Privacy Policy

We appreciate your interest in our company. Data protection is of a particularly high priority for the management of F. Carl Schröter GmbH & Co. KG. The website of F. Carl Schröter GmbH & Co. KG can generally be used without providing any personal data. However, if a data subject wishes to use our company's special services via our website, personal data may need to be processed. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the data subject's consent.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject, shall comply with the General Data Protection Regulation (GDPR) and with the country-specific data protection regulations applicable to the F. Carl Schröter GmbH & Co. KG, under the country-specific data protection regulations, at all times. Through this privacy policy, our company wishes to inform the public about the type, scope, and purpose of the personal data we collect, use, and process. Furthermore, data subjects are informed of their rights through this privacy policy.

As the data controller, F. Carl Schröter GmbH & Co. KG has implemented numerous technical and organisational measures to ensure that the personal data processed via this website is protected as completely as possible. Nevertheless, Internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

1. Definition of terms

The privacy policy of F. Carl Schröter GmbH & Co. KG is based on the terms used by the European legislator in the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public, our customers, and our business partners. To ensure this, we would like to explain the terminology used in advance.

We use the following terms, among others, in this privacy policy:

• a)    Personal data
• Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as a "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to that natural person's physical, physiological, genetic, mental, economic, cultural, or social identity.
• b)    Data subject
• A data subject is any identified or identifiable natural person whose personal data is processed by the data controller.
• c)    Processing
• Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
• d)    Restriction of processing
• Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.
• e)    Profiling
• Profiling means any form of automated processing of personal data that involves using personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements.
• f)     Pseudonymisation
• Pseudonymisation is the processing of personal data in such a way that it can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
• g)    Controller or data controller
• A controller or data controller is the natural person or legal entity, public authority, agency, or other body that decides alone or jointly with others on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
• h)    Processor
• A processor is a natural person or legal entity, public authority, agency, or other body that processes personal data on behalf of the controller.
• i)      Recipient
• A recipient is a natural person or legal entity, public authority, agency or other body to which the personal data are disclosed, whether this is a third party or not. However, authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law are not considered recipients.
• j)      Third party
• A third party is a natural person or legal entity, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct responsibility of the controller or processor, are authorised to process personal data.
• k)    Consent
• Consent is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by an explicit affirmative action, signify agreement to the processing of personal data relating to them.

2. Name and address of the responsible person for processing

The controller within the meaning of the General DataProtection Regulation, other data protection laws applicable in the MemberStates of the European Union and other provisions of a data protection natureis:

• F. Carl Schröter GmbH & Co. KG
• Borstelmannsweg 109-115
• 20537 Hamburg
• Germany
• Tel.: 040 - 219 000 0
• E-mail: info@fcarlschroeter.de
• Website: http://www.fcarlschroeter.de/

4. Collection of general data and information

The website of F. Carl SchröterGmbH & Co. KG collects general data and information each time it isaccessed by a data subject or an automated system. This general data andinformation is stored in the server's log files. The following can be recorded:(1) browser types and versions used, (2) operating system used by the accessingsystem, (3) website from which an accessing system accesses our website (knownas the referrer), (4) sub-websites which can be accessed via an accessingsystem on our website, (5) date and time of access to the website, (6) Internetprotocol address (IP address), (7) Internet service provider of the accessingsystem and (8) other similar data and information used for security purposes inthe event of attacks on our information technology systems.

Using this general data and information, F. Carl Schröter GmbH & Co. KG does not draw conclusions about the data subject. Instead, this information is required to (1) correctly deliver the contents of our website, (2) optimise the contents of our website and the advertising for it, (3) ensure the long-term functionality of our information technology systems and the technology of our website and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. This anonymously collected data and information is processed by F. Carl Schröter GmbH & Co. KG, which analyses it statistically. The aim is to increase our company's data protection and security and ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

5. Registrierung auf unserer Internetseite

The data subject can register on the controller's website by providing personal data. The personal data transmitted to the data controller can be found in the relevant input interface, which is used for registration. The personal data entered by the data subject is collected and stored exclusively for internal use by the data controller and for its own purposes. The data controller may arrange for the transfer to one or more processors, for example, a parcel service provider, which also uses the personal data exclusively for internal use, which is attributable to the data controller.

When the data subject registers on the data controller's website, the IP address assigned by the Internet Service Provider (ISP) to the data subject, as well as the date and time of the registration, are also stored. These data are stored because this is the only way to prevent the misuse of our services and, if necessary, to enable us to investigate crimes that have been committed. In this respect, it is necessary to store these data in order to protect the controller. These data will not be passed on to third parties unless there is a legal obligation to do so or it is to be used for a criminal prosecution.

The registration of the data subject, in which personal data is voluntary provided, is intended to enable the data controller to offer the data subject content or services that may only be offered to registered users due to the nature of the matter in question. Registered persons are free to change the personal data provided during registration at any time or to have it completely deleted from the data controller's database.

The data controller shall provide any data subject with information on which personal data relating to the data subject is stored at any time upon request. In addition, the data controller shall correct or delete personal data at the request or notification of the data subject, insofar as this does not conflict with statutory retention obligations. All of the data controller's employees are available to the data subject as contact persons in this context.

6. Contact via the website

The website of F. Carl Schröter GmbH & Co. KG contains information enabling rapid electronic contact with our company and direct communication. This includes a general address for electronic mail (e-mail address). If a data subject contacts the data controller by e-mail or via a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted on a voluntary basis by a data subject to the controller will be stored for the purposes of processing or contacting the data subject. These personal data will not be passed on to third parties.

7. Comment function in the blog on the website

F. Carl Schröter GmbH & Co. KG allows users to leave individual comments on individual blog posts on a blog, which is on the controller's website. A blog is a portal on a website, usually open to the public, in which one or more people, called bloggers or web loggers, can post articles or record thoughts in so-called blog posts. The blog posts can usually be commented on by third parties.

If a data subject leaves a comment on the blog published on this website, in addition to the comments left by the data subject, information on the time of comment entry and the user name (pseudonym) chosen by the data subject will be stored and published. As well, the data subject's IP address as assigned by the Internet service provider (ISP) is logged. The IP address is stored for security reasons and in case the person concerned violates the rights of third parties or posts illegal content in a comment. Therefore, the storage of such personal data is in the data controller's own interest, as it can be exonerated if there is a violation of the law. This collected personal data will not be passed on to third parties unless such transfer is required by law or serves the legal defence of the data controller.

8. Routine deletion and blocking of personal data

The responsible person shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the responsible person is subject to.

If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data is routinely blocked or erased in accordance with legal requirements.

9. Rights of the data subject

• a)    Right to confirmation
• Every data subject has the right granted by the European legislator of directives and regulations to request confirmation from the data controller as to whether personal data concerning him or her is being processed. If a data subject wishes to exercise this right of confirmation, they may contact any employee of the data controller at any time.
• b)    Right to information
• Every data subject has the right granted by the European legislator of directives and regulations to receive free information from the data controller about the personal data stored about them and a copy of this information at any time. Furthermore, the European regulator has granted the data subject the following information:
• the purposes of processing
• the categories of personal data being processed
• the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations
• where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
• the existence of a right to correct or delete the personal data concerning you or restrict its processing by the Data Controller or object to such processing
• the existence of the right to lodge a complaint with a supervisory authority
• if the personal data are not collected from the data subject: all available information about the origin of the data the existence of automated decision-making, including profiling, in accordance with Article 22 (1) and (4) GDPR and — at least in these cases — meaningful information about the logic involved and the scope and intended effects of such processing for the data subject
• In addition, the data subject has the right to know whether personal data has been transferred to a third country or an international organisation. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards for the transfer.
• If a data subject wishes to exercise this right of access, they may contact any employee of the data controller at any time.
• c)    Right to rectification
• Every data subject has the right granted by the European legislator of directives and regulations to request the immediate correction of inaccurate personal data concerning them. Furthermore, taking into account the purposes of the processing, data subjects have the right to request that incomplete personal data be completed, including by means of a supplementary declaration.
• If a data subject wishes to exercise this right to rectification, they may contact any employee of the data controller at any time.
• d)    Right to deletion (Right to be forgotten)
• Each data subject has the right granted by the European legislator of directives and regulations to obtain from the controller the erasure of personal data concerning them without undue delay, and the controller shall have an obligation to delete personal data without undue delay where one of the following grounds applies, insofar as the processing is not necessary:
• The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
• The data subject withdraws his/her consent to the processing pursuant to Art. 6 para. (1) (a) GDPR or Art. 9 para. (2) (a) GDPR, and there is no other legal basis for processing.
• The data subject objects according to Art. 21 para. 1 GDPR, and there are no overriding legitimate grounds for processing, or the data subject is entitled to submit an objection pursuant to Art. 21 para. (2) GDPR.
• The personal data has been unlawfully processed.
• The personal data must be deleted in compliance with the obligations under European Union or Member State law to which the Data Controller is subject.
• The personal data concerning you has been collected in relation to services offered by the information society according to Art. 8 Para. 1 GDPR.
• If one of the reasons mentioned above applies, and a data subject wishes to request the erasure of personal data stored by F. Carl Schröter GmbH & Co. KG, they may contact any employee of the data controller at any time.
• The employee of F. Carl Schröter GmbH & Co. KG shall ensure that the erasure request is complied with immediately.
• If the personal data have been made public by F. Carl Schröter GmbH & Co. KG, and if our company, as the data controller, is obliged to delete it in accordance with Art. 17 (1) GDPR, F. Carl Schröter GmbH & Co. KG shall take appropriate measures, including technical measures, considering the available technology and the
• implementation costs, to inform other data controllers who process the published personal data that the data subject has requested the deletion of all links to or copies or replications of, these personal data from these other data controllers, insofar as the processing is not necessary. In individual cases, the employee of F. Carl Schröter GmbH & Co. KG will arrange the necessary measures.
• e)    Right to restriction of processing
• Every data subject has the right granted by the European legislator of directives and regulations to request the data controller to restrict the processing if one of the following conditions is met:
• The accuracy of the personal data is contested by the data subject, for a period enabling the data controller to verify the accuracy of the personal data.
• the processing is unlawful and the Data Subject opposes the erasure of the personal data and requests instead the restriction of their use instead;
• the Data Controller no longer needs the personal data for the purposes of the processing, but they are required to by the Data Subject for the establishment, exercise or defense of legal claims;
• the Data Subject has objected to the processing pursuant to Art. 21 para. (1) GDPR, and it is not yet clear whether the data controller's legitimate reasons outweigh those of the data subject.
• If one of the conditions mentioned above is met, and a data subject wishes to request the restriction of the processing of personal data stored by F. Carl Schröter GmbH & Co. KG, they may contact any employee of the controller at any time. The employee of F. Carl Schröter GmbH & Co. KG will arrange the restriction of the processing.
• f)     Right to data portability
• Every data subject has the right granted by the European legislator of directives and regulations to receive the personal data concerning them, provided by the data subject to a data controller in a structured, common and machine-readable format. They also have the right to transmit this data to another party without hindrance from the data controller to whom the personal data was originally provided, provided that the processing is based on the consent provided for in Art. 6 para. (1) (a) GDPR or Art. 9 para. (2) (a) GDPR or in a contract in accordance with Art. 6 para. (1) (b) GDPR and processing is carried out by means of automated procedures, except where such processing is necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the data controller.
• Furthermore, in exercising their right to data portability pursuant to Art. 20 para. (1) GDPR, the data subject has the right to have personal data transmitted directly from one data controller to another, insofar as this is technically feasible and does not adversely affect the rights and freedoms of other persons.
• The data subject may at any time contact any employee of F. Carl Schröter GmbH & Co. KG to assert the right to data portability.
• g)    Right to object
• Every data subject has the right granted by the European legislator of directives and regulations, for reasons arising from his or her particular situation, to object at any time to the processing of personal data concerning them, which is based on Art. 6 1(e) or (f) of the GDPR. This also applies to profiling based on these provisions.
• F. Carl Schröter GmbH & Co. KG no longer processes the personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing which outweigh the interests, rights and freedoms of the data subject, or the processing is for the establishment, exercise or defence of legal claims.
• If F. Carl Schröter GmbH & Co. KG processes personal data for direct marketing purposes, the data subject has the right to object at any time to processing of personal data concerning them for such marketing. This also applies to profiling insofar as it relates to such direct marketing. If the data subject objects to the processing by F. Carl Schröter GmbH & Co. KG for direct marketing purposes, F. Carl Schröter GmbH & Co. KG will no longer process the personal data for these purposes.
• In addition, the data subject has the right, for reasons arising from his or her particular situation, to object to the processing of personal data concerning him or her by F. Carl Schröter GmbH & Co. KG for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, unless such processing is necessary for the performance of a task in the public interest.
• In order to exercise the right to object, the data subject may contact directly any employee of F. Carl Schröter GmbH & Co. KG or another employee. The data subject is also free, in the context of the use of information society services and notwithstanding Directive 2002/58/EC, to exercise his or her right to object by automated means using technical specifications.
• h)    Automated individual decision-making, including profiling
• Every data subject has the right, granted by the European legislator of directives and regulations, not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is permitted by Union or Member State law to which the controller is subject and that law contains adequate measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is based on the data subject's explicit consent.
• If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject's explicit consent, F. Carl Schröter GmbH & Co. KG shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
• If the data subject wishes to exercise rights concerning automated individual decision-making, they may contact any employee of the data controller at any time.
• i)      Right to withdraw consent under data protection law
• Every data subject has the right granted by the European legislator of directives and regulations to withdraw his or her consent to the processing of personal data at any time.
• If the data subject wishes to exercise the right to withdraw the consent, he or she may, at any time, contact any employee of the responsible person.

10. Data protection for applications and in the application process

The data controller collects and processes the personal data of applicants for the purpose of conducting the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits relevant application documents to the controller by electronic means, for example by e-mail or via an online form on the website. If the data controller concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the data controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of rejection, provided that no other legitimate interests of the data controller stand in the way of deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the German General Equal Treatment Act (AGG).

11. Data protection provisions about the application and use of Facebook

The responsible person has integrated components from Facebook on this website. Facebook is a social network.

A social network is an Internet-based social meeting place, an online community that usually enables users to communicate with each other and interact in virtual space. A social network can serve as a platform for exchanging opinions and experiences or enables the Internet community to provide personal or company-related information. Facebook enables users of the social network to create private profiles, upload photos and network via friendship requests, among other things.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. The entity responsible for the processing of personal data, if the entity in question resides outside the US or Canada, is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Facebook component to download a display of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook receives information about which specific sub-page of our website is visited by the data subject.

If the data subject is simultaneously logged in to Facebook, Facebook recognises the specific sub-page of our website visited for each visit to our website and during the entire duration of the respective visit to our website. This information is collected through the Facebook component and assigned by Facebook to the appropriate Facebook account of the data subject. If the data subject clicks one of the Facebook buttons integrated on our website, for example the "Like" button, or they leave a comment, Facebook assigns this information to the data subject's personal Facebook user account and stores this personal data.

Facebook receives information via the Facebook component that the data subject has visited our website whenever they are logged in to Facebook at the same time as accessing our website; this happens regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not wish this information to be transmitted to Facebook, they can prevent it from being transmitted by logging out of their Facebook account before accessing our web page.

The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. It also explains what settings options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.

12. Data protection provisions about the application and use of Google Analytics (with anonymisation function)

The data controller has integrated the Google Analytics component (with anonymisation function) on this website. Google Analytics is a web analytics service. Web analysis describes the surveying, collecting and analysing data regarding the behaviour of visitors to websites. A web analysis service collects, among other things, data about the website from which a data subject has accessed a website (so-called referrer), which subpages of the website have been accessed or how often and for how long a subpage has been viewed. A web analysis is mainly used to optimise a website and for cost-benefit analysis of Internet advertising.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The data controller uses the suffix "_gat._anonymizeIp" for the web analysis via Google Analytics. Using this addition, Google shortens and anonymises the data subject's IP address when accessing our Internet pages from a member state of the European Union or from another signatory state to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports showing us the activities on our websites, and to provide other services related to the use of our website.

Google Analytics places a cookie on the data subject's device. Cookies have already been explained above. The placement of this cookie enables Google to analyse the use of our website. Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a Google Analytics component has been integrated, the Internet browser on the data subject's information technology system is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical process, Google receives information about personal data, such as the data subject's IP address, which Google uses, among other things, to track the origin of visitors and clicks, and subsequently to facilitate settlement of commissions.

Cookies are used to store personal information, such as the time of access, the location from which access was made and the frequency of the data subject's visits to our website. Each time a data subject visits our web pages, their personal information, including the IP address of their Internet connection, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may disclose such personal data collected through the technical process to third parties.

The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Furthermore, the data subject has the option of objecting to and preventing the collection of data generated by Google Analytics relating to the use of this website and the processing of this data by Google. To do this, the data subject must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information on website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered a contradiction by Google. If the data subject's information technology system is deleted, formatted or reinstalled at a later time, the data subject must reinstall the browser add-on to disable Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person who is attributable to their sphere of control, it is possible to reinstall or reactivate the browser add-on.

Further information and the applicable data protection provisions of Google may be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link https://www.google.com/intl/de_de/analytics/.

13. Data protection provisions about the application and use of Matomo

The data controller has integrated the Matomo component into this website. Matomo is an open source web analytics software tool. Web analysis describes the surveying, collecting and analysing data regarding the behaviour of visitors to websites. A web analysis service collects, among other things, data about the website from which a data subject has accessed a website (so-called referrer), which subpages of the website have been accessed or how often and for how long a subpage has been viewed. A web analysis is mainly used to optimise a website and for the purpose of cost-benefit analysis of Internet advertising.

The software is operated on the server of the controller, the log files sensitive under data protection law are stored exclusively on this server.

The purpose of the Matomo component is to analyse the flow of visitors to our website. The controller uses the data and information obtained, inter alia, to evaluate the use of this website in order to compile online reports that show the activities on our website.

Matomo sets a cookie on the data subject's information technology system. Cookies have already been explained above. The placement of this cookie enables us to analyse the use of our website. Each time the website is opened, the Matomo component in question will cause the Internet browser on the data subject's information technology system to automatically send data to our server for the purpose of online analysis. As part of this technical process, we receive information about personal data, such as the IP address of the data subject, which serves us, among other things, to trace the origin of visitors and clicks.

Cookies are used to store personal information, such as the time of access, the location from which access was made and the frequency of the data subject's visits to our website. Whenever you visit our website, this data, including the IP address of the Internet connection used by the data subject, is transmitted to our server. This personal data is stored by us. We will not disclose your personal data to third parties.

As already described above, the person concerned can prevent cookies being set by our website at any time by adjusting the appropriate setting of the internet browser used and will thereby object to cookies being set on a permanent basis.

Such a setting of the Internet browser used would also prevent Matomo from setting a cookie on the data subject's information technology system. In addition, a cookie already set by Matomo can be deleted at any time via an Internet browser or other software programs.

Furthermore, it is possible for the data subject to object to and prevent the collection of data generated by Matomo relating to the use of this website and the processing of this data by Google. For this purpose, the data subject must set "Do Not Track" in your browser.

However, if the opt-out cookie is set, it is possible that the data subject will no longer be able to use the controller's website to its full extent.

Further information and the applicable data protection provisions of Matomo can be found at https://matomo.org/privacy/.

14. Legal basis of the processing

Art. 6 I lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary to fulfil a contract of which the data subject is a party, as is the case, for example, in processing operations necessary for the supply of goods or the provision of any other service or consideration, processing shall be based on Art. 6 I (b) GDPR. The same applies to processing processes that are necessary to carry out pre-contractual measures, for example in cases of enquiries about our products or services.

If our company is subject to a legal obligation that requires the processing of personal data, for example to fulfil tax obligations, the processing is based on Art. 6 I (c) GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured at our company and their name, age, health insurance data or other vital information had to be passed on to a doctor, a hospital or other third parties. Such processing would be based on Art. 6 I (d) GDPR.

Ultimately, processing operations could be based on Art. 6 I (f) GDPR. Processing not covered by any of the aforementioned legal bases is based on this provision insofar processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not take priority. We are permitted to carry out such processing procedures because they have been specifically mentioned by the European legislator. In this respect, the legislator took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 clause 2 GDPR).

15. Legitimate interests in the processing pursued by the controller or a third party

If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the execution of our business activities for the benefit of the well-being of all our employees and our shareholders.

16. Duration for which the personal data is stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After this period has expired, the corresponding data is routinely deleted, provided it is no longer required for contract fulfilment or contract initiation.

17. Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision

We hereby inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). In order to conclude a contract, it may sometimes be necessary for a data subject to provide us with personal data that we subsequently have to process. For example, the data subject is obliged to provide us with personal data when our company concludes a contract with them. Failure to provide personal data would mean the contract with the data subject could not be concluded. Before the data subject provides personal data, they must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.