Privacy Notice

1. Introduction

We would like to use the information below to provide you as "data subject" with an overview of our processing of your personal data and your rights under data protection law. It is generally possible to use our website without entering personal data. However, if you wish to make use of special services offered by our company through our website, it may be necessary to process personal data. If it is necessary to process personal data and there is no legal basis for such processing, we will generally ask for your consent.

Personal data, such as your name, address or e-mail address, is always processed in accordance with the EU General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to the "Georg Schlegel GmbH & Co. KG". The aim of this Privacy Notice is to inform you about the scope and purpose of the personal data we collect, use and process.

As data controller, we have implemented numerous technical and organisational measures to ensure the most possible complete protection of the personal data processed via this website. Nevertheless, internet-based data transmissions may have security gaps, and we are unable to guarantee absolute protection. Therefore, you can also provide us personal data by alternative means, for example by telephone or conventional mail.

You too can take simple and easy-to-implement measures to protect yourself against unauthorised third-party access to your data. We would therefore like to give you some recommendations on how to handle your data securely:

Protect your account (login, user or customer account) and your IT system (computer, laptop, tablet or mobile device) with secure passwords.
Only you should have access to the passwords.
Make sure to use individual passwords for each account (login, user or customer account).
Do not use the same password for various websites, apps or online services.
The following applies in particular when using IT systems that are publicly accessible or shared with other persons: If you have used a login on a website, an app or online service you should always log out again.

Passwords should contain at least 12 characters and be chosen in a way that they cannot be easily guessed. Thus, you should not use common words from everyday life, your own name or names of your relatives, but instead they should contain upper and lower case letters, figures and special characters.

2. Data controller

The data controller, as defined by the GDPR, is:

Georg Schlegel GmbH & Co. KG
Kapellenweg 4, 88525 Dürmentingen, Germany

Phone: +49 7371-502-0

E-Mail: info@schlegel.biz

Representatives of the data controller: Managing directors. Eberhard Schlegel, Christoph Schlegel, Wolfgang Weber

3. Data protection officer

You can reach the data protection officer as follows:

Michael Weinmann

Phone: +49 173-7632962

E-Mail: michael.weinmann@dsb-office.de

You may contact our data protection officer directly at any time if you have any questions or suggestions regarding data protection.

4. Legal basis for processing

Article 6 Paragraph 1(a) GDPR serves as our company's legal basis for processing operations in which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the fulfilment of a contract you are a party of, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of other services or consideration, processing is based on Article 6 Paragraph 1(b) GDPR. The same applies to those processing operations required to carry out pre-contractual measures, such as in cases of queries regarding our products or services.

If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfilment of tax obligations, processing is based on Article 6 Paragraph 1(c) GDPR.

In rare cases, processing of personal data may be necessary to protect the vital interests of the individual person concerned or of another natural person. This would be the case, for example, if someone visiting our company is being injured and the name, age, health insurance data or other vital information need to be disclosed to a doctor, hospital or other third party. Processing would then be based on Article 6 Paragraph 1(d) GDPR.

Finally, processing operations could be based on Article 6 Paragraph 1(f) GDPR. Processing operations not based on any of the above-mentioned legal bases may be carried out on the basis of Article 6 Paragraph 1(f) GDPR if processing is necessary to safeguard the legitimate interests of our company or those of a third party, provided the interests and fundamental rights and freedoms of the individual person do not take precedence. We are permitted to engage in such processing operations in particular because they have been specifically mentioned in European law. In this respect, the legislature took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47 Sentence 2 GDPR).

Our products and services are basically aimed at adults. Persons under the age of 16 may not transmit any personal data to us without the consent of their parents or legal guardians. We do not request any personal data from children and young people, do not collect it and do not pass it on to third parties.

5. Transmission of data to third parties

Your personal data will not be transmitted to third parties for purposes other than those listed below.

We only transmit your personal data to third parties if:

1. you have given your explicit consent to this in accordance with Article 6 Paragraph (1) (a) GDPR,
2. in accordance with Article 6 Paragraph (1) (f) GDPR the disclosure is permitted to protect our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
3. in the event that there is a legal obligation for the transmission according to Article 6 Paragraph 1 (c) GDPR, as well as
4. this is legally permissible and required for the processing of contractual relationships with you in accordance with Article 6 Paragraph (1) (b) GDPR.

As part of the processing operations described in this data protection declaration, personal data may be transmitted to the USA. The USA does not have an adequate level of data protection (ECJ: Schrems II judgment). In particular, US investigative authorities can oblige US companies to hand over or disclose personal data without the concerning persons being able to take effective legal action against this. In principle, it could happen that your personal data will be processed by US investigative authorities. We have no influence on these processing activities. In order to protect your data, we have concluded data processing agreements based on the standard contractual clauses of the European Commission. If the standard contractual clauses are not sufficient to create an adequate level of security, your consent can serve as the legal basis for transmission to third countries in accordance with Article 49 Paragraph (1) (a) GDPR. This does not apply to data transmissions to third countries for which the European Commission has issued an adequacy decision in accordance with Article 45 GDPR.

6. Technology

6.1 SSL/TLS encryption
This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login details or contact requests that you send to us as the website operator. You can recognise an encrypted connection by your browser's address bar reading "https://" instead of "http://" and the lock symbol in the browser bar.

We use this technology to protect your transmitted data.

6.2 Data collection when visiting the website
If you only use our website for informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the data your browser sends our server (in what is known as "server log files"). Our website collects a range of general data and information each time you or an automated system access a page or subpage. This general data and information is stored in the server's log files. The following may be collected

1. browser types and versions used,
2. the operating system used by the accessing system,
3. the website from which an accessing system accesses our website (so-called referrer),
4. the subpages accessed via an accessing system on our website,
5. the date and time the website is accessed,
6. a truncated internet protocol address (anonymised IP address) and
7. the accessing system's internet service provider.

No conclusions are drawn about you when using this general data and information. Instead, this information is needed

1. to properly deliver our website content,
2. to optimise the content of our website and the advertising for it,
3. to ensure the continued functioning of our IT systems and our website's technology
4. as well as to provide the information necessary for law enforcement authorities to prosecute in the event of a cyber attack.

This collected data and information is therefore statistically analysed and further analysed by us with the aim of increasing data protection and data security within our company to ultimately ensure an optimum level of protection for the personal data being processed by us. The anonymous data from the server log files is stored separately from all personal data provided by a data subject.

The legal basis for data processing is Article 6 Paragraph 1 Sentence 1(f) GDPR. Our legitimate interest is based on the purposes listed above for the collection of data.

6.3 Hosting by Weber.digital GmbH
We host our website at weber.digital GmbH, Bahnhofstr. 16, 72336 Balingen.

When you visit our website, your personal data (e.g. IP addresses in log files) will be processed on the weber.digital servers.

Weber.digital is used on the basis of Article 6 Paragraph 1 Sentence 1(f) GDPR. We have a legitimate interest in the most reliable possible presentation and provision as well as protection of our website.

We have concluded an order processing contract in accordance with Article 28 GDPR with weber.digital. This is a contract required by the data protection law, which ensures that weber.digital processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

For more information on Weber's privacy policy, visit: https://www.weber.digital/#contact

7. Cookies

7.1 General information about cookies
Cookies are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our website.

Information that results from the connection with the specific end device is stored in the cookie. This does not mean, however, that we immediately get knowledge of your identity.

The use of cookies helps to make it more convenient for you to use our website. We use for example so-called session cookies to detect whether you have already visited individual pages on our website. These cookies are erased automatically when you leave our website.

We also use temporary cookies to optimise user-friendliness. These cookies are stored on your device for a specific period of time. If you return to our website to use our services, cookies allow to automatically recognise that you have visited our website previously and remember the inputs and settings you have made so that you do not have to enter them again.

We also use cookies to statistically record the use of our website and analyse it for the purpose of optimising our services. These cookies allow us to automatically recognise that you have already visited our website when you visit our website again. These cookies are automatically erased after a defined period of time. The respective storage period of the cookies can be found in the settings of the consent tools used.

7.2 Legal basis for using cookies
The data processed by the cookies, which is required for the proper functioning of the website, is therefore required to protect our legitimate interests and those of third parties in accordance with Article 6 Paragraph (1) (f) GDPR.

For all other cookies, you have given your consent to this via our opt-in cookie banner in accordance with Article 6 Paragraph (1) (a) GDPR.

7.3 Instructions for avoiding cookies in common browsers
You have the option of deleting cookies, only allowing selected cookies or completely deactivating cookies via the settings of your browser at any time. Further information can be found on the support pages of the respective providers:

Chrome: https://support.google.com/chrome/answer/95647?tid=311178978.
Safari: https://support.apple.com/de-at/guide/safari/sfri11471/mac?tid=311178978.
Firefox: https://support.mozilla.org/de/kb/cookies-und-website-daten-in-firefox-loschen?tid=311178978.
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/cookies-in-microsoft-edge-l%C3%B6schen-63947406-40ac-c3b8-57b9-2a946a29ae09.

7.4 Usercentrics (Consent Management Tool)
We use the consent management platform "Usercentrics" from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. This service enables us to obtain and manage the consent of website users for data processing.

Usercentrics collects data generated by end users who use our website. If an end user gives consent, Usercentrics automatically logs the following data:

browser information
date and time of acces
device information
URL of the page visited
geographic location
page path of the website
the end user's consent status, which serves as proof of consent

The consent status is also stored in the end user's browser, allowing the website to automatically read and adhere to the end user's consent on all subsequent page requests and future end user sessions for up to 12 months. The consent data (consent and revocation of consent) is stored for 3 years. The storage period corresponds to the regular limitation period according to § 195 BGB (German Civil Code). The data will then be deleted immediately or, on request, forwarded to the data controller by data export.

The functionality of the website cannot be guaranteed without the processing described. There is no possibility of objection for the user as long as there is a legal obligation to obtain the user's consent to certain data processing operations (Art. 7 Para. 1, 6 Para. 1 S. 1 lit. c GDPR).

Usercentrics is the recipient of your personal data and works for us as a processor.

Detailed information on the use of Usercentrics is available under: https://usercentrics.com/privacy-policy/.

8. Contents of our website

8.1 Data processing for order processing
The personal data collected by us will be passed on to the transport company appointed to deliver goods as part of the contract, insofar this is necessary for the delivery of the goods. As part of the payment processing, we disclose your payment details to the delegated bank, provided this is necessary for payment processing. If payment service providers are used, we will explicitly inform you about this. The legal basis for this transfer of data is Article 6 Paragraph 1 (b) GDPR.

8.2 Contact / contact form
Personal data is collected when you contact us (e.g. using our contact form or by e-mail). If you use a contact form to get in touch with us, the contact form you use will indicate the data being collected. This data is stored and used exclusively for the purpose of responding to your query or establishing contact and the associated technical administration. The legal basis for data processing is our legitimate interest in responding to your request pursuant to Article 6 Paragraph 1 (f) GDPR. If the aim of you contacting us is to conclude a contract, processing is also legally based on Article 6 Paragraph 1 (b) GDPR. Your data will be erased once we have finished processing your query. This is the case when it can be inferred from the circumstances that the relevant facts have been clarified in a conclusive manner and there are no statutory retention obligations in place that prevent its erasure.

8.3 Application management / job exchange
We collect and process the personal data of applicants for the purpose of carrying out the application process. Processing may also be carried out electronically. This is particularly the case if an applicant submits corresponding application documents to us electronically, for example by e-mail or via a web form on the website. If we conclude an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents will be automatically erased 2 months after notification of the rejection decision, provided that no other legitimate interests of ours prevent their erasure. Other legitimate interests in this context include, for example, the duty to provide evidence in proceedings under the German Equal Treatment Act (GETA).

The legal basis for the processing of your data is Article 88 GDPR in conjunction with Paragraph 26 (1) FDPA (Federal Data Protection Act).

8.4 Facebook Connect
On our website you can create a customer account or register using the social plugin "Facebook Connect" of the social network Facebook, which is operated by Meta Platforms Inc. (formerly Facebook Inc.), 1 Hacker Way, Menlo Park, CA 94025, USA ("Meta"), within the framework of the so-called Single Sign On technology if you have a Facebook profile. You can recognise the social plugins of "Facebook Connect" on our website by the blue button with the Facebook logo and the inscription "Log in with Facebook" or "Connect with Facebook" or "Sign in with Facebook".

If you visit a page on our website that contains such a plugin, your browser establishes a direct connection to the Meta servers. The content of the plugin is transmitted directly from Facebook to your browser and integrated into the page. Through this integration, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook profile or are not currently logged in to Facebook. This information (including your IP address) is transmitted directly from your browser to a Meta server in the USA and stored there. These processing operations are only conducted by clearly allowing them according to article 6 paragraph 1 (a) GDPR.

By using this "Facebook Connect" button on our website, you also have the option of logging in or registering on our website using your Facebook user data. Only if you give your express consent to the exchange of data with Facebook prior to the registration process based on a corresponding notice in accordance with Article 6 Paragraph 1 (a) GDPR), we receive the general and publicly accessible information stored in your profile, depending on your personal data protection settings on Facebook if you use the "Facebook Connect" buttons. This information includes the user ID, name, profile picture, age and gender.

We would like to point out that after changes of the Facebook's data protection conditions and terms of use, your profile pictures, the user IDs of your friends and the friends list may also be transferred if you mark them as "public" in your privacy settings on Facebook. The data transmitted by Facebook is stored and processed by us to create a user account with the necessary data, if you have approved this on Facebook (title, first name, last name, address data, country, e-mail address, date of birth). Conversely, based on your consent, we can transmit data (e.g. information about your surfing or purchasing behaviour) to your Facebook profile.

The consent given can be revoked at any time by sending a message to the data controller named at the beginning of this declaration.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options for protecting your privacy can be found in Facebook's data protection information: https://www.facebook.com/policy.php.

If you do not want Facebook to directly assign the data collected via our website to your Facebook profile, you must log out of Facebook before visiting our website. You can also completely prevent the Facebook plugins from loading with add-ons for your browser, e.g. with "Adblock Plus" (https://adblockplus.org/de/).

9. Our activities in social networks

To allow us to communicate with you on social networks and inform you about our services, we run our own pages on these social networks. If you visit one of our social media pages, we are jointly responsible for processing with the provider of the respective social media platform with regard to the processing operations triggered by this within the meaning of Article 26 GDPR.

We are not the original provider (data controller) of these pages, but only use them within the scope of the options offered to us by the respective providers.
We would therefore like to point out as a precautionary measure that your data may also be processed outside of the European Union or the European Economic Area. Use of these networks may therefore involve data protection risks for you since the protection of your rights may be difficult, e.g. your rights to information, erasure, objection, etc. Processing on social networks frequently takes place directly for advertising purposes or for the analysis of user behaviour by network providers, and we do not have any influence or control over this. If the provider creates user profiles, cookies are often used or user behaviour may be assigned directly to your own member profile on the respective social network (if you are logged in).

The processing operations of personal data described are carried out in accordance with Article 6 Paragraph 1 (f) GDPR on the basis of our legitimate interests and the legitimate interests of the respective provider in order to communicate with you in a timely manner or to inform you about our services. If you have to grant your consent to the respective providers to process your data as a user, the legal basis for this processing is Article 6 Paragraph 1 (a) GDPR in conjunction with Article 7 GDPR.

Since we have no access to these providers' databases, we would like to point out that it would be best to exercise your rights (e.g. to information, rectification, erasure, etc.) directly with the respective provider. More information on the processing of your data on social networks is listed below for each of the social network providers we use:

Facebook
(Co-) data controller responsible for data processing in Europe:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy notice (data policy):
https://www.facebook.com/about/privacy

Instagram
(Co-) data controller responsible for data processing in Germany:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy notice (data policy):
https://instagram.com/legal/privacy/

LinkedIn
(Co-) data controller responsible for data processing in Europe:
LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Privacy notice:
https://www.linkedin.com/legal/privacy-policy

YouTube
(Co-) data controller responsible for data processing in Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy notice:
https://policies.google.com/privacy

10. Web analytics

10.1 Google Analytics Universal
We use Google Analytics, a web analytics service provided by Google Ireland Limited (https://www.google.de/intl/de/about/), Gordon House, Barrow Street, Dublin 4, Ireland ("Google"), on our website. As part of this, pseudonymised user profiles are created and cookies (see the section on "Cookies") are used. The information generated by the cookie about your use of this website, such as
1. the browser type/version
2. used operating system
3. referrer IRL (website previously visited
4. host name of the accessing computer (IP address) and
5. time of server request
is transmitted to a Google server in the USA and stored there. This information is used to evaluate your use of this website, to compile reports on the website activities, and to perform further services linked to website and internet use for market research purposes and to tailor the design of this website. This information may also be sent to third parties if this is legally required or if third parties process this data on behalf of Google. Under no circumstances will your IP address be associated with any other data. IP addresses are anonymised so that it is not possible to assign them to individuals (known as IP masking).
You may refuse the use of cookies by selecting the appropriate settings in your browser; however, we would like to point out that this may result in not being able to use all the features of this website.
These processing operations are only conducted by clearly allowing them according to article 6 paragraph 1 (a) GDPR.
You can also prevent the data generated by the cookie about your use of the website (including your IP address) from being sent to and processed by Google by downloading and installing the available browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).
The privacy policy of Google Analytics is available under: https://support.google.com/analytics/answer/6004245?hl=de .

11. Partner and affiliate programmes

11.1 DoubleClick
This website contains components of DoubleClick by Google. DoubleClick is a trademark of Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), under which special online marketing solutions are marketed to advertising agencies and publishers.

DoubleClick by Google transmits data to the DoubleClick server with every impression as well as with clicks or other activities. Each of these data transfers triggers a cookie request to your browser. If the browser accepts this request, DoubleClick sets a cookie on your IT system. The purpose of the cookie is to optimise and display advertising. The cookie is used, among other things, to place and display user-relevant advertising and to create reports on advertising campaigns or to improve them. The cookie is also used to avoid showing the same advertisement multiple times.

DoubleClick uses a cookie ID that is required to process the technical process. The cookie ID is required, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which advertisements have already been displayed in a browser in order to avoid double circuits. Furthermore, the cookie ID enables DoubleClick to record conversions.

A DoubleClick cookie does not contain any personal data. However, a DoubleClick cookie may contain additional campaign identifiers. A campaign identifier serves to identify the campaigns you have already been in contact with.

Every time one of the individual pages of this website, which is operated by us, is accessed and on which a DoubleClick component has been integrated, the Internet browser on your IT system is prompted by the respective DoubleClick component to collect data for online advertising and billing purposes of commissions to Google. As part of this technical process, Google gains knowledge of data that Google also serves to create commission statements. Among others, Google can understand that you have clicked on certain links on our website.