activities, companies, etc. can be found on our website.

As the operator of the XING page, we have no interest in the collection and further processing of your personal data for analysis or marketing purposes.

The operation of this XING page, including the processing of users’ personal data, is based on our legitimate interests in a contemporary and supportive information and interaction opportunity for and with our users and visitors in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

2. processing of personal data by XING

If you are logged into your XING account, you enable XING to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your XING account.

If you have any questions about your rights vis-à-vis XING, please contact XING directly. Your general rights under the GDPR can be found in this privacy policy above.

Further information on the handling of user data can be found in XING’s privacy policy at https://privacy.xing.com/de/ihre-privatsphaere

II. LinkedIn

Name and address of the controller:
The joint controllers responsible for the operation of this LinkedIn page within the meaning of the EU General Data Protection Regulation and other data protection regulations are

LinkedIn Corporation, (hereinafter “LinkedIn”)
1000 West Maude Avenue Sunnyvale
CA 94085 USA

and

our company (see above)

1. information about our use of LinkedIn

As the operator of the LinkedIn page, we have no interest in the collection and further processing of your personal data for analysis or marketing purposes.
The operation of this LinkedIn page, including the processing of users’ personal data, is based on our legitimate interests in a contemporary and supportive information and interaction opportunity for and with our users and visitors in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

2. processing of personal data by LinkedIn

LinkedIn Corporation is a company based in the USA, so a transfer of your personal data to a third country is not excluded.

LinkedIn is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an (individual) agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA (existence of an adequacy decision by the EU Commission within the meaning of Art. 45 para. 1, 3 GDPR). Every DPF-certified company undertakes to comply with these data protection standards. The list of certified companies can be found at: https://www.dataprivacyframework.gov/list. There you can search for the provider name and view the certification directly.

If you are logged into your LinkedIn account, you enable LinkedIn to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your LinkedIn account.

If you have any questions about your rights vis-à-vis LinkedIn, please contact LinkedIn directly. Your general rights under the GDPR can be found in our privacy policy above.

Further information on the handling of user data can be found in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy