Privacy Policy

to Top

Content

1. Name and contact details of the responsible party (controller)
2. Contact details of the data protection officer
3. If you visit our website
   3.1 Purpose and legal basis
   3.2 Categories of recipients
   3.3 Cookies
   3.4 Server log files
   3.5 SSL/TLS encryption
   3.6 Google Maps
4. If you contact us by e-mail
   4.1 Purpose and legal basis
   4.2 Categories of recipients
   4.3 Forwarding and transmission to countries outside EU
   4.4 Data Storage Period
   4.5 Newsletter and Direct Advertising
5. If you contact us by mail
   5.1 Purpose and legal basis
   5.2 Categories of recipients
   5.3 Data Storage Period
6. If you send us a fax
   6.1 Purpose and legal basis
   6.2 Categories of recipients
   6.3 Data Storage Period
7. If you give us a call
   7.1 Purpose and legal basis
   7.2 Categories of recipients
   7.3 Data Storage Period
8. If you hand over your Business Card to us
   8.1 Purpose and legal basis
   8.2 Categories of recipients
   8.3 Data Storage Period
9. If you apply for employment with us
   9.1 Purpose and legal basis
   9.2 Categories of recipients
   9.3 Data Storage Period
10. Rights of persons concerned (data subject)
   10.1 Right of access by the data subject pursuant to Art. 15 GDPR
   10.2 Right to rectification pursuant to Art. 16 GDPR
   10.3 Right to erase pursuant to Art. 17 GDPR
   10.4 Right to restriction of processing pursuant to Art. 18 GDPR
   10.5 Right to data portability pursuant to Art. 20 GDPR
   10.6 Right to object or to withdraw a consent
   10.7 Right to lodge a complaint with a supervisory authority

Our Privacy Policy will provide you with an overview about the personal data which we collect and process on our responsibility. Personal data in terms of Article 4 of the EU General Data Protection Regulation (GDPR), which could be used to identify persons, may be collected and processed e.g. when visiting our website, sending us an e-mail, sending us a letter by ordinary mail or applying for a job.

A processing of personal data has always to be legitimated. Such legitimation could be a contract or an agreement with the person concerned, but can also based on a legal obligation. But also when the processing is necessary for the purpose of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

to Top

1. Name and Contact Details of the Responsible Party (Controller)

The "Controller" pursuant to Article 4 No. 7 GDPR is the legal person, determines the purposes and means of the processing of your personal data. In our case it is:

 

  Schlie Hydraulik Service GmbH
  Buschwerder Winkel 2
  21107 Hamburg
  GERMANY
  Telefon: +49 (0)40 7560100
  E-Mail: datenschutz@remove-this.schlie-hydraulik.de

to Top

2. Contact Details of the Data Protection Officer

Our Company has designated an internal Data Protection Officer. His contact details are:

  MARSIG mbH
  Data Protection Officer
  Fischerweg 408
  18069 Rostock
  GERMANY
  Telefon: +49 (0)381 8113329
  E-Mail: datenschutz@remove-this.marsig.com

to Top

3. If you visit our website

The operator of this website and its pages take the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration. Whenever you use this website, a variety of personal information will be collected. Personal data comprises data that can be used to personally identify you. This Data Protection Declaration explains which data we collect as well as the purposes we use this data for. It also explains how, and for which purpose the information is collected. We herewith advise you that the transmission of data via the Internet may be prone to security gaps. It is not possible to completely protect data against third party access.

3.1 Purpose and Legal Basis (Website)

Personal data will be used for an accurate and uniform presentation of our websites. On the other hand theses data could also be used for evaluating the user behaviour with the aim to improve and enhance our web services. Another reason for collection of personal data is the prosecution after cases of abuse or attacks to our webserver. All of these cases are purposes of legitimate interests pursued by the controller acc. to Art. 6 Sect. 1 lit. f GDPR. The Controller takes care that the interests or fundamental rights and freedoms of the data subject which require protection of personal data are not overridden.

3.2 Recipients of Personal Data (Website)

Receivers are those employees of the Controller, which are engaged in IT or marketing operations.

3.3 Cookies (Website)

In some instances, our website and its sub-pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. The purpose of cookies is to make our website more user friendly, effective and more secure. Cookies are small text files that are placed on your computer and stored by your browser.
We are only using so-called "session cookies". They will be set when calling a special login page for the website administration and development where access won't be granted to ordinary public users. Reason for this cookie is the technical necessity to assign a Session ID for recognizing a logged-in user when switching between different sub pages. Other cookies will not be set
Cookies that are required for the performance of the electronic communications transaction or to provide certain functions you want to use, are stored on the basis of Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in storing cookies to ensure the technically error free and optimised provision of its services.

3.4 Server Log Files (Website)

We are using a Processor which is providing the necessary IT infrastructure for the operation of our website. The Processor is STRATO AG, residing at City of Berlin, Germany. Our Processor is binded to us by a contract pursuant to Art. 28 (3) GDPR. The processor is collecting and saving so called Server-Log-Files, which your browser communicates automatically. The information comprise:

  • IP adress
  • date / time of the server inquiry
  • content of inquiry
  • access stats / http status code
  • amount of transferred data
  • referrer URL (original website which offers a link to our website)
  • type and version of browser used
  • used operating system and its interface

These server log files will not be permanently and systematically analysed by the Controller, but only be checked in case of malfunctions or evidences for an abuse of our website or our web server. Log files will be automatically deleted after 7 days, except they are needed for investigation purposes in the mentioned cases. This data is not merged with other data sources. An identification of persons by the Controller is impossible since the Processor is automatically shorten all IP addresses (pseudonymized).
This case is purpose of legitimate interests pursued by the controller acc. to Art. 6 (1) lit. f GDPR. The Controller takes care that the interests or fundamental rights and freedoms of the data subject which require protection of personal data are not overridden.

3.5 SSL / TLS Encryption (Website)

For security reasons and to protect the transmission of content, this website uses either an SSL or a TLS encryption programme. You can recognise an encrypted connection by checking whether the address line of the browser switches from „http://“ to „https://“ and also by the appearance of the lock icon in the browser line. If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

3.6 Google Maps (Website)

Our website does not use an integrated Google Maps Intrerface (API). Instead of this you will be directly forwarded to the website of Google Maps when clicking the map image at our contact page. In that case you will leave our website and our responsibility as Controller. When using the web service of Google Maps your IP address will be saved by Google and usually forwarded to Google servers located in USA. For more information on processing of your personal data with Google refer to Privacy Policy of Google (https://policies.google.com/privacy?hl=en-US).

to Top

4. If you contact us by E-Mail

If you contact us by E-mail you decide the content of your e-mail by yourself. On the other hand some personal data have to be processed for the technical process of e-mailing, like e.g. your IP address and your sender's address. When your e-mail is running through the internet, different mail servers may be passed until reaching our destination mail server where our responsibility begins. In case your e-mail is not end-to-end encrypted, the mail content may be read by third parties.
If you intent to send us personal or confidential information consider other opportunities for a secure transfer. For example we offer an encrypted exchange server where you could upload your data. Please give us a call if you would like to use it.
 

4.1 Purpose and Legal Basis (E-Mail)

E-Mails, reaching us via our e-mail addresses with domains "@schliehydraulik.de" and “@schlie-hydraulik.de” will be considered as business e-mails only and will be processed by employees or CEOs of the Controller. The processing of these data is based on Art. 6 para. 1 lit. b GDPR, necessary to the execution of a contract or to carry out pre-contractual measures. In all other cases, the processing is based on your consent (Article 6 (1) a GDPR) and/or on our legitimate interests (Art. 6 (1) lit f GDPR), since we have a legitimate interest in the effective processing of requests addressed to us.
In this connection "Processing" may mean the answering, printing, saving, forwarding and archieving of your e-mails including your e-mail address. Additionally we have to retain all business related e-mails due to the legal obligation of the German Commercial Law (HGB). For more details refer to 4.4 Data Storage Period (E-mails).

4.2 Categories of Recipients (E-Mail)

Recipients of e-mails are the employees or CEOs of the Controller, to whom your e-mail is addressed to. If you address your e-mail to one of our non-personal service addresses like e.g. info@remove-this.schlie-hydraulik.de or info@schliehydraulik.de, the e-mail will be forwarded by an employee to the designated person(s) responsible for that service. E-mails could also be exchanged between employees of the Controller.

4.3 Forwarding and Transmission to Countries/Organisations outside EU (E-mail)

For execution of contracts pursuant to Article 6 (1) lit. b GDPR, we have to forward complete e-mails or parts thereof to other Controllers occasionally. The Controller takes care, that any forwarding of personal data will only be carried out for particular contractual purposes where the personal data may be pseudonymized or reduced to a necessary minimum and where secured transmission will be preferred.
The Controller will forward e-mails to a third country or an international organisation outside EU only if the Commission has decided the third country or international organisation ensures an adequate level of protection (acc. to. Art. 45 GDPR) or appropreate safeguards and on condition that enforceable data subject rights and effective legal remedies for data subjects are available (acc. to Art. 46 GDPR) or binding corporate rules (acc. to Art. 47 GDPR). In the absence of the aforementioned conditions, any data transmission containing personal data must only be carried out under the derogations of Article 49 GDPR.
When forwarding e-mails which contain personal data, the person concerned will be set in cc to be completely informed about the distribution of its personal data.

4.4 Data Storage Period (E-Mail)

We are saving all business related e-mails as documentation of our business processes. The Controller is subject to different legal retention periods. Business letters (where e-mails belong to) have to be retained for a period of 6 years as per § 257 Sect. 4 German Commercial Law (HGB) and § 147 Sect. 3 German Tax Code (Abgabenordnung). The retention period for documents with subject to tax is 10 years. At the end of the retention period all e-mails will be deleted.
For quick access e-mail addresses of regular business partners may be additionally saved in an electronic contact register which is accessable only by employees of the Controller. The register will be regularly checked and entries without relevance being removed.

4.5 Newsletter and Direct Advertising (E-Mail)

Our newsletters may contain important information and news on business-specific topics, such as: the development of new business fields, as well as manufacturing capabilities of those responsible, with which new products can be created / edited.
This case is a purpose of legitimate interests pursued by the controller acc. to Art. 6 (1) lit. f. GDPR.
The Controller sends newsletters to business partners as part of the contractual consultation task. Newsletters to other data subjects will only be sent with explicit consent of the person concerned.
 

Right to object

Pursuant to Art. 21 (2) and (3) GDPR you've got the right to object to processing for direct marketing purposes. In that case the Controller will no longer process your data for such purposes.

Pursuant to Art. 7 (3) GDPR and § 51 Sect. 3 German Federal Data Protection Act (BDSG n.F.) you've got the right to withdraw a given consent at any time in case the data is being processed for the purposes of legitimate interests of the Controller in terms of Art. 6 (1) f GDPR.


Contact data of a data subjects which are used for the purpose of direct advertising by newsletters will be kept saved until withdrawing. After that they will be deleted, except they are used for further legitimate purposes.

to Top

5. If you contact us by ordinary Mail (postal)

If you send us a letter by ordinary mail, you decide on your personal data by yourself.

5.1 Purposes and Legal Basis (Mail)

Processing of all business related mail is based on Art. 6 (1) 1 lit. b GDPR, necessary to the execution of a contract or to carry out pre-contractual measures. In all other cases, the processing is based on your consent pursuant to Art. 6 (1) a GDPR and/or on our legitimate interests pursuant to Art. 6 (1) lit. f GDPR, since we have a legitimate interest in the effective processing of requests addressed to us.
Mail will be mainly processes by certain employees except mailings which are marked with "private" or "confidential". In this case the mailing will be forward to the corresponding recipient unopened.
In this connection "processing" may mean opening, reading, sorting, forwarding, filing or destroying (shredding).

5.2 Categories of Recipients (Mail)

Recipients are the employees or CEOs of the controller.

5.3 Data Storage Period (Mail)

Business related mail consignments are sorted and filed according to the information provided by the addressee.
We are saving all mail as documentation of our business processes. The Controller is subject to different legal retention periods. Business letters have to be retained for a period of 6 years as per § 257 Sect. 4 German Commercial Law (HGB) and § 147 Sect. 3 German Tax Code (AO). The retention period for documents with subject to tax is 10 years. At the end of the retention period all sensitive paperwork containing e.g. confidential or personal data, will be destroyed by an engaged document shredder company (processor).
Envelopes and packaging material containing personal data like e.g. sender's address will be shredded by ourselves or by our processor.

to Top

6. If you send us a Fax

If you send us a fax, you decide by yourself which personal data you transmit to us. Please observe that our fax device is located in our office but accessable by all employees. In case you intend to transmit sensitive, confidential or personal data please take care that the particular recipient is available at the fax device. This could be checked by a call in advance of the fax transmission.

6.1 Purpose and Legal Basis (Fax)

Processing of business related fax is based on Art. 6 (1) lit. b GDPR, necessary to the execution of a contract or to carry out pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 (1) a GDPR) and/or on our legitimate interests (Art. 6 (1) lit f GDPR), since we have a legitimate interest in the effective processing of requests addressed to us.
Facsimiles will be mainly processes by the Assistance of the Management. In this connection "processing" may mean reading, forwarding, filing or destroying (shredding).

6.2 Categories of Recipients (Fax)

Recipients are the employees or CEOs of the Controller.

6.3 Data Storage Period (Fax)

After electronic registration in a post book with date, subject and sender, any business related faxes will be filed. Additionally the fax device itself is saving all incoming and outgoing fax transmissions with date, time and fax number in a fax journal.
We are saving all faxes as documentation of our business processes. The Controller is subject to different legal retention periods. Business letters (where facsimileys belong to) have to be retained for a period of 6 years as per § 257 Sect. 4 German Commercial Law (HGB) and § 147 Sect. 3 German Tax Code (Abgabenordnung). The retention period for documents with subject to tax is 10 years. At the end of the retention period all sensitive paperwork containing e.g. confidential or personal data, will be destroyed by an engaged document shredder company (processor) and our incoming post book will be deleted as well.

to Top

7. If you give us a Call

If you give us a call you decide by yourself the personal data you give to us by speech. You could also consider suppressing the automatic transmission of your telephone number (CLIP function) to avoid the meanwhile retention of your telephone number in our phones.

7.1 Purpose and legal Basis (Phone)

Telephone calls are based on Art. 6 (1) lit b GDPR, necessary to the execution of a contract or to carry out pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 (1) a GDPR) and/or on our legitimate interests (Art. 6 (1) lit f GDPR), since we have a legitimate interest in the effective processing of requests addressed to us.
We do not make any Direct Advertising by telephone.

7.2 Category of Recipients (Phone)

Recipients are the employees or CEOs of the Controller. In case of a conference call all participants will be informed in advance. In case a call will be set to "open listening", the caller will be immediately informed that other participants could hear its speech.

7.3 Data Storage Period (Phone)

Telephone calls will never be recorded with us. Depending on the single telephone device, last calls will be automatically saved with date, time and caller number. This caller list will be overwritten by newer entries as soon as this list has reached its maximum size. Additionally employees and CEOs have the opportunity to permanently save frequently used numbers within the telephone device's contact register with name and telephone number. All device contact registers will be checked and cleared on an annual basis.

to Top

8. If you hand your Business Card over to us

If you give us your business card it may be sorted in a business card register located within our premises. Only this register as a "structured set of personal data" is subject to the regulations of the GDPR. Additionally your contact details may be taken over in our electronic contact register, which is available to the employees and CEOs of the Controller only.

8.1 Purpose and legal Basis (Business Card)

The sorting of busness cards into our business card register or taking over of the contact details into the electronic contact register is based on Art. 6 (1) lit. b GDPR, necessary to the execution of a contract or to carry out pre-contractual measures. Further the processing is based on your consent as per Art. 6 (1) a GDPR since you have handed over the business card to us by yourself for the purpose that we get in contact with you.

8.2 Categories of Recipients (Business Card)

Only employees and CEOs of the Controller have access to the business card register or the electronic contact register. We do not pass any contact details on 3rd parties, except its necessary for the execution of a contract (with the data subject or business partner the data subject belongs to) and the person concerned (data subject) is informed about the transmission of its contact data.

8.3 Data Storage Period (Business Card)

Your business card and your contact details in our electronic contact register will be removed/deleted as soon as they are not longer necessary for the a.m. purposes. The business card itself will be shredded in our office shredder.

to Top

9. If you apply for an employment with us

You could apply for an employment with us by postal mail or e-mail. Please observe, that the transmission of personal data by e-mail is unsecure and mail content could be read by third persons.

9.1 Purpose and legal Basis (Application)

The processing of applications is based on § 26 German Federal Data Protection Act (BDSG n.F.) for the purpose of an employment as well as on Art. 6 (1) lit. b GDPR to carry out pre-contractual measures.
In this connection „processing“ may mean the printing, sorting or filing into a structured set.

9.2 Categories of Recipients (Application)

CEOs and the assistance of management are the recipients of your application. CEOs may consult the heads of departments or also other single employees of the Controller regarding the professional qualification of the applicant.

9.3 Data Storage Period (Application)

To defend action taken by a competitor or discrimination reproachs the Controller is saving any applications for 6 months. After that retention period electronic application documents will deleted and written applications sent back or, if desired, destroyed (shredded) by our Processor. An applicant may give a consent to retain its application for a longer period with the Controller, in case the Controller should consider it for future employments.

to Top

10. Rights of Persons concerned (Data Subject)

As "Data Subject" you've got different rights regarding the processing of your personal data. If you would like to exercise your rights please simply send a formless e-mail to the Controller or its Data Protection Officer. In special cases you may have to prove your identity with the Controller. The Controller has to react to your query within one month.

10.1 Right of access by the data subject pursuant to Art. 15 GDPR

You've got the right to obtain from the Controller confirmation as to whether or not personal data are being processed, and where that is the case, access to the personal data and the following additional information: purpose of processing, categories of personal data, recipients or categories of recipients to whom the personal data have been or will be disclosed including their forwarding to third countries outside of EU or International Organizations, the data storage period and source of the data in case they are not collected from the data subject directly.
On request, the Controller will provide you with a copy of your personal data for free.

10.2 Right to Rectification pursuant to Art. 16 GDPR

You've got the right to obtain from the Controller without undue dela the rectification of inaccurate personal data.

10.3 Right to Erase pursuant to Art. 17 GDPR

You've got the right to obtain from the Controller the erasure of your personal data without undue delay in following cases:

  • your personal data are not longer necessary in relation to the purpose for which they were collected or otherwise processed;
  • you withdraw the consent on which the processing is based according to Art. 6 (1) lit a or Art. 9 (2) GDPR;
  • you object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for processing:
  • you object to the processing pursuant to Art. 21 (2) GDPR (direct marketing purposes);
  • the personal data have to be erased for compliance with a legal obligation in EU or member state;
  • your personal data have been unlawfully processed;

10.4 Right to Restriction of Processing pursuant to Art. 18 GDPR

You've got the right to obtain from the Controller restriction of processing where one of the following applies:

  • the accuracy of your personal data is contested, for a period enabling the Controller to verify the accuracy of your persnal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • the Controller no longer needs the personal data for the purposes of processing, but the data are required by the data subject for the establishment, exercise or defence of legal claims;
  • you've objected to processing pursuant to Art. 21 (1) pending the verification whether the legitimate grounds of the Controller override those of the data subject;

10.5 Right to Data Portability pursuant to Art. 20 GDPR

You've got the right to receive the personal data concerning you, which you have provided to the Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller.

10.6 Right to object or withdraw a consent

Pursuant to Art. 21 (1) GDPR you've got the right to object, on grounds relating to your particular situation, to the processing of your personal data which is based on Art. 6 (1) lit e or f. The Controller will no longer process your personal data unless the Controller demostrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establisjment, exercise or defence of legal claims.
Pursuant to Art. 21 (2) and (3) GDPR you've got the right to object to processing for direct marketing purposes. In that case the Controller will no longer process your data for such purposes.
Pursuant to Art. 7 (3) GDPR and § 51 Sect. 3 German Federal Data Protection Act (BDSG n.F.) you've got the right to withdraw a consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

10.7 Right to lodge a complaint with a supervisory authority

You've got the right to lodge a complaint with the appropriate supervisory authority. The responsible supervisory authority for the Controller is:

      Country Commissioner for Data Protection

      and Freedom of Information Hamburg

      Kurt-Schumacher-Allee 4

      20097 Hamburg

      E-Mail: mailbox@datenschutz.hamburg.de

to Top