Privacy Notice for customers and other data subjects

As a data processing company, the protection of your personal data is very important to us. We treat your personal data confidentially and in accordance with the statutory data protection regulations, e.g., the General Data Protection Regulation (GDPR), as well as on the basis of this privacy notice.

The present privacy notice informs you in accordance with Art. 12 et seq. GDPR about the handling of your personal data to ensure fair and transparent processing. To this end, we will provide you with an overview of how we process your personal data, inform you about your rights under data protection law and gladly tell you who you can contact if you have any questions. Which data is processed in detail and how it is used depends largely on the services you have requested or commissioned. Therefore, not all parts of this information will probably apply to you directly.

Who is responsible for the data processing?

The controller within the meaning of Art. 4 No. 7 GDPR is regularly the company with which you have concluded your contract or agreement or conducted your communication, and which decides on the purposes and means of processing your personal data.

Please refer to your documents to find out which one this is in your case. You will find corresponding information on the respective person responsible below:

Data Protection Officer

If you have any questions regarding data protection, please contact our data protection officer at the above address with the addition "attn. data protection officer" or electronically at: datenschutz@scheer-group.com.

For what, i.e., for what purposes and on what legal basis do we process your data?

We process your personal data on the basis of the following legal grounds for the following purposes.

For the fulfillment of a contract or pre-contractual measures

If you are already our customer or business partner, or if you provide us with your personal data as part of a business initiation (e.g., when you express interest in our services in various ways, such as at trade fairs), we process this personal data for the purpose of implementing the contractual relationship or for pre-contractual purposes at your instigation pursuant to Art. 6 (1) sentence 1 lit. b GDPR. This also includes the use for the purpose of an in-depth check whether an order can be accepted at all as well as for the purpose of fulfilling mutual open claims. The purposes of processing are primarily based on your or our product interest and may also include needs analyses as well as general advice.

The specific services involved can be found in the respective contract documents, terms and conditions, and product information. In the case of existing contracts, we may collect additional personal data from you in individual cases. This may be the case, for example, if we advise you on a contract amendment or an extension of services, for which it may be useful to consider the entire customer relationship.

Fulfillment of a legal obligation

We also process your personal data to fulfill numerous legal obligations. These include, in particular, retention periods under commercial, trade or tax law, e.g., for offers, contracts or invoices. They also include reporting obligations or possible regulatory and industry-specific requirements. Industry-specific requirements may also have been imposed on us by you during the business relationship.

We therefore process your personal data in accordance with Art. 6 para. 1 p. 1 lit. c GDPR.

Legitimate interest

We also process your data to protect legitimate interests of us or third parties (e.g., cooperation partners) in accordance with Art. 6 para. 1 p. 1 lit. f GDPR.

Thus, we are not only happy to permissibly send you personal communications (e.g., invitations) to provide further information about us or our products and services, but also to invite you to participate in customer surveys, for example, so that we can better understand your needs overall, strengthen our relationship with you, and design our products and services to meet your requirements. We compile customer or market-specific statistics to optimize our service portfolio for you and thus for business management purposes. We also process your personal data to possibly assert our rights in case of disputes and to be able to enforce our legal claims.

Finally, we process your personal data insofar as this is necessary to prevent or prosecute criminal offenses, to ensure smooth IT operations, within the scope of building security measures (e.g., access control) and to ensure house rights.

Consent

Insofar as you have given us consent to process your data for certain purposes (e.g., receipt of our newsletter), the lawfulness is given according to Art. 6 para. 1 p. 1 lit. a GDPR. A given consent can of course be revoked at any time with effect for the future. Please note that in the case of processing that has already been initiated, a revocation may only be realized with a delay, and that in individual cases, especially e.g., in connection with information that is retrievable on the Internet, a further withdrawal may be difficult or impossible.

What sources do we use, and categories of data do we process?

In principle, we process personal data that we receive from you during our business relationship. In addition, we process - if necessary for the provision of our service - personal data that we have permissibly received from a company of our Scheer Group or other third parties (e.g., credit agencies) (e.g., creditworthiness inquiries in connection with the execution of orders). On the other hand, we may also process data that we have permissibly obtained from publicly accessible sources (e.g., commercial register, press) and are permitted to process.

The following categories of data may have been collected by us: 

• Personal master data (e.g., surname, first name, address data)
• Contact details (e.g., phone, email, preferred language, time zone)
• Information about planned projects and your interest in products and services.
• Information about your profession/company (e.g., industry, employment, employer, position, title, department, company address).
• Order characteristics (e.g., customer number)
• Data from the fulfillment of our contractual obligations (e.g., turnover data in payment transactions),
• Data on legitimation and authentication
• Documentation data (e.g., protocols)
• data while visiting our website (cf. the data protection information integrated on the respective page, e.g., https://www.scheer-group.com/en/privacy-notice/).

We require your aforementioned personal data in particular for the establishment and implementation of our business relationship and for the fulfillment of the associated contractual obligations. Without the processing of your data in this regard, we are usually not able to conclude or execute the contract with you or to fulfill your request.

Who gets access to your personal data?

Within our group of companies, your personal data will be made available on a need-to-know basis only to those departments that require it to fulfill the aforementioned purposes (e.g., marketing, sales, project staff, accounting). In principle, your data will not be passed on outside our group of companies. However, other parties may be those to whom we are legally obligated to disclose your data in some way (e.g., public bodies and institutions), for the enforcement of outstanding claims (e.g., lawyers), for which you have given us your consent (e.g., as a reference), or such service providers who necessarily support us in the provision of services. These may include, for example, those in the categories of IT services, certification/auditing, logistics, printing services, archiving, waste disposal, telecommunications, consulting, debt collection or marketing, insofar as a data protection law authorization to transfer exists. If processors are directly involved in the provision of part of the subject matter of the service, this is done in compliance with the requirements of Art. 28 GDPR. In no case do we sell your personal data.

In principle, we do not transfer your data to third countries. Since our group of companies also includes companies in third countries or, to be competitive, service providers with company headquarters, parent company or a data center in third countries support us on a case-by-case basis, it may be necessary for a transfer to take place. In such cases, we ensure within the scope of our possibilities that only such data is accessed as is necessary for the performance of the specific task and that appropriate security measures (e.g., adequacy decision of the EU Commission, standard contractual clauses, other technical measures) are taken.

Your rights as a data subject

You have a variety of rights regarding the processing of your personal data within the scope of the respective regulations (especially Art. 15-21 GDPR):

• Right to information,
• Right of rectification,
• Right of deletion,
• Right to restriction of processing
• Right to data portability.
• You also have the right to be subject to an individual decision that is not exclusively automated.
• Right to complain to a competent data protection supervisory authority.

The right to information and the right of deletion are subject to legal restrictions. You also have the right to object to the processing of your personal data for direct marketing purposes. If we process your data for the protection of legitimate interests, you may object to this processing if reasons arise from your particular situation that speak against data processing.

You can find more details on the right to object below.

Does automated decision making take place exclusively?

Neither in the establishment nor in the implementation of the business relationship is a fully automated decision-making (a decision based purely on automated processing) in accordance with Article 22 GDPR.

Does profiling take place?

We process some of your data in a partially automated manner (e.g., click rate in the online area, creditworthiness, customer management, payment behavior) with the aim of getting to know and understand you and your needs better. This enables us to provide needs-based communication and advertising, including market and opinion research. No fully automated profiling takes place.

Duration of data storage

Unless you request deletion of the data, we will store your personal data for as long as they are needed for the purpose for which they were collected. In addition, storage may take place, if a contractual relationship exists or existed, for the fulfillment of commercial and tax law retention obligations (e.g., 2 to 10 years) or for the preservation of evidence within the framework of legal statutes of limitation (e.g., up to 30 years).

Right of objection according to Art. 21 GDPR

Right to object on a case-by-case basis:

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 (1) sentence 1 lit. f GDPR. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR, which we use for credit rating or advertising purposes.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise, or defend legal claims.

Right to object to processing of data for direct marketing purposes:

In individual cases, we process your personal data to conduct direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. This also applies to profiling, insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

The objection can be made form-free and should be addressed to the above-mentioned responsible person if possible.

Other notes

As the recipient of this information, please inform any other persons in your company who may be affected. We reserve the right to update this information if necessary.

Notice as of: September 2023