The controller’s data protection officer is:

Tanja Graf
Schobertechnologies GmbH
Industriestraße 2
71735 Eberdingen
Germany

E-mail: datenschutzbeauftragter@schobertechnologies.de

1. Scope of processing of personal data

As a rule, we only collect and use the personal data of our users to the extent that this is necessary to provide a fully functional website, our contents and our services. Generally, we only collect and use the personal data of our users after we have obtained the user’s consent.  An exception applies only in such cases in which the prior consent cannot be obtained for factual reasons and in which the processing of data is permitted under statutory provisions.

2. Legal basis for the processing of personal data

To the extent that we obtain the consent of data subjects for the processing of personal data, Art. 6 (1) letter a of the EC General Data Protection Regulation (GDPR) is applied as the legal basis for the processing of personal data.

Where the processing of personal data is necessary to fulfil a contract to which a data subject is a party, Art. 6 (1) letter b GDPR is applied as the legal basis. The same applies to processing that is required to carry out pre-contractual measures.

To the extent that the processing of personal data is required to fulfil a legal obligation to which our company is a subject, Art. 6 (1) letter c GDPR is applied as the legal basis.

In the event that vital interests of the data subject or another individual require the processing of personal data, Art. 6 (1) letter d GDPR is applied as the legal basis.

If the processing is necessary to protect the legitimate interests of our company or a third party, and if the data subject’s interests, fundamental rights or fundamental freedom do not override the interests mentioned first above, Art. 6 (1) letter f GDPR is applied as the basis of processing.

3. Erasure of data and period of retention

The personal data of the data subjects will be deleted or made unavailable as soon as the purpose of their retention is no longer valid. Moreover, the data can be retained if this is provided in EU or member state legislation or other regulations, to which the controller is a subject. The data will be deleted or made unavailable also if a retention period has expired that is required by the mentioned norms, unless it is required to continue to store the data for the conclusion or fulfilment of a contract.

1. Description and scope of data processing

Every time our website is visited, our system automatically collects data and information about the computer system of the visitor.

In this event, the following data are collected:

(1) User’s IP address

(2) Date and time of the server request

(3) Websites from which the user’s system reaches our website

(4) Websites that are visited by the user’s system via our website

(5) Information about the browser type and the used version

(7) User’s operating system

The data is stored in the log files of our system. This data is not stored together with other personal data of a user.

2. Legal basis of data processing

The legal basis for the temporary storage of data and log files is Art. 6 para 1 letter f GDPR.

3. Purpose of data processing

The temporary storage of the IP address in the system is necessary to deliver the website to the user’s computer. For this, the user’s IP address must be stored as long as the session lasts.

Storage in log files is necessary to ensure the website’s functionality. Furthermore, we use the data to optimize the website and to ensure the security of our IT systems. In this connection, the data is not analyzed for marketing purposes.

Our legitimate interest in the processing of the data in accordance with Art. 6 para 1 letter f GDPR is also based on these purposes.

4. Duration of storage

The data will be deleted as soon as it is no longer required to fulfil the purpose of its collection. In the event that the data is collected to provide the website, this takes place as soon as the respective session has ended.

In the event that data is stored in log files, this takes place no later than thirty-one days thereafter.

5. Option of objection or removal

The collection of the data is mandatory to provide the website and the storage of the data in log files is also mandatory to operate the website. Therefore, the user cannot object to it.

1. Description and scope of data processing

Our website uses so-called cookies. Cookies are text files that are stored in or by the user’s internet browser on the user’s computer system. If a user requests a website, cookies can be stored in the user’s operating system. Each of these cookies contains characteristic strings that allow a clear identification of the browser if the website is revisited.

We use cookies to improve our website’s user-friendliness. Some elements of our website make it necessary that the requesting browser can be identified after switching to a new page.

In that case, the following data is stored in the cookies and transferred: language settings.

Furthermore, we use cookies from a third party – namely Google – to analyze a user’s browsing behaviour.

The data can be transmitted as follows: Google settings.

The data collected in this way is anonymized by technical means. Therefore, the data cannot be attributed to the requesting user any longer. The data is not stored together with any other personal data of a user.

When users visit our website, they are informed by means of a banner that we use cookies for analysis and we make reference to this privacy notice. In this connection, we also inform them how they can prevent the storage of cookies by adjusting their browser settings.

2. Legal basis of data processing

The legal basis for the processing of personal data by means of cookies is laid down in Art. 6 para 1 letter f GDPR.

3. Purpose of data processing

The purpose of technically required cookies is to facilitate the use of our website for the user. Some of the functions of our website cannot be offered without the use of cookies. For this, it is required that a browser is recognized again after switching to a new page.

We need cookies for the following applications: take over language settings.

The user data that is collected by technically required cookies is not used to create user profiles.

These analysis cookies are used to improve the quality of our website and its contents. From analysis cookies, we learn how our website is used and how we can continuously optimize our contents.

Our legitimate interest in the processing of personal data in accordance with Art. 6 para 1 letter f GDPR is also based on these purposes.

4. Duration of storage, option of objection or removal

Cookies are stored on the user’s computer and sent to our page from that computer. Therefore, you, as the user, are fully in control of the use of cookies. By changing the settings in your internet browser, you can disable or limit the transmission of cookies. Cookies that are already stored can be removed at any time. This can also take place automatically. If cookies are disabled for our website, however, it may be possible that not all of the functions of our website can be used to the fullest extent in that case.

1. Description and scope of data processing

Our website uses Google Analytics, the website analysis service of Google Inc. (“Google”). Google Analytics uses so-called cookies, that means, text files that are stored in or by a user’s internet browser on the user’s computer system. If a user requests our website, these analysis cookies by Google Analytics can be stored in the user’s operating system.

The cookies from Google Analytics allow an analysis of the user’s use of the website.

Google uses this information on behalf of the controller to analyze the use of our website, to create reports about website activities, and to perform other services for the controller in connection with the use of our website and the internet.  The IP address that is transmitted by your browser through Google Analytics is not combined with any other data from Google.

Among others, the following data is stored in these cookies and transferred:

(1) Number and time of previous visits

(2) Websites from which the user reaches our website

(3) Begin and end of sessions

For more information about the cookies used by Google Analytics, see:
https://developers.google.com/analytics/devguides/collection/analyticsis/cookie-usage.

The information about your usage of this website that is generated by the cookies is usually transferred to one of Google’s servers in the USA and stored there. At our website, however, we have IP anonymization enabled and therefore your IP address is truncated within the member states of the European Union or other states of the European Economic Area before it is transmitted. Only in exceptional cases, the full IP address is transmitted to one of Google’s servers in the USA and truncated there.

When users visit our website, they are informed by means of a banner that we use cookies for analysis and reference is made to this privacy notice.

2. Legal basis of data processing

The legal basis for the processing of personal data by means of cookies is laid down in Art. 6 para 1 letter f GDPR.

3. Purpose of data processing

Google Analytics is used to improve the quality of our website and its contents. From analysis cookies, we learn how our website is used and how we can continuously optimize our contents.

Analysis cookies help the controller, including but not limited to, to control the analytics software and to differentiate users over periods between 24 hours and up to two years.

For more information about the cookies used by Google Analytics, see:
https://developers.aooale.com/analytics/devauides/collection/analyticsis/cookie-usage.

Our legitimate interest in the processing of personal data in accordance with Art. 6 para 1 letter f GDPR is also based on these purposes.

4. Duration of storage, option of objection or removal

The cookies of Google Analytics are stored on the user’s computer for up to 2 years and the information generated by the cookies is transmitted to Google.

As the user, you are fully in control of the use of cookies. By changing the settings in your internet browser, you can disable or limit the transmission of cookies. Cookies that are already stored can be removed at any time. This can also take place automatically. If cookies are disabled for our website, however, it may be possible that not all of the functions of our website can be used to the fullest extent in that case.

Moreover, you can prevent the transmission of the data generated by the cookie with respect to the use of our website (including your IP address) to Google and its processing by Google by following the link below and downloading and installing the browser plug-in that is available there:
http://tools.aooale.com/dlpaae/aaoptout?hl=de

1. Description and scope of data processing

We have a contact form at our website that can be used to contact us in electronic form. If a user uses this option, the data entered in this form is submitted to and stored by us. Such data are:

(1) Mandatory fields: first name, last name, telephone, E-mail address.

(2) Optional: company name, address, state, country, fax number, message, requested information.

Alternatively, you can contact us by using the provided E-mail address. In that case, the user’s personal data that is transmitted to us by E-mail is stored.

In this connection, we do disclose the data to third parties. The data is used exclusively to handle the correspondence.

2. Legal basis of data processing

The legal basis for the processing of the data, if consent was obtained from the user, is set out under Art. 6 para 1 letter a GDPR.

The legal basis for the processing of the data that was submitted by E-mail is set out under Art. 6 para 1 letter a GDPR. If any E-mail contact is targeted at the conclusion of a contract, the processing of the data is based on Art. 6 para 1 letter b GDPR in addition.

3. Purpose of data processing

The personal data from the entry screen is only used to make contact. If contact is made by E-mail, this is deemed to be the required justified interest for the processing of the data too.

4. Duration of storage

The data is deleted as soon as it is no longer required to fulfil the purpose of its collection. For personal data entered in the contact form and data that was submitted by E-mail, this is the case as soon as the respective conversation with the user has ended. A conversation is deemed to have ended if, under the circumstances, the relevant facts of a case are finally clarified.

5. Option of objection or removal

The user can withdraw its consent to the processing of personal data at any time. If a user contacts us by E-mail, they can object to the storage of their personal data at any time. In such case, the conversation cannot be continued.

For a valid withdrawal of the consent and objection to storage, it is sufficient to send a simple E-mail to the data protection officer.

All personal data that is stored while you contacted us is deleted in such case.

When we process personal data about you, you are deemed to be a data subject as defined under the  GDPR and you are entitled to the following with respect to the controller:

1. Right of access

You can demand confirmation from the controller as to whether we process personal data relating to you.

If we actually process such personal data, you can demand the following information from the controller:

(1) The purposes for which we process the personal information;

(2) The categories of personal data that we process;

(3) The recipients or categories of recipients to whom we have disclosed or will disclose any personal data relating to you;

(4) The planned duration of storage of the personal data relating to you or, if concrete information cannot be provided in this respect, the criteria used to determine the duration of storage;

(5) The existence of a right to rectification or erasure of the personal data relating to you, a right to the restriction of processing through the controller, or a right to objection to processing;

(6) The existence of a right to lodge complaints with supervisory authorities;

(7) All available information about the origin of the data if the personal data were not obtained from the data subject;

(8) The existence of an automated decision making process, including profiling, in accordance with Art. 22 paragraphs 1 and 4 GDPR and – at least in such cases – meaningful information about the involved logic and the significance of the envisaged consequences of such processing for the data subject.

You are entitled to demand information about whether the personal data relating to you are transmitted to a third country or an international organization. In this regard, you can demand to be informed about suitable guarantees in connection with the transmission in accordance with Art. 46 GDPR.

2. Right to correction

You are entitled to correction and/or completion by the controller to the extent that the processed personal data that relate to you are incorrect on incomplete. The controller must carry out the corrections immediately.

3. Right to restriction of processing

Under the conditions stated below, you can demand the restriction of the processing of the personal data related to you:

(1) You contest the correctness of the personal data related to you for a period of time during which the controller can check the correctness of the personal data;

(2) The processing is illegal and you refuse the erasure of the personal data and instead demand the restriction of the use of the personal data;

(3) The controller no longer needs the personal data for the purpose of the processing but you need them to assert, exercise, or defend legal claims; or

(4) You objected to the processing in accordance with Art. 21 paragraph 1 GDPR and it has not been determined yet whether the controller’s legitimate reasons override your reasons or not.

If the processing of the personal data relating to you is restricted, such data can only be processed – except for storage – with your consent or in order to assert, exercise, or defend legal claims or to protect the interests of another individual or legal entity, or based on an important public interest of the European Union or one of its member states.

If the processing was restricted subject to the above-mentioned requirements, you are notified by the controller before the restriction is lifted.

4. Right to erasure

a. Erasure obligation

You can require the controller to delete the personal data relating to you immediately and the controller is obligated to delete such data immediately to the extent that one of the following reasons applies:

(1) The personal data relating to you are no longer necessary for the purposes for which they were collected or otherwise processed.

(2) You withdraw your consent on which the processing was based subject to Art. 6 paragraph 1 letter a or Art. 9 paragraph 2 letter a GDPR and there is no other legal basis for processing.

(3) You object to the processing in accordance with Art. 21 paragraph 1 GDPR and there are no other overriding legitimate reasons for processing, or you object to the processing in accordance with Art. 21 paragraph 2 GDPR.

(4) The personal data relating to you were processed unlawfully.

(5) The erasure of the personal data relating to you is required to comply with a legal obligation under the laws of the European Union or the laws of a member state to which the controller is a subject.

(6) The personal data related to you were collected with respect to information society services in accordance with Art. 8 paragraph 1 GDPR.

b. Information provided to third parties

If the controller disclosed the personal data that are related to you to the public and if the controller is obligated to erase such subject to Art. 17 paragraph 1 GDPR, they must take appropriate measures – including technical measures and taking into consideration the available technologies and implementation costs – and inform the controllers that process the personal data about your – the data subject’s – demand to erase all links to such personal data or any copies or replications of such personal data.

c. Exceptions

A right to erasure does not exist to the extent that the processing is required

(1) To exercise the right of freedom of expression and information;

(2) To fulfil a legal obligation that requires the processing pursuant to the laws of the European Union or one of its member states to which the controller is a subject, or that is required for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) For reasons of the public interest in the area of public health in accordance with Art. 9 paragraph 2 letters h and i, and Art. 9 paragraph 3 GDPR;

(4) For archiving purposes in the public interest, scientific or historic research, or for statistical purposes in accordance with Art. 89 paragraph 1 GDPR, to the extent that the right mentioned under letter a) presumably prevents or seriously impairs the realization of the objects of such a processing, or

(5) To assert, exercise, or defend legal claims.

5. Right of information

If you have exercised your right to correction, erasure, or restriction of processing against the controller, the controller is obligated to inform all recipients of personal data related to you about such correction, erasure, or restriction of processing, unless this proves to be impossible or would involve a disproportionate effort.

You are entitled to receive information from the controller about these recipients.

6. Right to data portability

Your are entitled to receive the personal data related to you, which you have provided to the controller, in a structured, customary, and machine-readable format. Furthermore, you are entitled to transmit those data to another controller without hindrance from the controller to which the personal data was provided, to the extent that

(1) The processing is based on a consent according to Art. 6 paragraph 1 letter a GDPR or Art. 9 paragraph 9 letter a GDPR, or on a contract subject to Art. 6 paragraph 1 letter b GDPR, and

(2) the processing takes place by means of automated processes.

When you exercise this right, you are further entitled to have the personal data relating to you directly transmitted from one controller to another, to the extent that this is technically feasible. The freedoms and rights of other individuals or persons must not be impaired by this.

The right to data portability does not apply to the processing of personal data that is required for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to objection

For reasons that result from your specific situation, you are entitled to file objections against the processing of personal data relating to you at any time if such processing is based on Art. 6 paragraph 1 letter e or f GDPR; this applies to any profiling based on these provisions too.

The controller will cease to process the personal data relating to you, unless they can prove the existence of absolutely legitimate reasons for the processing that override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defence of legal claims.

If the personal data relating to you is processed for the purpose of direct marketing, you are entitled to object to the processing of the personal data relating to you with respect to such marketing activities; this also applies to profiling to the extent that it takes place in connection with such direct marketing.

If you object to the processing for the purpose of direct marketing, the personal data relating to you will no longer be processed for such purposes.

In connection with the use of information society services – notwithstanding the provisions of Directive 2002/58/EC – you can exercise your right to objection through automated processes that are based on technical specifications.

8. Right to revoke the declaration of consent with respect to data privacy

You are entitled to revoke your declaration of consent with respect to data privacy at any time. A revocation of the declaration of consent shall not affect the lawfulness of any processing based on the consent up to the date of revocation.

9. Automated decision-making on a case-by-case basis including profiling

You are entitled to not be subjected to a decision that is exclusively based on automated processes – including profiling – and legally affects you or significantly impairs you in a similar way. This shall not apply if the decision

(1) Is required for the conclusion or fulfilment of a contract between you and the controller;

(2) Is permitted based on EU legislation or the laws of a member state to which the controller is a subject, and these laws contain appropriate measures to protect your rights and freedoms, and your legitimate interests; or

(3) Was made with your express consent.

However, such decisions must not be based on particular categories of personal data according to Art. 9 paragraph 1 GDPR, to the extent that Art. 9 paragraph 2 letter a or g does not apply and appropriate measures to protect your rights and freedoms and your legitimate interests were taken.

With respect to the cases mentioned under (1) and (3), the controller must take appropriate measures to protect your rights and freedoms and your legitimate interests, which, as a minimum, include the right to human intervention on the part of the controller, to express a point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Notwithstanding any other administrative or judicial remedies, you are entitled to lodge a complaint with a supervisory authority, including but not limited to that of the member state in which you reside, in which you work or in which the alleged violation has occurred if you are of the opinion that the processing of the personal data relating to you violates the GDPR.

The supervisory authority with which the complaint is lodged informs the complainant about the status and the results of the complaint, including the option of judicial remedies.