Privacy Policy
We are pleased that you are visiting our homepage and thank you for your interest in our company. Compliance with data protection regulations is of particular importance to us. The aim of this privacy policy is to inform you as a user of the website about the type, scope, and purpose of the processing of personal data and the rights you have as a data subject within the meaning of Art. 4 No. 1 of the General Data Protection Regulation (GDPR).
- Responsible Entity
This website and the service offering are operated by:
Schlüter & Maack GmbH
Stadthausbrücke 12
20355 Hamburg
Telefon: +49 (0) 40 – 32 81 10-0
E-Mail: info(at)schlueter-maack.de
- General Information
We have designed the development of the website to collect as little data as possible from you. In principle, it is possible to visit our website without providing personal data. Only when you decide to use certain services (e.g., use of the contact form) does the processing of personal data become necessary. We always ensure that your personal data is processed only in accordance with a legal basis or with your consent. We adhere to the regulations of the GDPR, which has been in force since May 25, 2018, and the applicable national regulations, such as the Federal Data Protection Act, the Telemedia Act, or other specific data protection laws.
- Purpose and Legal Basis of Processing Personal Data
We always process your personal data for specific purposes. In summary, we process your personal data for the following purposes:
- To handle your inquiries when you contact us (e.g., email address, first name, last name);
- For the technical realization of our website and to provide you with our information on this website (e.g., IP address, cookies, browser information);
- To receive and process your application for one of our job offers.
The specific purposes are described in the respective processing operations (e.g., application, etc.). Regarding the legal basis for the processing of your personal data, the following applies:
- Personal data required for the establishment, execution, or termination of our service offering (contract processing) is processed on the legal basis of Art. 6 para. 1 lit. b GDPR.
- If we obtain your consent for the processing of your personal data, the consent forms the legal basis for the data processing according to Art. 6 para. 1 lit. a GDPR.
- Data processing is also permissible if we process your data to protect our legitimate interests and your interests or fundamental rights and freedoms regarding the processing of personal data do not outweigh these interests. If we use external service providers within the framework of order data processing, the processing is carried out on the legal basis of Art. 28 GDPR.
- Collected and Processed Personal Data
Within the scope of our web offering, we collect and process certain personal data from you. We inform you about which data is specifically processed in the respective processing operations described here. We will only collect and process your data for the purposes stated in this privacy policy. Any use beyond the stated purpose requires your explicit consent. The same applies to the transfer and transmission of your data to third parties.
- Collection of Personal Data When Visiting Our Website
When you use the website for informational purposes only, i.e., if you do not otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (the legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request comes
- Browser
- Operating system and its interface
- Language and version of the browser software.
This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers. We use the following host:
Host Europe GmbH
Pilgrimstraße 6
50674 Cologne
We have concluded an order processing contract (AVV) with the named provider. This is a data protection legally required contract that ensures that this provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
In addition to the aforementioned data, cookies are stored on your computer when you use our website. For more information, please refer to the “Cookies” section of this privacy policy.
- Cookies
Information is collected and stored on our website through the use of so-called browser cookies. Cookies are small text files that are stored on your data carrier and save certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie data was sent, information about the age of the cookie, and an alphanumeric identification mark.
As long as you visit our website, a session cookie (“PHPSESSID”) is created by our domain, which usually does not store any characteristics about your person but assigns a session ID that allows a user to be assigned to multiple sessions. Session cookies are automatically deleted after closing the browser or lose their validity as soon as their session has automatically expired.
If you do not wish to use browser cookies, you can set your browser to not accept cookies. Please note that in this case, you may only be able to use our website to a limited extent or not at all.
- Contact
You can contact us by email. In this case, we store the personal data you provide to process your request and to contact you to handle your request. Depending on the type of request, the legal basis for this processing is Art. 6 para. 1 lit. b GDPR for inquiries that you make yourself as part of a pre-contractual measure or Art. 6 para. 1 sentence 1 lit. f GDPR if your request is of another nature. The legitimate interest follows from the purposes mentioned under section 3 a.). If personal data is requested that we do not need to fulfill a contract or to protect legitimate interests, the transmission to us is based on your consent according to Art. 6 para. 1 lit. a GDPR.
- Application Process
We publish job offers that you can apply for by email. If you decide to apply for an open position, we process the personal data you provide and transmit to us exclusively for the purpose of conducting the application process. In the event of a rejection, we delete your data as soon as a legally required retention period of 6 months has expired. The period begins with the sending of the rejection. If you have expressly consented to the further use of your data for a later approach regarding possibly interesting positions, we will continue to store your data according to the consent. We do not pass on your personal data to third parties outside the specific application process without your explicit consent or without a legal basis. Data transfer to a third country, i.e., countries outside the European Economic Area (EEA), does not take place.
For the assessment of an application, we do not require any information on the so-called “special categories of personal data.” These are data from which racial and ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership can be derived, as well as genetic data, biometric data for the unique identification of a natural person, health data, or data on the sexual life or sexual orientation of a natural person. We strongly recommend that you do not provide any information about the aforementioned data in your stored data. You only need to provide the data required in the application process. There is no obligation to provide certain data to us. However, without providing the required data, an appropriate application process cannot usually be realized.
Please note that applications you send to us by email are transmitted unencrypted. Therefore, there is a risk that unauthorized persons may intercept and use this data. We recommend transmitting the information in encrypted attachments. You can then provide us with passwords, for example, by phone.
The legal basis for processing your personal data in the context of the application process is § 26 para. 1 in conjunction with para. 2 BDSG.
No automated decision-making processes are used within our application process. We do not use data for profiling to establish and conduct the application process.
- Presence on Social Media
To best present our company and communicate with you as a user, customer, or interested party and inform you about our services, we use social media presence. When using social networks, data is processed outside the European Union (EU) and the European Economic Area (EEA). An equivalent level of data protection as in the EU cannot be guaranteed in all countries outside the EU. This may lead to risks for you as a user if the transmitted data is processed in so-called third countries with an inadequate level of data protection.
This makes it difficult to enforce known user rights. Additionally, your data may not be processed in your interest by the provider in the third country. We only transfer personal data to third countries for which an adequate level of protection has been confirmed or if the transfer of personal data can be ensured through contractual agreements or other appropriate safeguards.
In addition to the respective provider of a social network, we also collect and process personal user data on so-called “fan pages.” With this notice, we inform you about which data we collect from you on our social media presences, how we use it, and how you can object to the use of data. The respective data processing purposes and data categories can be found in the respective, more detailed offer listed below. The activities we operate on social media, which are described in more detail below, are carried out based on a balance of interests according to Art. 6 para. 1 lit. f) GDPR.
To achieve this, cookies are used to capture user behavior and enable user profiling. A specific list of the purposes of processing user data can be found in the data protection notices of the respective providers. By making appropriate settings in your user account, you can at least partially restrict profiling. Please read the respective data protection notices of the respective provider for the exact procedure.
The relevant platforms are:
Platform | Responsible Entity | Protection notices oft he platform operator |
New Work SE Am Strandkai 1, 20457 Hamburg, Deutschland | https://privacy.xing.com/de/datenschutzerklaerung | |
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland | https://de.linkedin.com/legal/privacy-policy? |
Schlüter & Maack GmbH operates profiles on the listed platforms to draw attention to products and service offerings and to interact with customers, interested parties, and other users of the platform.
The platform operators use certain data collected from users of the platform (e.g., whether a photo on a profile has been marked with “Like” or commented on) to create aggregated usage statistics and provide them to the respective profile operators (so-called “Insights” or “Analytics”). We, as profile operators, also receive such usage statistics. The information we receive as profile operators does not allow any conclusions to be drawn about individual users. The profile operator itself does not have access to personal data processed by the platform operators for the creation of usage statistics. Only the respective platform operator determines which data is processed for these purposes and in what way. Schlüter & Maack GmbH, as the profile operator, has no legal or actual influence on the processing by the platform operators. For processing in connection with the creation of usage statistics, Schlüter & Maack GmbH and the respective platform operator are considered joint controllers within the meaning of Art. 26 GDPR. Where possible, agreements on joint responsibility exist with the respective platform operators.
In addition, data processing by Schlüter & Maack GmbH as the profile operator takes place only to a very limited extent:
- Processing of usernames and individual messages when you contact us via messenger services
- Recruiting potential applicants on career platforms
For these purposes, we usually only process your name, message content, comment content, and the profile information you have “publicly” provided.
- Rights of the Data Subject
You have the right:
- According to Art. 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been disclosed or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
- According to Art. 16 GDPR, to request the immediate correction of incorrect or completion of your personal data stored by us;
- According to Art. 17 GDPR, to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, or for the assertion, exercise, or defense of legal claims;
- According to Art. 18 GDPR, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse its deletion, and we no longer need the data, but you need it for the assertion, exercise, or defense of legal claims, or you have objected to the processing according to Art. 21 GDPR;
- According to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request the transfer to another responsible party (data portability);
- According to Art. 7 para. 3 GDPR, to revoke your consent given to us at any time. This has the consequence that we may no longer continue the data processing based on this consent for the future and
- According to Art. 77 GDPR, to lodge a complaint with a supervisory authority. In general, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters.
- Right to Object
If your personal data is processed based on legitimate interests according to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data according to Art. 21 GDPR, provided that there are reasons arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which we will implement without specifying a particular situation.
If you wish to exercise your right of revocation or objection, an email to Datenschutz@schlueter-maack.de is sufficient.
- Disclosure of Your Personal Data
The disclosure of your personal data takes place as described below. Disclosure also occurs if we are entitled or obliged to disclose data due to legal provisions and/or official or court orders. This may particularly involve providing information for law enforcement purposes, to avert danger, or to enforce intellectual property rights.
If your data is disclosed to service providers to the necessary extent, they only have access to your personal data to the extent necessary to fulfill their tasks. These service providers are obliged to treat your personal data in accordance with the applicable data protection laws, particularly the GDPR.
Beyond the aforementioned circumstances, we generally do not transfer your data to third parties without your consent. In particular, we do not transfer personal data to a third country or an international organization.
- Data Security
Unfortunately, the transmission of information over the internet is never 100% secure, which is why we cannot guarantee the security of data transmitted to our website over the internet. However, we secure our website through technical and organizational measures against loss, destruction, access, alteration, or dissemination of your data by unauthorized persons.
In particular, your personal data is transmitted to us in encrypted form. We use the SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption system. Our security measures are continuously improved in line with technological developments.
- Storage Duration for Personal Data
Regarding the storage duration, we delete personal data as soon as its storage is no longer necessary for the fulfillment of the original purpose and no legal retention periods exist. The legal retention periods ultimately determine the final duration of the storage of personal data. After the period expires, the corresponding data is routinely deleted. If retention periods exist, the processing is restricted in the form of blocking the data.
- References and Links
When accessing internet pages referred to within our website, you may be asked again for information such as name, address, email address, browser properties, etc. This privacy policy does not regulate the collection, transfer, or handling of personal data by third parties.
Third-party service providers may have different and own provisions for handling the collection, processing, and use of personal data. Therefore, it is advisable to inform yourself about their practices for handling personal data on the internet pages of third parties before entering personal data.
- Changes to the Privacy Policy
We continuously develop our website to provide you with an ever-improving service. We will keep this privacy policy up to date and adjust it accordingly if and to the extent necessary. You can access the current version of our privacy policy at any time on the internet at https://www.schlueter-maack.de/datenschutz/.
- Data Protection Officer
We have appointed a data protection officer:
Philipp Herold
Herold Unternehmensberatung GmbH
Hafenstraße 1a
23568 Lübeck
E-Mail: Datenschutz@schlueter-maack.de
© M-DSB PRIVACY POLICY – Schlüter & Maack GmbH V3 / As of 10.2024