Data protection policy
1. Name and address of the controller
The controller as defined in the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:
SCHAEFER KALK GmbH & Co. KG
Telephone: +49 (0) 6432 503 - 0
Telefax: +49 (0) 6432 503 - 269
2. Name and address of the data protection officer
The controller’s data protection officer is:
S&L ITcompliance GmbH
Telephone: +49 (0) 261 92736 - 155
3. General information on data processing
1. Scope of the processing of personal data
As a matter of principle, we collect and use personal data from our users only insofar as this is necessary to provide a functional website with our content and services. The collection and use of personal data from our users takes place only after the consent of the user (the data subject) is obtained. An exception is made in those cases in which it is not possible to obtain prior consent for factual reasons and processing of the data is permitted by legal regulations.
2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for processing activities involving personal data, Art. 6 (1) lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
For processing personal data that is necessary for the implementation of a contract to which the data subject is a party, Art. 6 (1) lit. b of the GDPR serves as the legal basis. This also applies to processing activities that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfillment of a legal obligation to which our company as the controller is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.
If the vital interests of the data subject or another natural person make it necessary to process personal data, Art. 6 (1) lit. d GDPR serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the aforementioned interest, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.
3. Data deletion and data retention period
The data subject’s personal data will be erased or blocked as soon as the reason for storing the data ceases to apply. Furthermore, storage may take place if it has been provided for by European or national legislators in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or erased if a storage period specified by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract.
4. Preparation of the website and creation of log files
1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.
The following data is collected:
- (1) Information about the browser type and version being used.
- (2) The user's operating system
- (3) The user's Internet service provider
- (4) The user's IP address, anonymized by 2 bytes (e.g. 192.168.0.0).
- (5) Date and time of access
- (6) Websites from which the user's system accesses our Internet site
- (7) Websites that are accessed by the user's system via our website
This data is stored in our system's log files. The user's IP addresses are stored anonymously so that it is not possible to attribute the data to a particular user. This data is not stored together with any other personal data of the user.
5. Web analytics by Matomo
1. Scope of the processing of personal data
We use the open-source software tool Matomo on our website to analyze our users' surfing behavior. The software sets a cookie on the user's computer (for cookies, see above). If individual pages of our website are accessed, the following data is stored:
- (1) Two bytes of the IP address of the user's accessing system (e.g. 192.168.0.0).
- (2) The accessed webpage
- (3) The website from which the user has visited the accessed webpage (referrer)
- (4) The subpages that are accessed from the visited webpage
- (5) The time spent on the webpage
- (6) The frequency of visits to the webpage
The software runs only on our website's servers. Storage of the user's personal data only takes place there. The data is not passed on to third parties.
The software is configured so that the IP addresses are not stored in their entirety; instead, 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way it is not possible to attribute the shortened IP address to the accessing computer.
2. Legal basis for the processing of personal data
The legal basis for the processing of the users' personal data is Art. 6 (1) lit. f GDPR.
3. Purpose of the data processing
The processing of users' personal data allows us to analyze the surfing behavior of our users. By analyzing the data obtained, we are able to compile information about how the individual components of our website are used. This helps us to continually improve our website and its user-friendliness. The same purposes are the basis for our legitimate interest in processing the data in accordance with Art. 6 (1) lit. f GDPR. The anonymization of the IP address sufficiently addresses the interest of users in their personal data protection.
4. Data storage period
All data is erased as soon as it is no longer required for our record-keeping purposes.
In our case this is after 3 months.
5. Objection and removal options
6. Contact form and email contact
1. Description and scope of data processing
A contact form is available on our website, which can be used to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored. This data includes:
- (1) Name
- (2) Company
- (3) Street (optional)
- (4) Postcode and town/city (optional)
- (5) Telephone number
- (6) Email address
- (7) Inquiry text
- (8) Request for information about individual products
The following data is also stored at the time the message is sent:
- (1) Date and time of transmission
Your consent to the processing of your data is obtained during the submission process and reference is made to this data protection policy.
Alternatively, we can be contacted using the email address provided. In this case, the user's personal data transmitted with the email will be stored.
This data will not be made available to third parties. The data will be used solely for processing of the inquiry.
2. Legal basis for data processing
The legal basis for processing of the data when the user has given consent is Art. 6 (1) lit. a GDPR.
The legal basis for the processing of data transmitted during the sending of an email is Art. 6 (1) lit. f GDPR. If the purpose of the email contact is to conclude a contract, an additional legal basis for the data processing is Art. 6 (1) lit. b GDPR.
3. Purpose of data processing
Personal data collected from the input mask is used solely for the purpose of processing the contact. When contact is made by email, this constitutes the necessary legitimate interest in processing of the data.
The additional personal data processed during submission is used to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Data retention period
The data is erased as soon as it is no longer required for the purpose for which it was collected. This is the case for the personal data from the input mask of the contact form and the data transmitted by email when the respective dialogue with the user has ended. The dialogue is considered to have ended when circumstances indicate that the matter in question has been conclusively resolved.
5. Objection and removal options
The user has the option of withdrawing consent to the processing of personal data at any time. If the user contacts us by email, he can object to the storage of his personal data at any time. In such a case the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.
7. Third party providers - content and services -
The provider reserves the right to integrate third party services and content such as Google maps/Open Street Maps, YouTube videos, third party graphics, RSS feeds, etc., into its Internet presence. A query of your IP address by the third party provider is required to successfully display this content. The provider endeavors to include only such third party services in its Internet presence that use the queried IP address solely for the successful presentation of the relevant information. However, the provider cannot rule out the use of your IP address for additional statistical purposes. In the event of positive knowledge of this, the provider will be notified explicitly.
8. Youtube Video Service
We use the YouTube service to present video content. This service is provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you visit one of our pages with an embedded video, you can request the video player from the YouTube page to load after giving explicit consent.
After you have given your consent, the following data will be transmitted to Google by your browser:
- (1) IP address of the terminal device that you are using
- (2) The website that you are visiting with us in which the video is embedded.
- (3) The date and time of your visit
- (4) The time spent on the website
- (5) The identification data of the employed browser and operating system.
You can find further information on the processing of data by Google at: https://policies.google.com/privacy?hl=en
Our Internet website uses so-called "cookies". Cookies are small text files and do not harm your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted when you log out. Permanent cookies remain stored on your terminal device until you delete them yourself or until they are automatically deleted by your web browser.
In some cases, cookies from third parties may also be stored on your terminal device when you visit our site (third-party cookies). These enable us or you to use certain services provided by the third-party enterprise.
Cookies have various functions. Many cookies are necessary for technical reasons, as certain website functions would not work without them (e.g. the display of videos). Other cookies are used to analyze user behavior or to display advertising.
Cookies that are necessary to conduct the electronic communication process (necessary cookies) or to provide certain functions that you desire (functional cookies, e.g. for the shopping cart function) or to optimize the website (e.g. cookies to gauge the web audience) are stored pursuant to Art. 6 (1) lit. f GDPR, provided no other legal basis is specified. The website operator has a legitimate interest in storing cookies to ensure the technically error-free and optimized provision of its services. If consent to the storage of cookies has been requested, then storage of the cookies in question is based exclusively on this consent (Art. 6 (1) lit. a GDPR); such consent may be withdrawn at any time.
You can set your browser so that you are informed about the placing of cookies and only allow cookies in specific cases, refuse to accept cookies for certain cases or in general and activate the automatic deletion of cookies when you close your browser. When cookies are disabled, the functions of this website may be impaired.
If cookies are used by third parties or for the purpose of analysis, we will inform you of this separately in this data protection declaration and, if necessary, request your consent.
10. Rights of the data subject
If your personal data is processed, you are a data subject as defined by the GDPR and you have the following rights against the controller:
1. Right of access
You may obtain confirmation from the controller as to whether personal data concerning you are being processed by us.
If such processing is taking place, you may obtain information from the controller about the following:
- (1) the purposes of processing of the personal data;
- (2) the categories of personal data that are being processed;
- (3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
- (4) the envisioned period for which the personal data concerning you will be stored, or if specific information on this is not obtainable, the criteria used to determine the retention period;
- (5) the existence of the right to rectify or erase personal data concerning you, a right to restrict processing by the controller, or a right to object to such processing;
- (6) the existence of a right to lodge a complaint with a supervisory authority;
- (7) any available information about the source of the data, if the personal data are not collected from the data subject.
You have the right to request information about whether the personal data concerning you are transferred to a third party country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer of your data.
2. Right to rectification
You have a right to obtain rectification and/or completion from the controller, where the processed personal data concerning you are inaccurate or incomplete. The controller shall perform the rectification without delay.
3. Right to restrict data processing
You may request restriction of the processing of personal data concerning you where the following applies:
- (1) you contest the accuracy of the personal data concerning you for the period of time the controller needs to verify the accuracy of the personal data;
- (2) the processing is unlawful and you oppose the erasure of the personal data and request instead that use of the personal data be restricted;
- (3) the controller no longer needs your personal data for the purpose of processing, but you need them for the establishment, exercise or defense of legal claims, or
- (4) you have objected to the processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.
Where the processing of personal data concerning you has been restricted, such data may - with the exception of storage - only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been restricted under the above conditions, you will be informed by the controller before the restriction is lifted.
4. Right to erasure
4.1 Obligation to erase
You may request that the controller erase the personal data concerning you without delay, and the controller is obliged to erase such data without delay where one of the following grounds applies:
- (1) The personal data concerning you are no longer necessary for the purpose for which they were collected or otherwise processed.
- (2) You withdraw your consent on which the processing was based pursuant to Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR and there is no other legal ground for the processing.
- (3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
- (4) The personal data concerning you have been processed unlawfully.
- (5) Erasure of the personal data concerning you is necessary for compliance with a legal obligation in Union or Member State law to which the controller is subject.
- (6) The personal data concerning you were collected in relation to the offer of information society services pursuant to Art. 8(1) GDPR.
4.2 Information to third parties
If the controller has made your personal data public and is obliged to erase it pursuant to Art. 17 (1) GDPR, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing your personal data that you, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, these personal data.
The right to erasure shall not apply where the processing is necessary
- (1) for exercising the right to freedom of expression and information;
- (2) for compliance with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- (3) for reasons of public interest in the field of public health in accordance with Art. 9 (2) lit. h and i as well as Art. 9 (3) GDPR;
- (4) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Art. 89 (1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
- (5) for the establishment, exercise or defense of legal claims.
5. Right to notification
If you have asserted the right to rectification, erasure or restriction of processing against the controller, the controller is obligated to notify each recipient to whom the personal data concerning you has been disclosed of this rectification or deletion of the data or restriction of processing of the data, unless this proves impossible or involves disproportionate effort.
You have the right to be notified of these recipients by the controller.
6. Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, where
- (1) the processing is based on consent pursuant to Art. 6 (1) lit. a or Art. 9 (2) lit. a GDPR or on a contract pursuant to Art. 6 (1) lit. b GDPR and
- (2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you be transmitted directly from one controller to another, where technically feasible. Freedoms and rights of other persons shall not be adversely affected by this.
The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) lit. e or f GDPR; this also applies to profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
When personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this includes profiling, to the extent that it is related to such direct marketing.
When you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for these purposes.
You may, in the context of the use of information society services, and notwithstanding Directive 2002/58/EU, exercise your right to object by means of automated procedures using technical specifications.
8. Right to withdraw the declaration of consent under data protection law
You have the right to withdraw your declaration of consent to the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes GDPR regulations.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.