We attach great importance to data protection. The collection and processing of your personal data takes place in compliance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR; German DSGVO).
- Data processor
- General purposes of data processing
- Which data we use and why
- Analysis tools and advertising
- Social media, plugins and tools
- Storage period
- Your rights
- Data processing by employees, infrastructure, software & tools
- Data processing (employee and applicant data)
1 DATA PROCESSOR
The party responsible for the collection, processing and use of your personal data in the sense of Art. 4, no. 7 DSGVO is
SCHLOSSBERG Switzerland AG
Tel.: +41 (0)52 396 23 23
Our EU reprensentative according to Art. 27 GDPR is: Schlossberg Switzerland Gmbh, Markplatz 6, 70173 Stuttgart, Germany.
In the event that you wish to raise objections to the recording, processing and use of your personal data by us in accordance with these data privacy regulations, either in whole or in part, you are kindly invited to address your objections to the Data Processor.
2 GENERAL PURPOSES OF DATA PROCESSING
We use personal data for the purpose of operating the website and our webshop.
2.1 SSL or TLS Encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar. If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
3 WHICH DATA WE USE AND WHY
The hosting services used by maxcluster GmbH, Lise-Meitner-Str. 1b, 33104 Paderborn, Germany, serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating the website.
We, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors to this website. Data processing is performed on the basis of Art. 6, para. 1(b) GDPR, which allows us to process data to fulfill a contract or for measures preliminary to a contract.
Order Data Processing Agreement
We have concluded an order data processing contract with Mittwald CM Service GmbH & Co. KG, in which we have obliged Mittwald CM Service GmbH & Co. KG to protect the data of our customers and refrain from passing this on to third parties.
3.2 Access Data
We collect information about you when you use this website. We automatically collect information about your usage patterns and your interaction with us, and we register information about your computer or mobile device. We collect, store and use data regarding each time our website is accessed (so-called server log files). Access data includes:
- Name and URL of the retrieved file
- Date and time of retrieval
- Transferred data volume
- Message about successful retrieval (HTTP response code)
- Browser type and browser version
- Operating system
- Referrer URL (i.e. the previously visited page)
- Websites accessed by the user's system through our website
- Internet service provider of the user
- IP address and the requesting provider
We use this log data without allocation to your person or other profiling for statistical evaluations for the purpose of operating, security and optimization of our website, but also for anonymous recording of the number of visitors to our website (traffic) and for the scope and type of use of our website and services, as well as for billing purposes to measure the number of clicks received from cooperation partners. This information enables us to provide personalized and location-based content and analyze traffic, troubleshoot and correct errors, and improve our services. This is also our legitimate interest pursuant to Art. 6, para. 1, s. 1 lit. (f) GDPR.
We reserve the right to subsequently check the log data if there is a justified suspicion of illegal use on the basis of concrete indications. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes or for the provision of services or the billing of a service, e.g. if you use one of our offers. After the order process has been aborted or after payment has been received, we delete the IP address if it is no longer required for security purposes. We also store IP addresses if we have the concrete suspicion of a criminal offense in connection with the use of our website. In addition, we store the date of your last visit as part of your account (e.g. when registering, logging in, clicking links, etc.).
The website uses so-called session cookies for optimization purposes. A session cookie is a small text file that is sent by the respective servers when you visit a website and stored temporarily on your hard drive. This file as such contains a so-called session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognized when you return to our website. These cookies are deleted after you close your browser. They are used, for example, to enable you to use the shopping basket function across several pages.
To a lesser extent, we also use persistent cookies (also small text files that are stored on your device) that remain on your device and enable us to recognize your browser the next time you visit. These cookies are stored on your hard drive and delete themselves after the specified time. Their lifespan is 1 month to 10 years. In this way, we can present our offer to you in a more user-friendly, effective and secure manner and, for example, show you information on the page that is specifically tailored to your interests
The following data and information is stored in the cookies:
- Log-in information
- Language settings
- Search terms entered
- Information about the number of visits to our website and the use of individual functions of our website.
You can program your browser so that you are informed in advance when cookies are set and can decide in individual cases whether you want to exclude the acceptance of cookies for certain cases or generally, or that cookies are completely prevented. This may limit the functionality of the website.
3.4 Data to Fulfill our Contractual Obligations
We process personal data that we need to fulfill our contractual obligations, such as name, address, email address, products ordered, invoice and payment data. The collection of this data is necessary for the conclusion of the contract.
The deletion of the data takes place after the expiry of the statutory warranty periods and statutory retention periods and documentation obligations (Art. 6 para. 1 S 1 lit. c) GDPR).
The legal basis for the processing of this data is Art. 6, para. 1, s. 1 lit. (b) GDPR, because this data is required so that we can fulfill our contractual obligations toward you.
3.5 User Account
You can create a password-protected user account on our website. If you wish to do so, we need the personal data requested at login. Only your email adress or user name and the password you have chosen will be required for subsequent logins.
For new registrations, we collect master data (e.g. name, address), communication data (e.g. email address) and payment data (bank details) as well as access data (user name and password).
In order to ensure your proper registration and to prevent unauthorized registrations by third parties, you will receive an activation link by email after your registration to activate your account. Only after successful registration do we permanently store the data you have transmitted in our system.
You can have us delete a user account once it has been created at any time, without incurring any costs other than the transmission costs according to the basic tariffs. A message in text form to the contact data mentioned under Section 1 (e.g. email, fax, letter) is sufficient for this. We will then delete your stored personal data insofar as we do not still need to store it for the processing of orders or due to legal storage and documentation obligations.
The legal basis for processing this data is your consent pursuant to Art. 6, para. 1, s. 1 lit. (a) GDPR.
3.6 Payment Service Provider
If you select a payment provider on our site for payment, this provider will also receive your personal data, for example your name, address and bank account details. In addition, our house bank receives your bank details when an electronic payment is received.
We use the payment service provider Mollie B.V., Keizersgracht 1261015CW, Amsterdam, to facilitate payments. Mollie receives the following information during payment processing:
- Your payment details (for example, bank account number or credit card number).
- Your IP address
- Your Internet browser and device type
- In some cases, your first and last name
- In some cases, your address information
- In some cases, information about the product or service you purchased from our customer
- Other personal information that you actively provide, for example, through correspondence or over the phone.
Privacy information from Mollie can be found at: https://www.mollie.com/privacy.
Payment information from Mollie can be found at: https://help.mollie.com/hc/en-gb/categories/360002830740-Payment-methods
PayPal: If you pay on our website with PayPal (PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal L-2449 Luxembourg), PayPal receives your payment data for payment processing. Information on this can be found at:
Credit card: If you pay on our website with your credit card, your credit card provider receives the information that you have placed an order with us. It may be that your credit card provider performs a credit check. You can find more information about this on the respective website of your credit card provider.
SOFORT-Banking: You log in with your online banking data. The amount and beneficiary of the transfer are already pre-filled. When you authorize the payment, our house bank receives your transfer and bank details.
Klarna Pay Later: If you select Klarna Pay Later in the ordering process, you can order first and pay later. A credit check is automatically performed in the background by Klarna (by Klarna and via third parties, see https://www.klarna.com/de/datenschutz/ and https://help.mollie.com/hc/en-gb/articles/360009978893).
We offer registration for our newsletter on our website.
The legal basis is Art. 6, para. 1, s. 1 lit. (a) GDPR.
Registration and purpose
Our newsletter informs you regularly about interesting news around our Schlossberg world. Registration takes place via the registration form, at the end of which you confirm your consent to the use of the data entered. If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as further information that enables us to send you content according to your interests.
We use the so-called double opt-in procedure to ensure that the newsletter is sent in a consensual manner. In the course of this, you are added to a newsletter distribution list as a potential recipient. Subsequently, you as a user will receive a confirmation e-mail to confirm the registration in a legally secure manner. Only if this confirmation is given will the address be actively included in our newsletter distribution list. In addition, we store the IP addresses used and the times of registration and confirmation. The purpose of this procedure is to be able to trace your registration back to you and to prevent possible misuse of your personal data.
We store your registration data as long as they are required for sending the newsletter. We store the logging of the registration and the mailing address as long as there was an interest in proving the consent originally given, which is usually the limitation periods for civil claims, i.e. a maximum of three years.
We also use our customers' data for our own marketing purposes in accordance with the statutory provisions. The use for our own marketing purposes may also include the sending of postal advertising material or the sending of the abandoned shopping basket by e-mail. We take particular care to ensure that our offer is tailored to your needs in the best possible way. Thus, using probability values, we strive to ideally only present you with advertising content that is of interest to you. For this purpose, Schlossberg creates personality profiles about your purchasing and usage behaviour in order to better tailor advertising and web offers to your personal interests. In this context, we would like to point out that we also occasionally conduct surveys of our customers, as we are always interested in your opinion about our product and service range. We collect this data to improve our goods and services and for quality purposes, but participation is of course voluntary at all times. Any further use of the profile information and disclosure to third parties is not permitted.
You can revoke the delivery of the newsletter and / or the use of your data for advertising purposes at any time free of charge and without giving reasons or revoke your consent. You will find the relevant links at the end of each newsletter. Once you have unsubscribed, you will no longer receive any further newsletters.
3.8 Email Contact
If you contact us (e.g. via contact form or email), we will process your details to respond to the enquiry and in the event that follow-up questions arise. The personal data collected by us for the use of the contact form will be automatically deleted after completion of your request.
If the data processing is carried out for the purposes of pre-contractual measures which take place at your request, or, if you are already our customer, to carry out the contract, the legal basis for this data processing is Art. 6, para. 1, s. 1 lit. (b) GDPR.
We only process further personal data if you consent to this (Art. 6, para. 1, s. 1 lit. (a) GDPR) or if we have a legitimate interest in processing your data (Art. 6, para. 1, s. 1 lit. (f) GDPR). A legitimate interest constitutes, for example, a reply to your email.
4 Analysis Tools and Advertising
4.1 Google Analytics
We use Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about the use of this website by website visitors is generally transmitted to a Google server in the USA and stored there.
This is also our legitimate interest pursuant to Art. 6, para. 1, s. 1 lit. (f) GDPR.
We have activated IP anonymization on this website (anonymizeIp). However, your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to this. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and internet usage to us.
The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. You may prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of this website.
Furthermore, you can prevent the transfer of the data generated by the cookie which is related to your use of the website (incl. your IP address), as well as the processing of said data by Google, by downloading and installing a browser add-on: http://tools.google.com/dlpage/gaoptout?hl=de.
As an alternative to the browser plugin or within browsers on mobile devices, you can click on the following link to set an opt-out cookie that will prevent Google Analytics from collecting this data within this website in the future (this opt-out cookie only works in this browser and only for this domain. If you delete the cookies in your browser, you must click this link again): [Deactivate Google Analytics]
4.2 Google Tag Manager
On our website we use “Google Tag Manager”, a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). Google Tag Manager allows us to manage website tags through an interface.
This is also our legitimate interest pursuant to Art. 6, para. 1, s. 1 lit. (f) GDPR.
The tool Google Tag Manager, which implements the tags, is a cookie-free domain and does not collect any personal data itself. Google Tag Manager triggers other tags that may themselves collect data. Google Tag Manager does not access this data. If deactivation has been performed at the domain or cookie level, it will persist for all tracking tags implemented with Google Tag Manager.
Third-party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. For more information about privacy, please visit the following Google websites:
- FAQ Google Tag Manager: https://www.google.com/intl/de/tagmanager/faq.html
4.3 Google Ads Conversion
This website uses Google AdWords. AdWords is an online advertising program operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”) and enables us to design, statistically record, optimise and exchange advertising content in line with demand.
As part of Google AdWords, we use what is known as conversion tracking. When you click on an ad placed by Google, a conversion tracking cookie is set. Cookies are small text files that the internet browser places on the user's computer. These cookies expire after 30 days and are not used to personally identify users. If the user visits certain pages of this website and the cookie has not expired, Google and we may recognize that the user clicked on the advertisement and was directed to that page.
Each Google AdWords customer receives a different cookie. Cookies cannot be tracked through AdWords customer websites. The information collected from the conversion cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. Customers will know the total number of users who clicked on their advertisement and were directed to a page with a conversion tracking tag. However, they will not receive information that personally identifies users.
Because of the marketing tools used, your browser automatically connects directly to Google's server. We have no influence on the extent and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of AdWords Conversion, Google receives the information that you have retrieved the relevant part of our website or clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is still possible for the provider to find out and store your IP address.
You can prevent Google from participating in this tracking process by, among other things, a) disabling cookies by setting your browser software accordingly, b) deactivating cookies for conversion tracking in your browser by blocking cookies from the “www.googleadservices.com” domain, or c) deactivating interest-related ads from providers that are part of the “About Ads” self-regulatory campaign via the link http://www.aboutads/info/choices. You can also permanently disable cookies in your browsers.
Our legitimate interest in storing "conversion cookies" is based on Art. 6, para. 1, s. 1 lit. (f) GDPR, so that we can better understand user behavior and optimize our website and advertising.
4.4 Google Maps
On this website we use the offering provided by Google Maps. This enables us to show you interactive maps directly on the website and enables you to use the map function conveniently.
Google stores your data as usage profiles and uses them for advertising, market research and/or needs-based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.
Google has signed and is certified under the Privacy Shield Agreement between the European Union and the United States. This means that Google is committed to complying with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.privacyshield.gov/EU-US-Framework.
Our legitimate interest in the use of Google Maps pursuant to Art. 6, para. 1(f) GDPR is to provide you with a better user experience by embedding a clearly arranged city map.
4.5 Google Analytics Remarketing
Our websites use the Google Analytics Remarketing features in conjunction with the cross-device features of Google Ads and Google DoubleClick. The provider is Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
This feature allows Google Analytics Remarketing to link advertising target groups with the cross-device features of Google Ads and Google DoubleClick. In this way, interest-based, personalized advertising messages that have been customized to you depending on your previous usage and surfing behavior on one device (e.g. smartphone) can also be displayed on another of your devices (e.g. tablet or PC). If you have given your consent, Google will link your web and app browser history to your Google Account for this purpose. In this way, the same personalized advertising messages can be displayed on any device on which you sign in with your Google Account. To support this feature, Google Analytics collects Google-authenticated user IDs that are temporarily linked to our Google Analytics data to define and create target audiences for cross-device advertising.
- Legal Basis
The data recorded in your Google account is summarized exclusively on the basis of your consent, which you may give or revoke at Google (Art. 6, para. 1(A) GDPR). In the case of data collection processes that are not consolidated in your Google Account (e.g. because you do not have a Google Account or have objected to the consolidation), the data collection is based on Art. 6, para. 1(f) GDPR. The justified interest results from the fact that we have an interest in the anonymous analysis of website visitors for advertising purposes.
Although we register legitimate interests to use and store “conversion cookies”, we do offer opt-out options. You can permanently opt out of cross-device remarketing/targeting by deactivating personalized advertising in your Google Account..
4.6 Facebook Pixel, Facebook Custom Audiences and Facebook Conversion
Our online offering incorporates the so-called “Facebook pixel” used by the social network Facebook, which is operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or if you are resident in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).
With the help of the Facebook pixel, Facebook is able to identify you as a visitor of our online offering as the target group for the presentation of ads (so-called “Facebook ads”). Accordingly, we use Facebook pixels to display Facebook ads placed by us only to Facebook users who have shown an interest in our online services or who have certain features (e.g. interests in certain topics or products that are determined on the basis of the websites visited) that we transmit to Facebook (so-called “custom audiences”). We also want to use Facebook pixels to ensure that our Facebook ads match the potential interest of users and do not prove off-putting. Using Facebook pixels, we can further track the effectiveness of Facebook advertisements for statistical and market research purposes by seeing if users were referred to our website after clicking on a Facebook ad (known as “conversion”).
Facebook processes the data in accordance with Facebook's Data Usage Policy. Accordingly, general notes on the presentation of Facebook advertisements appear in Facebook's Data Usage Policy. Specific information and details about Facebook pixels and how they work can be found in the help section of Facebook.
The use of the Facebook pixel and the storage of “conversion cookies” is based on Art. 6, para. 1 lit. (f) GDPR. We have a legitimate interest in analyzing user behavior in order to optimize both our website and our advertising.
5 SOCIAL MEDIA, PLUGINS AND TOOLS
Use of Social Media
We maintain online presences within social networks and platforms in order to be able to communicate with customers, interested parties and users active there and to inform them about our services. We would like to advise you that user data may be processed outside the European Union. This can result in risks for users, as it could, for example, make it more difficult to enforce user rights. With regard to US providers that are certified under the Privacy Shield, we would like to advise that by doing so they commit themselves to complying with EU data protection standards. In addition, user data is usually processed for market research and advertising purposes. For example, user profiles can be created on the basis of user behavior and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements inside and outside the platforms which are presumed to correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer in which the user's usage behavior and interests are saved. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them). The processing of the personal data of the users takes place on the basis of our legitimate interests in effective information of the users and communication with the users in accordance with Art. 6, para. 1(f) GDPR. If the users are requested by the respective providers of the platforms to consent to the aforementioned data processing, the legal basis for the processing is Art. 6, para. 1(a)., Art. 7 GDPR. For a detailed description of the respective processing operations and the opt-out options, we refer to the following linked information of the providers. Also in the case of requests for information and the assertion of user rights, we would like to advise you that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can take appropriate measures and give information directly.
Integration of Third-Party Services and Content (Plugins)
Within the scope of our online offering, we place our trust in our legitimate interests (i.e. interest in analysis, optimization and economic operation and in the interest of an appealing presentation of our online offering within the meaning of Art. 6, para. 1(f) GDPR), content or service offerings from third parties in order to integrate their content and services, such as videos or posts. This integration invariably presupposes that the third-party providers of this content have access to your IP address, since they cannot send the content to your browser without the IP address. The IP address is therefore required for the presentation of this content.
We make every effort to use only content for which the respective providers only use your IP address to deliver the same. Third-party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. “Pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on your device and may contain technical information about your browser and operating system, referring websites, visit times and other information about your use of our online services, as well as possibly being linked to similar information from other sources.
We integrate the videos appearing on the platform “YouTube” and operated by the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here, the YouTube server is informed about which of our pages you have visited. If you are logged in to your YouTube account, YouTube allows you to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.
The use of YouTube is made in the interest of an appealing presentation of our online offering. This constitutes a justified interest pursuant to Art. 6, para. 1 (f) GDPR.
Objection to Data Collection
You can prevent Google from collecting your information by clicking on the link and opting out.
5.2 Facebook Social Plugins
We use social plugins (“plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and are recognizable by one of the Facebook logos (white “f” on a blue tile, the term “like” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”. You can view the list and appearance of the Facebook social plugins. If you retrieve a function of our online offering that contains such a plugin, your device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted directly from Facebook to your device and integrated into the online offering. Usage profiles can be created from the processed data. We therefore have no influence on the extent of the data that Facebook collects with the help of this plugin and therefore inform the user according to our state of knowledge. By integrating the plugins, Facebook receives the information that you have retrieved the corresponding page of our online offering. If you are logged in to Facebook, Facebook can assign the visit to your Facebook account. If you interact with the plugins, for example by clicking the “like” button or making a comment, the corresponding information is transferred directly from your device to Facebook and stored there. If you are not a member of Facebook, there is still the possibility for Facebook to find out and store your IP address. According to Facebook, only one anonymous IP address is stored in Europe.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the relevant rights and setting options for the protection of the privacy of the users can be found in Facebook's Data Protection Information.
The use of Facebook social plugins is made in the interest of an appealing presentation of our online offering and an easy retrieval of the places indicated by us on the website. This constitutes a justified interest pursuant to Art. 6, para. 1 lit. (f) GDPR.
Objection to Data Collection
If you are a Facebook member and do not want Facebook to collect your information about you through our online offering and link it to your member information stored by Facebook, you must log out of Facebook before using our online offering and delete your cookies. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings or via the US page aboutads.info or the EU page youronlinechoices.com. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
Functions and content provided by the service Instagram, operated by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, can be integrated within our online offering.
This may include, for example, content such as images, videos or text and buttons with which you can express your opinions on content or the authors of said content, or subscribe to our posts. If you are a member of the Instagram platform, Instagram can assign the above content and functions to your profiles.
The use of Instagram is made in the interest of an appealing presentation of our online offering and an easy retrievability of the places indicated by us on the website. This constitutes a justified interest pursuant to Art. 6, para. 1 lit. (f) GDPR.
5.5 Trusted Shops Trustbadge
The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops seal of approval and any reviews that may have been collected, as well as to offer Trusted Shops products to buyers after an order has been placed.
This serves to safeguard our legitimate interests, which predominate in the context of a weighing up of interests, in optimal marketing by enabling safe shopping in accordance with Art. 6 Para. 1 S. 1 lit.(f) GDPR. The Trustbadge and the services advertised with it are offered by Trusted Shops GmbH, Subbelrather Str.15C, 50823 Cologne. The Trustbadge is provided by a CDN provider (Content Delivery Network) as part of order processing. Trusted Shops GmbH also uses service providers from the USA. An adequate level of data protection is ensured. Further information on data protection at Trusted Shops GmbH can be found here: https://www.trustedshops.de/impressum/#datenschutz
At When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. Individual access data is stored in a security database for the analysis of security issues. The log files are automatically deleted no later than 90 days after creation.
Further personal data is transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or if you have already registered to use them. The contractual agreement made between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data. Whether you, as a buyer, is already registered for a product use is determined by means of a neutral parameter, which is sent via cryptological One-way hashed e-mail address, automatically checked. The e-mail address is converted into this hash value, which cannot be decrypted for Trusted Shops, before it is transmitted. After checking for a match, the parameter is automatically deleted.
This is necessary for the fulfillment of our and Trusted Shops ‘predominant legitimate interests in the provision of the buyer protection linked to the specific order and the transactional evaluation services according to Art. 6 Para. 1 S. 1 lit. (f) GDPR. Further details, including the objection, can be found in the Trusted Shops data protection declaration linked above and in the Trustbadge.
6 STORAGE PERIOD
Unless specifically stated, we will only store personal data for as long as is necessary to fulfill the purposes for which it was collected.
In some cases, the law provides for the retention of personal data, for example in tax or commercial law. In these cases, the data is only stored by us for these legal purposes, but is not processed elsewhere and deleted after the legal retention period has expired.
7 YOUR RIGHTS
Under the applicable laws, you have various rights with respect to your personal information. If you wish to exercise these rights, please send your request by email or by post, clearly identifying yourself, to the address given in Section 1.
An overview of your rights appears below.
7.1 Right to Confirmation and Information
You have the right to transparent information about the processing of your personal data.
In detail, this means:
You have the right to receive confirmation from us as to whether your personal details will be processed. If this is the case, you have the right to request from us free information about the personal data stored about you together with a copy of this data.
If personal data is transferred to a third country or to an international organization, you have the right to be informed of the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.
7.2 Right to Rectification
You have the right to demand that we rectify and, if necessary, complete the relevant personal data.
In detail, this means:
You have the right to demand that we correct any incorrect personal data immediately. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
7.3 Right to Cancellation (“Right to be Forgotten”)
In a number of cases, we may be required to delete personal information about you.
In detail, this means:
Pursuant to Art. 17, para. 1 GDPR, you have the right to demand that we delete personal data concerning you immediately, and we are obliged to delete personal data immediately if one of the following reasons applies:
- Personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- You revoke your consent on which the processing was based pursuant to Art. 6, para. 1, s. 1 lit. (a) GDPR or Art. 9, para. 2 lit. (a) GDPR, and no other legal basis for the processing exists.
- You object to the processing pursuant to Art. 21, para. 1 GDPR and there are no overriding legitimate reasons for the processing, or you object to the processing pursuant to Art. 21, para. 2 GDPR.
- The personal data was processed unlawfully.
- The deletion of personal data is necessary to fulfill a legal obligation under European Union law or the law of the member states to which we are subject.
- The personal data was collected in relation to Information Society services offered pursuant to Art. 8, para. 1 GDPR.
If we have made the personal data public and we are obliged to delete it pursuant to Art. 17, para. 1 GDPR, we shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform those responsible for data processing who process the personal data that you have requested them to delete all links to this personal data or copies or replications of the same.
7.4 Right to Restriction of Processing
In a number of cases, pursuant to Art. 18 GDPR, you have the right to ask us to restrict the processing of your personal data.
In detail, this means:
You have the right to demand that we restrict the processing of your personal data if one of the following conditions is met:
- the accuracy of the personal data is disputed by you for a period of time that allows us to verify the accuracy of the personal data,
- the processing is unlawful and you refused to delete the personal data and instead requested the restriction of the use of the personal data;
- we no longer need the personal data for the purposes of processing, but you need the data to assert, exercise or defend legal claims, or
- you have lodged an objection against the processing pursuant to Art. 21, para. 1 GDPR, as long as it has not yet been established whether the legitimate reasons of our company outweigh yours.
7.5 Right to Data Transferability
You have the right to receive the relevant personal data in machine-readable form, to transmit it, or to have it transmitted by us.
In detail, this means:
You have the right to receive the relevant personal data that you have provided to us in a structured, common and machine-readable format and you have the right to transfer this data to another responsible person without any hindrance on our part, provided that
- the processing is based on consent pursuant to Art. 6, para. 1 s. 1(a) GDPR or Art. 9, para. 2(a) GDPR or on a contract pursuant to Art. 6, para. 1 s. 1(b) GDPR and
- processing is carried out using automated procedures.
When exercising your right to data transfer in accordance with paragraph 1, you have the right to obtain that the personal data is transferred directly by us to another responsible person, insofar as this is technically feasible.
7.6 Right of Objection
You have the right to object to a lawful processing of your personal data by us if this is based on your specific situation, and our interests in the processing do not prevail.
In detail, this means:
You have the right, for reasons arising from your specific situation, to object at any time to the processing of personal data concerning you on the basis of Art. 6, para. 1 s. 1(e) or (f) GDPR; this also applies to profiling based on these provisions. We no longer process the personal data unless we can establish compelling grounds for the processing which outweigh your interests, rights and freedoms or make the processing necessary.
8 DATA PROCESSING BY EMPLOYEES, INFRASTRUCTURE, SOFTWARE & TOOLS
Our employees are trained in and aware of the topic of data protection.
Employee workstations, laptops and mobile devices
All laptops and workstations are protected by full disk encryption and centrally managed. We pay meticulous attention to the installation of updates on our employees' devices and check workstations and devices for malware. We can install critical patches and remotely delete all devices. We use industry-standard OTP technology to further secure access to corporate infrastructure.
8.1 Microsoft Office/Microsoft Dynamics NAV
We use Microsoft Office and Microsoft Dynamics NAV from Microsoft for the collection, processing and use of personal and non-personal data. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.
The basis for data processing is Art. 6, para. 1(b) GDPR, which permits us to process data to fulfill a contract or pre-contractual measures.
9 DATA PROCESSING (EMPLOYEE AND APPLICANT DATA)
We collect your personal data to administer our employment or contractual relationship with you and for the purposes set out below. We collect personal data either directly from you or from third parties as appropriate, including public databases, social media platforms or recruiting companies. We collect, process and transfer your personal data using automated and/or paper-based data processing systems. We use automated processing systems (e.g. for payroll processing and payment). Personal data is also processed on a case-by-case or ad hoc basis (e.g. when an employee is proposed for a new position or in connection with changes in an employee's marital status).
The following types of personal data may be collected:
- personal identifiers such as name, home address, date of birth, gender, occupational photographs and private telephone number;
- official identification numbers such as the social security number for payroll processing
- immigration, work permit and residence status;
- contact details of relatives and persons to contact in an emergency;
- job-related information, such as duration, location, identification data, evidence of employment, holidays and contract data;
- information on education and training, such as awards, certificates and licenses, as well as professional documentation and certificates of attendance for in-house training;
- recruitment data and performance-related data such as target agreements, assessments, comments, feedback results, career development, work materials, career and succession planning, skills and competencies, and other work-related qualifications;
- data on your use of Schlossberg Switzerland AG assets and management of operational activities;
- Information on compliance and risk management, such as records of disciplinary proceedings, background checks and safety information, as well as information on income, compensation and benefits, such as salary and insurance information, information on family members, government identification or tax numbers, account information, and information on job-related benefits.
Personal information is processed by us for the following purposes:
- personnel planning, recruitment and hiring;
- personnel administration, payroll accounting, remuneration and performance programs;
- performance management, training and development;
- career and succession planning;
- legal defense and compliance, including compliance with government requests for information, compliance with liens, seizures and tax regulations;
- workplace management, such as travel and expense programs and internal health and safety programs;
- the management of operational activities, including production-related activities;
- the management of information systems;
- internal reporting;
- in order to protect Schlossberg Switzerland AG, its employees and the public from injury, theft, legal liability, fraud, abuse or threat to the security of our networks, communications, systems, facilities and infrastructures and from other legal and industry purposes.
Legal Basis for Processing
This use of personal data is based on one of the following legal bases, as applicable:
- the need to process your personal data in order to fulfill your employment contract;
- in order to take steps to enter into a contract with you;
- on the basis of Schlossberg Switzerland AG’s legal obligations as an employer;
- on the basis of Schlossberg Switzerland Ag’s legitimate business interests, including general personnel administration, general business activities, disclosure for auditing and reporting purposes, internal investigations, contractual obligations with third parties, the security management of networks and information systems, and the safeguarding of assets of Schlossberg Switzerland AG;
- in some special and limited cases related to your consent.
Special Categories of Personal Data ("Sensitive Personal Data")
We may also process sensitive and personal data if this is legally and commercially necessary or required by applicable law. Sensitive personal data is only collected, processed and transmitted if adequate data protection mechanisms are in place and, if required by law, after we have received your declaration of consent.
Disclosure and Categories of Recipients
We may disclose your personal information for legitimate purposes:
- for joint ventures, subcontractors, vendors or suppliers of Schlossberg Switzerland AG who provide services on our behalf for the aforementioned purposes;
- to a newly formed or acquiring company, if Schlossberg Switzerland AG is involved in the merger or transfer of some or all of its business segments;
- other recipients, if we are legally obliged to do so, e.g. in the event of a court order or on the basis of applicable law;
- to any recipient with your consent to verify professional background or bank credit; or
- to any recipient where there is a particular need, e.g. in life-threatening emergencies.
We take reasonable steps to ensure that personal information is accurate, complete and current. Please note that you have a shared responsibility with respect to the accuracy of your personal information. Please inform the human resources department if your or your beneficiaries’ or family members’ personal information changes.
Your rights in relation to personal data
- Information, Rectification and Transmission
You may request information about your personal data stored by Schlossberg Switzerland AG. You are also entitled to request the correction of incomplete, incorrect or outdated personal data. To the extent required by applicable law, you may also request that we transfer any personal information you provide to us or to other companies.
We respect your right to object to any use or disclosure of your personal information that is not
- required to fulfill a contractual obligation (your employment contract) or
- is required for our legitimate needs (e.g. disclosures in general personnel administration, general administrative disclosures for audit and reporting purposes or for internal investigations, security management of network and information systems, and protection of Schlossberg Switzerland AG assets).
If you raise an objection, we will work with you to find an acceptable solution. You may also withdraw your permission to us processing your personal data, which is based on your consent, at any time.
You have a right to deletion of your personal data within the scope of the legal regulations. This applies, for example, if your data is obsolete or the processing is not necessary or unlawful; if you withdraw your consent to processing based on such consent; or if we determine that we should pursue an objection raised by you against instances of processing on our part. Under certain circumstances, it may be necessary for us to retain your personal data in accordance with our legal obligations or for the purpose of asserting, exercising or defending legal claims.
- Restriction of Processing
To the extent required by law, you may also request that, while we are processing your application or complaint regarding
- the accuracy of your personal data
- our legitimate interests in the processing of such data
- the lawfulness of the processing of your personal data
we restrict the processing of your personal data. You may also request that your personal data be restricted if you wish to use the personal data for litigation.
You can exercise these rights free of charge by contacting our data protection officer. However, we may charge a reasonable fee or refuse to comply with a request if it is manifestly unfounded or disproportionate, in particular because of its repetitive nature. In some cases, we may refuse to act or enforce a limitation of your rights, for example, if your request is likely to adversely affect the rights and freedoms of us or others, jeopardize the execution and enforcement of a law, adversely affect pending or threatened litigation, or violate applicable law. In all cases, you are entitled to file a complaint with the data protection officer of the Canton of Zurich.
We have taken precautions to protect your personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. We have taken appropriate technical and organizational measures to protect the data systems on which your personal data is stored, and we demand this protection on a contractual basis from our suppliers and service providers. In the event that the corresponding information is provided by us, you as an applicant may send us your applications by email. Please note, however, that emails are generally not sent in encrypted form and that you as an applicant must ensure that they are encrypted yourself. Therefore, we cannot assume any responsibility for the transmission path of the application between you as sender and its reception on our server. In the event of a successful application, the data provided by you as an applicant can be further processed by us for the purposes of the employment relationship.
If your application for a job offer is not successful, the data will be deleted. Your data will also be deleted if you have withdrawn your application, which you are entitled to do at any time. Subject to your justified revocation, the data will be deleted after a period of six months so that we can answer any follow-up questions regarding the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with the provisions of tax law.
If your application for a job is successful, we will retain your personal information for as long as necessary to fulfill the purpose for which it was collected; this will generally be the duration of a contractual relationship and any subsequent period if required or required by applicable law. Our retention policy reflects the applicable statute of limitations and regulatory requirements.
10 UPDATE AND AMENDMENT OF THIS DATA PROTECTION DECLARATION
This privacy statement is current as of 24.06.2022.