Privacy Policy
Information in accordance with Art. 13 GDPR
(Last updated: 11.11.2025)
Thank you for your interest in our online shop, “SCHIESSER Online Shop”, and our company, SCHIESSER GmbH. We want you to feel safe and comfortable when visiting our web pages. Therefore, protecting your personal data is very important to us. We have taken all possible technical and organisational measures to ensure that the data protection regulations in accordance with the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other legal regulations are complied with by us as well as by service providers.
The following privacy policy is intended to inform you about our handling of the collection, use, processing and disclosure of your personal data. In general, you can visit our websites without providing any personal data, e.g. if you only want to find out about our products and visit the relevant pages. Each visit to our homepage, as well as each retrieval of a file stored on the homepage, is logged. This data is stored for internal system-related and statistical purposes. The following data is logged: Name of the retrieved file, date and time of the query, transferred quantity of data, report of successful query, web browser and enquiring domain. However, you transmit no personal data and this information is stored separately from any personal data that may be transmitted. The IP addresses of the enquiring computers are also stored.
1. CONTACT INFORMATION
You can contact us at:
SCHIESSER GmbH
Schützenstrasse 18
Postfach (PO Box) 15 20
78305 Radolfzell
Germany
Tel. 07732/90-0
Fax 07732/90-65 55
URL: shop.schiesser.com
E-Mail: info@schiesser.com
2. DATA PROCESSING
Personal data is information about your identity. These include information such as your name, address, phone number, date of birth and email address. Below you will find detailed information about which of your data we process and for what purposes.
There is no legal or contractual obligation to provide the data specified below. However, providing data for the purposes specified below is necessary. If the data specified below is not provided, we are unfortunately unable to process requests and orders, conduct advertising measures and competitions, etc.
3. PURPOSE, USE AND DISCLOSURE OF PERSONAL DATA AS WELL AS THE RESPECTIVE LEGAL BASES
If you provide us with personal data in our online shop, we will process and use it to process your order (the legal basis for this is Art. 6 para. 1 lit. b GDPR), to answer your enquiries (the legal basis for this is Art. 6 para. 1 lit. b GDPR), for competitions (the legal basis for this is Art. 6 para. 1 lit. b GDPR), for advertising measures (the legal basis for this is Art. 6 para. 1 lit. a and f GDPR), in particular the sending of newsletters, if you have separately agreed to this, in order to provide you with access to certain information or offers or for the use of information and communication systems as well as within the scope of legal requirements (the legal basis for this is Art. 6(1) a and f GDPR).
Your personal data will only be transferred or disclosed to third parties if this is necessary for the fulfilment of your order, e.g. for the shipping of your ordered goods or if you have given your prior consent to the transfer. These third parties are not permitted to use the data for other purposes. We also reserve the right to match or complete your personal data with data that we receive from third parties for the same purpose.
We will disclose personal data about you if we are legally obliged to do so (the legal basis for this is Art. 6 para. 1 lit. c GDPR), or if we are obliged to do so by a court decision, or if disclosure is necessary to enforce or protect our general terms and conditions or other agreements (the legal basis for this is Art. 6 para. 1 lit. f GDPR). This applies accordingly with respect to the processing of the data.
The data is not disclosed for commercial purposes.
Our employees and the service providers engaged by us are bound by us to secrecy and observance of the provisions of the current data protection laws. Access to personal data by our employees is limited to those who require the data for their work.
We endeavour to take all possible technical and organisational measures to store your personal data so that it is not accessible to third parties. When communicating via email we cannot guarantee full data integrity. We therefore recommend that you send us any confidential information by post.
4. WHICH DATA WE COLLECT
a. Contact form
In our “contact form”, the information listed is requested from you, such as your enquiry, surname, first name, email address, telephone number, etc.
More information about this form is available under Item 5.
b. Newsletter registration
When you sign up for the newsletter, your email address is used for our own advertising purposes with your consent. More information about the newsletter is available under Item 6.
c. Cancellation form
You may use the revocation form to cancel a contract. The information requested in this form includes, in particular, the mandatory fields of email address, title, first name, last name, street, house number, postcode and city. Order number, item number(s) and the date you received the goods.
d. Gift voucher
You can use the gift voucher form to send a gift voucher to yourself or the gift recipient via email. Here you are asked to enter who the voucher is from, to whom it is being sent and a personal message. You also need to provide the email address where you want the voucher to be sent. Later on in the voucher order process, you are also asked to provide the data under Item f.
e. Applications
Information on how to apply is provided under the heading ‘Application’.
f. Orders and/or registration
If you order goods in our online shop without creating a customer account, you need to provide us with the following data: first name, surname, postal address, billing address, shipping address (if this differs from the billing address), date of birth and email address.
You also have the option to create a customer account. To set up your personal customer account, we need the following information from you: surname, first name, address, email address and a password of your choice. When you click on “register”, your data is saved in our database. After registering, you will receive an automatic email confirmation that your customer account has been set up. The email address you enter and the password you choose will serve as access identification for the customer account. You can edit your information in your customer account at any time. The access identification and password must be kept secret and not be shared with third parties. You are obliged to protect your access identification and password against unauthorised access by third parties.
The aforementioned address information for orders is also saved in your customer account.
Finally, we ask you to select a payment method for the order.
g. Competitions
For competitions, we collect the information needed to contact you if you win. Such information may include your title, first name, surname and email address. If you wish, you may also provide us with your date of birth. This helps us to better plan our competitions in future. In the context of your participation in competitions, you can also choose to register for our newsletter. Please note the above information for this.
5. CONTACT FORM
We only process and use the data that we collect through the contact form to contact you in relation to the wishes expressed there, to provide you with information material or to process your enquiry. In doing so, we obtain your consent in accordance with Article 6(1)(a) GDPR.
6. NEWSLETTER
We offer you the chance to receive a newsletter providing information on the latest fashion trends, our current deals and interesting special promotions in our online shop, as well as promotions in our SCHIESSER stores and factory outlets.
When you sign up for the newsletter, your email address is used for our own advertising purposes with your consent. In doing so, we obtain your consent in accordance with Article 6(1)(a) GDPR.
We use specialised service providers to send our newsletters, and the personal data required for this purpose is transferred to them. These service providers process your personal data exclusively on our behalf and instruction. We ensure compliance with data protection regulations and the necessary security measures.
The above-mentioned consent to receive a newsletter via email can be revoked at any time. Every newsletter contains a link which you can use to revoke your consent.
As a precautionary measure, please note that receiving and/or cancelling the newsletter usually incurs no transmission costs other than those in the basic tariff. However, there may be situations in which the flat rates common today no longer apply (such as in non-European countries).
7. RECIPIENTS OF DATA
Internal recipients:
· Departments and persons who need to know this data in order to fulfil their tasks and the aforementioned purposes
External recipients (in addition to the recipients already presented in this information, we may pass on data to the following external recipients – order processors and third parties – in particular, but only if there is a legal basis for doing so – in particular in accordance with Article 6(1)(a), (b), (c) or (f) GDPR, see above, or other national regulations) or if there are mandatory legal reasons):
· Service providers that are necessary for the provision of our services (in particular IT service providers, consultancy companies)
· Companies/institutions to assist us in enforcing our claims (e.g. debt collection companies)
· Public bodies and institutions (health authorities, courts)
· Investigative authorities (police, public prosecutor)
· Vicarious agents
8. COOKIES
a. General information
To make your visit to our website appealing and to enable the use of certain functions, which we describe in detail below, we use so-called cookies on various pages. Cookies are small text files which are added to your device. Some of the cookies used by us are deleted at the end of the browser session – after you close your browser (“session cookies”). Other cookies remain on your device and allow us or our partner companies to recognise your browser the next time you visit our website (persistent cookies). We use cookies to personalise content and ads, and to analyse traffic on our website. We also pass information about your usage of our website to our social media, advertising and analytics partners.
b. Consent
By clicking on the consent button on the homepage, you can consent to the use of certain types of cookie and individual cookies of certain providers. You may revoke your consent to the use of cookies not necessary for the operation of the website at any time with future effect. To do this, click on “Reject cookies”. However, rejecting cookies may limit the functionality of our website.
c. Managing cookies after giving consent
You can also manage and/or delete cookies at your discretion after you have consented to their use. You can find out how to do this here, for example: AllAboutCookies.org. You can delete any cookies stored on your computer, and most browsers can be set to prevent cookies from being saved. However, this may mean that you have to implement some settings manually every time you visit a page and accept the restriction of some functions. Please also observe the following letter d.
d. Legal basis
We use cookies on the basis of your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TDDDG as the legal basis. This applies to all cookie technologies described in this document.
e. Usercentrics
The recipient of your data within the meaning of Art. 13 paragraph 1(e) GDPR is Usercentrics GmbH. In the course of data processing, SCHIESSER transmits personal data (consent data) to the data processor, Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich, Germany. Consent data include the following: Date and time of the visit or the consent/objection, device information, anonymised IP address. The data is processed for the purpose of compliance with legal obligations (burden of proof according to Article 7(1) GDPR) and the associated documentation of consents and is therefore based on Article 6(1)(c) GDPR. The data is stored in local storage. The consent data is stored for 3 years. The data is stored in the European Union. More information about the data collected and how to contact us is available at https://usercentrics.com/privacy-policy/.
Please also note the details stored for the respective cookies in the cookie settings, which, in accordance with Art. 13 GDPR, provide you with information in particular about the purpose, data collected, storage period, etc.
Your data protection and cookie settings
9. USE OF ANALYTICS TOOLS
Google Analytics
If you have declared your consent, Google Analytics 4, a web analytics service of Google LLC, will be used on this website. The data controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Extent of processing
Google Analytics uses cookies, which enable analysis of your use of our websites. The information about your use of the website collected by means of the cookies is typically transmitted to a Google server in the USA and stored there.
We use the user ID function. By means of the user ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyse user behavior across devices].
We use Google signals. This allows Google Analytics to collect additional information about users who have enabled personalised ads (interests and demographic data) and ads can be delivered to these users in cross-device remarketing campaigns.
Google Analytics 4 activates the anonymisation of IP addresses in the standard version. IP anonymisation causes your IP address to be truncated prior to being transmitted to the USA by Google within member states of the European Union or other states party to the Agreement on the European Economic Area. The complete IP address is only transmitted to a Google sever in the USA and truncated there in exceptional cases. According to Google, the IP address transmitted by your browser in line with Google Analytics is not merged with other Google data.
During your website visit, your user behaviour is recorded in the form of “events”. Events may be:
· page views
· first visit to the website
· start of session
· your “click path” and interaction with the website
· scrolls (whenever a user scrolls to the end of the page – 90%)
· clicks on external links
· internal search queries
· interaction with videos
· file downloads
· adverts viewed / clicked on
· language setting
The following data is also recorded:
· your approximate location (region)
· your IP address (in truncated form)
· technical information on your browser and the devices you use (e.g. language setting, screen resolution)
· your internet provider
· the referrer URL (which website/advertisement led you to this website)
Processing purposes
Google uses this information on behalf of the operator of this website to analyse your use of the website and compile reports about website activity. The reports provided by Google Analytics aid in the analysis of our website’s performance and the success of our marketing campaigns.
Recipients
Recipients of the data are/may be:
· Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as data processor according to Art. 28 GDPR)
· Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
· Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
There is no guarantee that US authorities do not access the data stored by Google.
Transfer to third countries
For cases in which data is processed outside the EU/EEA and no data protection level equivalent to the European standard is present, we have agreed EU standard contract clauses with the servicer provider to create an adequate level of data protection. The parent company of Google Ireland, Google LLC, is headquartered in California, USA. Transmission of data to the USA and access by US authorities to the data stored by Google cannot be excluded. From the perspective of data protection legislation, the USA is currently considered a third country. You do not have the same rights there as you have within the EU/EEA. You may not have access to any legal remedies against access by authorities.
Storage period
The data sent by us and linked to cookies is deleted automatically after 2 [OR: 14 months]. Data is automatically erased once a month at the end of the retention period.
Legal basis
The legal basis for this data processing is your consent according to Art. 6 (1) sentence 1 lit.a GDPR.
Revocation
You may revoke your consent at any time with effect for the future in the cookie settings. This does not affect the legality of processing conducted based on consent until the revocation.
You can also prevent the storage of cookies in advance by adjusting the settings of your browser software accordingly. However, if you make the setting in your browser to reject all cookies, this may limit some functionalities on this website and others. Furthermore, you can prevent Google collecting the data created by the cookie and relating to your use of the website (incl. your IP address) as well as the processing of this data by Google by
a. not issuing your consent to the placing of cookies or
b. downloading and installing the browser add-on to disable Google Analytics HERE.
More detailed information is available in the Google Analytics Terms of Service and Google data protection at https://marketingplatform.google.com/about/analytics/terms/us/ as well as at https://policies.google.com/?hl=en.
Dymatrix
We process data about your usage behaviour in order to provide our customers with personalised content and product recommendations on our website. The data required for this is collected by the Dymatrix service, pseudonymised and assigned to a customer segment. It is no longer possible to draw conclusions about individual persons.
The purpose of the processing is to calculate recommendations for customer segments.
Pseudonymous user profiles are created based on the various data collected during your visit to our online services. These are:
· Information on the device used
· Information on pages viewed during the website visit
· Information as part of the ordering process
· Information on access and entry data
· Customer data for creating multi-device, pseudonymous profiles
The legal basis for this data processing is your consent in accordance with Article 6 (1) (a) GDPR and Section 25 (1) TDDDG.
Trbo
On our website, data is collected and stored by trbo GmbH, Leopoldstr. 41, 80802 Munich (http://www.trbo.com/), from which usage profiles are created using pseudonyms in order to provide you with personalised customer benefits. Cookies that enable the recognition of an internet browser may be used for this purpose. These usage profiles aid in the analysis of visitor behaviour and are evaluated to allow us to improve our offerings and adapt them to demand. The pseudonymised usage profiles are not consolidated with personal data of the pseudonym holder without the express consent of the data subject, which must be given separately. You can object to this at any time via the following links:
The legal basis for this processing is your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TDDDG.
ChannelPilot
This website uses ChannelPilot, an online marketing tool of Channel Pilot Solutions GmbH.
The legal basis for this processing is your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TDDDG.
ChannelPilot uses cookies – text files which are stored on your computer and enable the analysis of your use of the website. The information generated by the cookies about your use of the website, such as
· browser type/version,
· referrer URL (previously visited site),
· host name of the accessing computer (IP address),
· time of the server request,
is typically transmitted to a ChannelPilot server in Germany and stored there. The IP address transmitted by your browser in line with ChannelPilot is not merged with other ChannelPilot data. In addition, ChannelPilot only stores your IP address for a short period (usually no more than 24 hours) and then makes it indecipherable. The temporary storage is conducted exclusively for the detection of potential click fraud (bot detection).
ChannelPilot uses this information on behalf of the operator of this website to assess the performance of connected online marketing channels such as idealo.de and Google Shopping. You can configure your browser software to block the storage of the cookies; however, please note that you may not be able to make full use of all functions of this website in this case. You are also able to prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to ChannelPilot, and the processing of these data by Channel Pilot, by using the opt-out option available at the following link: http://www.channelpilot.de/optout. An opt-out cookie is placed, which prevents the future collection of your data when visiting this website. The opt-out cookie only applies in the most recently used browser. If you erase your cookies in this browser, you will have to set the opt-out cookie again.
For more information about data protection related to ChannelPilot, see https://channelpilot.com/en/privacy-policy/.
Microsoft Ads
We use Microsoft technologies (Bing Ads) (bingads.microsoft.com) on our website, which are provided and operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (‘Microsoft’). Microsoft saves a cookie to your device for this purpose if you were redirected to our website via a Microsoft Bing advertisement. This allows us and Microsoft to determine that somebody clicked on an advertisement, was redirected to our website and reached a predefined target page (conversion page). We only receive information on the total number of users who have clicked on a Microsoft Bing advert and were then forwarded to the conversion site. Via the cookie, Microsoft collects, processes and uses information which allows it to create usage profiles using pseudonyms. These usage profiles aid in the analysis of visitor behaviour and are used to present advertisements. No personal information about the identity of the user is processed.
If you do not want Microsoft to use the information about your behaviour as explained above, you can reject the cookie required for this purpose – for example using the browser setting which blocks all cookies. You can further prevent the collection of the data related to your use of the website generated by the cookie and prevent Google from processing this data by installing the browser plugin available under the following link: http://choice.microsoft.com/de-DE/opt-out. More information on data protection and the cookies used by Microsoft and Microsoft Bing Ads is available on the Microsoft website at https://privacy.microsoft.com/de-de/privacystatement.
The legal basis for this processing is your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TDDDG.
Google Ads and Google Remarketing
We also use Google Conversion Tracking, an analysis service of Google Inc, on the website. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). In this case, Google Ads sets a (conversion) cookie on your device if you have reached our website via a Google ad. These cookies expire after 30 days and do not enable personal identification of users. If you visit certain pages on our website and the cookie is still valid, we and Google can recognise that someone clicked on the ad and was redirected to our website by it. Each Google Ads customer receives a different cookie. Therefore, cookies cannot be tracked across the websites of different Google Ads customers. The information obtained via the conversion cookies allow conversion statistics to be compiled for us. As a Google Ads customer, we see the total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that reveals the personal identity of users.
If you do not want information about your behaviour on the website to be processed in the tracking procedure, you can also reject the cookie required for this purpose – for example using the browser setting which blocks all cookies. You can also deactivate cookies for conversion tracking by adjusting your browser settings to ensure that cookies from the domain “googleadservices.com” are blocked.
We also use the Google Ads Enhanced Conversions function. This serves to optimise our advertising efforts in the Google advertising network. The purpose of this is to better identify groups of people within the Google advertising network who are most likely to conduct conversion events (e.g. purchase transactions) on our website. The conversion results are supplemented with additional first-party data for this purpose. This data is then transferred to Google in hashed form. This procedure supports data protection, as only the hashed / pseudonymised (SHA256) character string is transmitted to Google, not the actual data.
Google also offers you the chance to deactivate Google’s use of cookies for advertising purposes in the ads preferences. You can find these at https://www.google.com/settings/ads.
Alternatively, you can deactivate the use of cookies by third parties by accessing the deactivation page of the Network Advertising Initiative: http://www.networkadvertising.org/choices.
We use Google Remarketing technology. Remarketing allows previous users of our website to be reached again through targeted advertising on websites of third parties, including Google. Google determines which users are specifically addressed by temporarily linking the Google Analytics data described above and the individual IDs of the users registered with Google, thus allowing them to be addressed across multiple devices. Advertising on the websites of third-party providers, including Google, is also carried out through use of cookies.
More information on Google Analytics and Google Remarketing is available at http://www.google.com. You can find the Google privacy policy at https://policies.google.com/privacy?hl=en#information.
The legal basis for this processing is your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TDDDG.
Hotjar
We use Hotjar to better understand the needs of our users and to optimise this service and their experience. Hotjar is a technology service that helps us understand our users’ experience better (e.g., how much time they spend on which pages, which links they click on, what they like and dislike, etc.), and this allows us to build and maintain our service with user feedback. Hotjar collects feedback from website visitors to enable us to analyse and improve the use of our website and any errors that occur. Information is only processed if the user clicks on the corresponding button in the feedback form or actively participates in a survey. Hotjar uses cookies and other technologies to collect data about the behaviour of our users and their devices. This includes a device’s IP address (processed during your session and stored in anonymised form), device screen size, device type (unique device identifiers), browser information, geographic location (country only) and preferred language for viewing our website. Hotjar stores this information in a pseudonymised user profile on our behalf. Additional data such as email address and feedback text are only collected if the user actively provides them. Hotjar is contractually obliged not to sell any of the data collected on our behalf. More information is available in the ‘About Hotjar’ section of Hotjar’s support site.
More information is available at the “About Hotjar” section on Hotjar’s support page (link to https://help.hotjar.com/hc/en-us/sections/115003204947).
The legal basis for this processing is your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TDDDG.
10. Surveys
We regularly offer you the opportunity to participate in surveys. In addition to the information provided in this document, we would like to provide you with further details regarding this matter.
a. Purpose of Processing
The purposes of the surveys are, in particular, internal quality improvement and assurance, product or service optimisation, measurement of customer satisfaction, analysis of customer behavior to improve the user experience (UX), improvements to survey implementation, and market research.
b. Categories of data
i. Survey Data
As a rule, surveys are conducted anonymously. Additionally, the data collected in the respective survey will be processed, as well as any personal data you voluntarily provide to us, for example in free text fields.
For technical reasons, your IP address may need to be processed. However, this is not linked to the survey results.
ii. Metadata
In addition to the survey data, so-called metadata is also processed by us. This includes, in particular, the date and time when the response was given, operating system, browser type, device, language settings, possibly geolocation (generally only the country), and information about the response process (timing data for answering or data on survey termination).
a. Legal basis
The legal basis for this processing is our legitimate interests arising from the purposes mentioned above, in accordance with Article 6(1)(f) GDPR. Participation is voluntary. From your participation, we conclude that any interests you may have that require protection do not outweigh our interests.
Where applicable, your consent in accordance withArticle 6(1)(a) GDPR and Section 25(1) TDDDG may also serve as the legal basis, for example with regard to the use of cookies or if we explicitly obtain your consent. You can withdraw this consent at any time with effect for the future. To do so, please contact the data protection officer using the contact details provided here.
11. GOOGLE TAG MANAGER
This website uses Google Tag Manager. This service allows website tags to be managed via an interface. Google Tag Manager only implements tags. This means that no cookies are used and no personal data are collected. Google Tag Manager triggers other tags which may collect data. However, Google Tag Manager does not access this data. If deactivation occurs at the domain or cookie level, it will remain active for all tracking tags if they are implemented with Google Tag Manager.
Click here to be excluded from collection via Google Tag Manager.
More information on Google Tag Manager is available at:
https://support.google.com/tagmanager
https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/
12. SOCIAL PLUGINS
Our web pages use social plugins (“plugins”) from various social networks. These plugins allow you to share content and recommend products, among other things. The plugins are deactivated as standard on the Schiesser website and therefore do not send any data. Please refer to the privacy notices of the relevant social networks or websites regarding the purpose and scope of data collection and the further processing and use of the data by social networks as well as your rights and setting options in this regard to protect your privacy. The links for this are available further below. Even if you are not registered with the social networks, data can be sent to the networks by websites with active social plugins. An active plugin sets a cookie with an identifier each time the website is called up. Since your browser sends this cookie without being asked every time you connect to a network server, the network could in principle use it to create a profile of which web pages have been accessed by the user corresponding to the identifier. It would also be possible to assign this identifier to a person later, for example upon subsequent login to the social network.We use the following plugins on our web pages:
Meta (Facebook, Instagram), X, Youtube, Pinterest, Ekomi
12.1. META
12.1.1. META pixel (formerly Facebook pixel)
We use the visitor interaction pixel from Meta (formerly Facebook Pixel) on our website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Meta, the data collected is also transferred to the USA and other third countries. This means that Meta pixels are integrated into our web pages. The integration of the Meta pixel thus enables us to place and optimise targeted campaigns and measure the reach of our marketing measures.
The use of this service is based on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TDDDG. Consent may be withdrawn at any time.
When you visit our website, the Meta pixel establishes a connection between your browser and the Meta server and sets a cookie. Meta thereby receives the information to the effect that our website has been visited from your IP address. If you are a member of one of Meta’s social networks, that network is able to link this information to your profile and use it for the targeted display of adverts (e.g. Facebook Ads) unless you have objected to this in the data protection settings in your profile.
We would like to point out that we, as the provider of this website, are not provided with any information regarding the content of the transmitted data or their use by Meta. We are only able to select which segments of Meta users (such as age, interests) are shown our advertising. Here we use one of two Custom Audience methods with which no datasets and especially none of our users’ email addresses – either in encrypted or unencrypted form – are transmitted to Facebook. More information is available in the Facebook/Meta privacy policy at www.facebook.com/about/privacy.
If you wish to object to the use of Facebook Website Custom Audiences, you may do so at https: //www.facebook.com/ads/website_custom_audiences.
12.1.2. FACEBOOK
We use plugins of the social network facebook.com, a service provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
When visiting one of our websites with a Facebook plugin, your browser connects directly to the Facebook servers. The content of the plugin is directly transmitted to your browser by Facebook and is incorporated into the website by the browser.
By integrating the plugins, Facebook receives the information that a user has accessed the corresponding page on our website. If you are logged into Facebook, Facebook can match your visit with your Facebook account. When interacting with the plugins, for example by pressing the “Like” button or adding a comment, your browser transmits this information directly to Facebook, where it is then stored.
For the purpose and scope of data collection and further processing and use of the data by Facebook and your rights and configuration options in this respect to protect your privacy, please refer to the Facebook privacy policy. You can find this at http://www.facebook.com/about/privacy.
If you do not want Facebook to collect data about you through our website, please log out of Facebook before visiting our website.
Facebook Lead Ads
SCHIESSER uses Facebook Lead Ads to collect the contact information of interested persons in order to send them SCHIESSER newsletters or other information in future. The following information is collected here: Full name and email address. We use your name to address you personally and we use your email address to send you the desired information by digital means. The data provided to us by you via Facebook Lead Ads is used exclusively for the purpose of contacting you via the provided email address. You can object to the storage and use of the information provided via Facebook Lead Ads by sending your objection to our data protection officer.
12.1.3. INSTAGRAM
We use plugins of the social network Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).
If your are signed in to your Instagram account and link this website or its contents with your Instagram profile, various data, some of it personal, is transmitted to Instagram under certain circumstances in the course of this process. This means that Instagram is also informed about your visit to our website. We would hereby like to explicitly inform you that, as the provider of this website, we have little to no knowledge of the categories of this data, the contents of this data or their further processing and usage by Instagram. More information is available in the Instagram privacy policy at https://help.instagram.com/519522125107875?helpref=page_content.
12.1.4. General information on META
Meta also processes your data in the USA. Meta and its companies (Facebook, Instagram) have joined the EU-US Data Privacy Framework. This is intended to ensure that the personal data of EU citizens in the USA is handled in compliance with data protection regulations.
In addition, these companies also use the EU standard contractual clauses. These are contracts provided by the EU, which are also intended to secure the transfer of data to insecure third countries (such as the USA).
The aforementioned instruments (privacy framework and standard contractual clauses) oblige Meta to ensure that the European level of data protection is maintained when processing data of European citizens, even if the data is processed in the United States.
More information is available at:
https://www.facebook.com/legal/terms/dataprocessing
https://www.facebook.com/privacy/policy
We have established joint responsibility with Meta for the cooperation described in this data protection declaration in accordance with Implemented in accordance with Article 26 GDPR.
We are therefore jointly responsible with Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) for the collection and transmission of data as part of this process. The joint responsibility applies to the creation of individualised or suitable ads, as well as their optimisation and the delivery of commercial and transactional messages (e.g. via Messenger).
The processing that takes place after collection and transfer is the sole responsibility of Meta and is therefore not covered by joint processing. We are therefore unable to provide any information in this regard.
The creation of reports and analyses in aggregated and anonymised form is conducted as part of commissioned processing and is therefore our responsibility.
You can find information on the contract we have concluded with Facebook within the framework of joint responsibility here: https://www.facebook.com/legal/controller_addendum.
Meta may serve as a point of contact for the exercise of data subjects’ rights (see Section 1.3) in accordance with the agreement.
We transmit the data within the scope of joint responsibility on the basis of the legitimate interest in accordance with Article 6(1)(f) GDPR.
Other recipients of the data, if applicable, as available in section 1.4 of the agreement.
12.2. X (Twitter)
We use plugins from the social network X, which is operated by Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“X”).
You can find the link to the X Privacy Policy here: X Privacy Policy.
If you use these X services and the ‘Re-Tweet’ service, the websites you visit are linked to your X account and may also be displayed to other users. As part of this process, various data, including personal data, is also transmitted by you to X. If you are registered with Twitter, for example, the information that you have visited our website and possibly used one of the plug-ins is also sent to X. We would like to explicitly state that we, as the provider of this website, have little to no knowledge of the categories of this data, the content of this data, or its further processing and use by X. More information is available in the X privacy policy at https://X.com/privacy.
You can adjust your personal data protection settings for your X account in your account settings at https://X.com/account/settings.
12.3. PINTEREST
We use plugins of the social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, USA (“Pinterest”).
You can find the link to the Pinterest privacy policy here: Pinterest privacy policy.
For the purpose and scope of data collection and further processing and use of the data by Pinterest and your rights and configuration options in this respect to protect your privacy, please refer to the Pinterest privacy policy: https://policy.pinterest.com/en/privacy-policy.
12.4. YOUTUBE
We use plugins of the website YouTube, which is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, United States (“YouTube”).
If you are signed in to your YouTube account and link this website or its contents with your YouTube profile, various data, some of it personal, is transmitted to Google under certain circumstances in the course of this process. This means that Google is also informed about your visit to our website. We would hereby like to explicitly inform you that, as the provider of this website, we have little to no knowledge of the categories of this data, the contents of this data, or its further processing and usage by Google. More information is available in the YouTube/Google privacy policy at: https://policies.google.com/privacy?hl=en.
12.5. EKOMI
To allow you to make product reviews, we have integrated review software from eKomi Ltd (“eKomi”) into our online shop. eKomi allows you to leave a review describing your satisfaction with our service and/or products. After you place your order, we will send you an email (possibly also via eKomi) asking you to leave a review. For this purpose, eKomi is provided with personal data (legal basis here is Art. 6 (1) lit. b or f GDPR). For more detailed information on eKomi data protection, visit https://www.ekomi.com/privacy/. You can object to this use of your data at any time.
When leaving your review via eKomi, you can provide us with your email address so that we can contact you at a later date. This allows us to respond to your feedback, answer your questions and provide other forms of assistance, for example. We would like to inform you that providing your email address and any other data is voluntary and subject to the privacy policy of eKomi. eKomi bears exclusive responsibility for the handling of the personal data which you provide them with directly.
13. ABlyft
ABlyft is a service of Conversion Expert GmbH, Zeppelinring 52c, 24146 Kiel, Germany https://ablyft.com
ABlyft collects information on user behaviour in order to improve the user-friendliness of the website.
No personal data is stored on the platform. Data is only stored in aggregated form. User data (IDs etc.) is not stored, however a cookie is set.
You are entitled to object to the use of ABlyft at any time by clicking on the following link:
schiesser.com?ablyft_opt_out=true
The legal basis for this processing is your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TDDDG.
14. Supermetrics
Our website uses the services of Supermetrics of the Supermetrics Group, Kaivokatu 10 A, 00100 HELSINKI, Finland. The service is used to collate various marketing data.
More information about Supermetrics and the data processed when using Supermetrics is available at https://supermetrics.com/privacy-policy
15. Retargeting
15.1. CRITEO
Our website uses cookies/advertising IDs for advertising purposes. This allows us to show our advertisements to visitors who are interested in our products on partner websites, in apps and in emails. Retargeting technologies use cookies or advertising IDs and show advertisements according to your previous browsing behaviour. Please visit the following websites to overrule these interest-based advertisements:
· http://www.networkadvertising.org/choices/
· http://www.youronlinechoices.com/
We can exchange information such as technical identifiers from your registration data on our website or our CRM system with reliable advertising partners. Therefore, your devices and/or environments can be connected and you can be offered seamless user experience with the devices and environments you use. Please refer to the privacy policy, which you can find on the aforementioned platforms for more details on these connectivity options or the following comments.
Criteo privacy policy: https://www.criteo.com/privacy/.
15.2. RTB
In order to carry out personalised advertising campaigns, SCHIESSER processes certain data about users' online activities on this website. Such data may include: Online identifiers (e.g. cookie ID / mobile advertising ID), information about specific pages visited, products viewed or added to the shopping cart and purchased along with timestamps, as well as technical device and browser details. SCHIESSER commissions RTB House GmbH, an advertising technology company, as a third-party subcontractor to conduct advertising campaigns and display personalised advertisements to users based on this data. Insofar as this data constitutes 'personal data' within the meaning of the GDPR, SCHIESSER acts as the controller and RTB House GmbH as the processor. Further information about the RTB House retargeting technology can be found at: https://www.rtbhouse.com/privacy-center/)
16. AFFILIATE MARKETING
nonstoppartner.net smartTracking is provided by Hearts & Science München GmbH, Blumenstraße 28, 80331 Munich, Germany. You are entitled to object to the collection and analysis of your data by means of this tool by using the opt-out process available here.
Schiesser processes your personal data to conduct affiliate marketing campaigns. This allows us to keep track of which third-party providers of websites, apps or other technologies have referred potential customers to our website and apps (“referrers”) and pay them commission in return for these referrals. In this context, we are pursuing a legitimate interest in conducting an online advertising campaign which is subject to performance-based remuneration. We work with Awin, who help us conduct these affiliate marketing campaigns. You can find the Awin privacy policy here. It contains information about your rights in relation to data processing by Awin. In some cases, Awin may receive a restricted profile relating to you. However, this will not reveal your identity, your online behaviour or any other personal traits. The sole purpose of this profile is to determine whether the referral was initiated on one device and completed on another. In some cases, Awin and the referrer of the potential customer may receive and process your personal data in order to conduct the affiliate marketing campaign with us. Equally, we receive the personal data of potential customers from Awin and the referrers, which can be broken down into the following categories: cookie data, data regarding the website, app or technology from which a potential customer was referred to us and technical information about the device you use.
17. VOUCHER OFFERS FROM SOVENDUS GMBH
To allow us to select a voucher offer which is currently of interest to you, we transmit the hash value of your email address and IP address in pseudonymised and encrypted form to Sovendus GmbH, Moltkestr. 11, 76133 Karlsruhe, Germany (“Sovendus”) in accordance with Art. 6 para. 1 lit. f GDPR. The pseudonymised hash value of your email address is used to consider a possible objection to Sovendus advertising (Art. 21 para. 3 GDPR, Art. 6 para. 1 lit. c GDPR). Sovendus uses the IP address exclusively for data security purposes and, as a rule, anonymises it after seven days (Art. 6 para. 1 lit. f GDPR). We also transmit the order number, order value, currency, session ID, coupon code and timestamp in pseudonymised form to Sovendus for the purpose of invoicing (Art. 6 (1) lit. f GDPR). If you are interested in a voucher offer from Sovendus, there is no advertising objection assigned to your email address and you click on the voucher banner only displayed in this instance, we transmit your title, name and email address in encrypted form to Sovendus for the preparation of the voucher (Art. 6 (1) lit. b and f GDPR).
For more information on the processing of your data by Sovendus, please see the online privacy notice at https://www.sovendus.de/de/datenschutz/https://online.sovendus.com/en/online-privacy-notice/https://www.sovendus.de/at/datenschutz/.
18. CREDIT AND ADDRESS CHECKS
During the order process, we transmit collected personal data about the solicitation, execution and termination of this business relationship as well as data about non-contractual or fraudulent behaviour, if applicable, to CRIF Bürgel GmbH, Leopoldstraße 244, 80807 Munich, Germany.
The legal basis of this transmission is Art. 6 (1) sentence 1 (b) and (f) GDPR. The data communication with CRIF Bürgel GmbH also ensures compliance with legal obligations to perform credit checks (§§ 505a and 506 German Civil Code - BGB).
CRIF Bürgel GmbH processes the received data and also uses it for profiling (scoring) in order to provide its contractual partners in the European Economic Area and Switzerland, plus any applicable third countries (if these countries have been recognised by the European Commission by means of an adequacy decision), with information about the creditworthiness of natural persons, among other things. More detailed information about the activities of CRIF Bürgel GmbH is available in their information leaflet or online at https://www.crif.com/privacy/.
As part of the address and creditworthiness check, SCHIESSER may use automated decision-making in accordance with Art. 22 GDPR. We would like to inform you of this as a precaution. In the case of automated decision-making, the address data you provided, the value of your order, and previous experience are taken into account in the decision. Depending on the result, you may be offered the option to purchase on account. If this is not the case, an alternative payment method will always be available to you.
19. Klarna
You can also pay with us using the Klarna service. The provider of this service is Klarna AB, Sveavägen 46, 111 34 Stockholm, Sweden.
If you wish to use Klarna, the transmission of various personal data from you to Klarna is required in order to fulfill the contract between you and SCHIESSER (the legal basis is therefore Art. 6 para. 1 sentence 1 lit. b GDPR). In particular, this includes your name, address, date of birth, gender, email address, telephone number and data relating to your order. This data is used in particular for identity and credit checks, payment administration and fraud prevention by Klarna.
Klarna uses various scoring values to decide whether your purchase can be made on account. For this purpose, various recognized mathematical and statistical methods are used. We do not know which procedures are used, nor do we have any influence on the type and purpose of the processing of your data by Klarna. If you have any questions about the processing of your data by Klarna or if you wish to object to the processing of your data by Klarna, please contact Klarna directly.
Details on the processing of your personal data by Klarna are available in Klarna’s privacy policy. You can find these at https://www.klarna.com/de/datenschutz/.
Klarna also uses cookies to optimise the Klarna checkout solution. The legal basis for this processing is your consent in accordance with Article 6(1)(a) GDPR and Section 25(1) TDDDG.
Klarna cookies remain on your end device until you delete them. Details on the use of Klarna cookies are available at: https://cdn.klarna.com/1.0/shared/content/policy/cookie/de_de/checkout.pdf.
20. ERASURE
Stored personal data is erased if you revoke your permission for us to store it, if the knowledge of that information is no longer necessary for the purpose for which it had been stored, or if the storage of that information is not permitted for other legal reasons, unless legal retention obligations forbid erasure, in which case the data is blocked rather than erased.
21. YOUR RIGHTS
You are entitled in particular to request information on the purpose of processing, the category of the personal data, the category of recipient to whom your data has been or is to be disclosed, the planned storage period, the right to correction, deletion, restriction of processing or objection, the right of complaint, the source of your data if it has not been collected by us, as well as information on automated decision-making including profiling and, if applicable, material information relating to their details.
If any of your data stored by us is inaccurate, you may of course demand correction or completion of your data.
You may also request the erasure of your data unless processing is required to exercise the right to free speech and information, to comply with legal obligations, for reasons of public interest or to assert, enforce or defend against legal claims. We grant this request for erasure without delay, but we of course need to observe any applicable legal retention obligations.
You may also request the restriction of processing of your personal data if you contest the accuracy of the data, the processing is unlawful and you oppose the erasure of the data and we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims, or you have objected to processing (including pursuant to Article 21 GDPR).
If you have given us your consent to use your data, you are entitled to revoke it at any time with future effect.
You also have a right to data portability. Subject to a request from you, we provide you with your data in a machine-readable format.
Right to object: If your personal data is processed on the basis of legitimate interests (in accordance with Article 6(1)(f) GDPR), you have the right (pursuant to Article 21 GDPR) to object to the processing of your personal data, provided there are reasons arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right of objection, which is implemented by us without specifying a special situation. If you wish to object, in particular to direct advertising, please send your objection to the data protection officer via the contact details specified here.
Please send any information requests, information enquires, requests for erasure, etc. or objections to data processing to our data protection officer via the contact details given below.
You have the right to complain to a data protection supervisory authority if you do not consent to our data processing.
We would however appreciate you speaking to us first so that we can clarify any ambiguities or uncertainties together.
22. LINKS
If you use external links which are advertised on our web pages, our privacy policy shall not extend to these links.
If we provide links to other websites, we will strive to ensure that they also meet our standards of data protection and security. However, we have no influence on the compliance of other site owners with data protection and security regulations. Therefore, please also familiarise yourself with the information regarding privacy policies provided on the web pages of other respective site owners.
23. TRANSMISSION OF DATA TO THIRD PARTIES OR THIRD COUNTRIES
We will not transmit your data to third parties without legal basis. Furthermore, we will not transfer your data to third countries, unless you are located in a third country or contract processing requires the transfer of your data to a third country. The only exceptions here are the analytical tools mentioned in this privacy policy (see Items 8 and 9).
The GDPR and the Swiss Federal Act on Data Protection (CH-DSG) impose strict requirements for the transfer of personal data to so-called third countries. For some third countries, the European Commission has decided that they offer an adequate level of data protection (e.g., Switzerland, Canada, Argentina). Switzerland has agreed with this assessment. Insofar as we transfer data to a third-party country for which such an adequacy decision does not exist, the corresponding data transfer - unless otherwise stated in this privacy policy - is based on a contract between us and the relevant recipient using the standard data protection clauses of the European Union and, if applicable, further supplementary measures agreed with the recipient to ensure an adequate level of data protection. These standard data protection clauses alone oblige the recipient of the data to process the data pursuant to European standards, even if the data is processed in the USA (or another insecure third-party country).
You can find more information about the standard data protection clauses at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj.
24. CHILDREN AND YOUNG PEOPLE
In principle, persons under 18 years of age should not transmit any personal data to us without the consent of their parent or guardian. We would also like to expressly inform you that we do not explicitly request personal data from children and young people, nor do we collect it or transmit it to third parties.
25. DATA SECURITY
We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from risks during data transmission and to prevent third parties gaining knowledge. These are adapted to the current state of the art at all times.
26. CHANGES TO OUR PRIVACY POLICY
We reserve the right to change our security and data protection measures if this becomes necessary due to technical developments, changes in our processing or changes in the legal situation. In such cases, we adapt our data protection information accordingly. Therefore, please ensure that you always have the latest version of our privacy policy.
27. AUTOMATED DECISION-MAKING INCLUDING PROFILING
Except for the exceptions stated in this Privacy Policy, SCHIESSER does not use automated decision-making including profiling.
28. CONTACT PERSON FOR DATA PROTECTION QUERIES
If you have further questions related to how your personal data is collected, processed and used, please contact our data protection officer:
SCHIESSER GmbH
Data Protection Officer
Schützenstrasse 18
78315 Radolfzell
Germany
or via email: datenschutz@schiesser.com.
29. Video surveillance
SCHIESSER AG takes data protection and the protection of your personal data very seriously. Personal data also includes video surveillance data. In the following, we would like to provide you with comprehensive information about the processing of your personal data in the context of video surveillance in our stores, even beyond the legal requirements.
29.1. Identity of the party responsible for video surveillance (Art. 13 para. 1 lit. a GDPR)
SCHIESSER GmbH
Schützenstrasse 18
Tel.: +49 (0) 7732 / 90-0
78315 Radolfzell
http://www.schiesser.com
29.2. Contact details of the company Data Protection Officer (Art. 13 para. 1 lit. b GDPR)
You can reach the SCHIESSER data protection officer using the following contact details:
By email: datenschutz@schiesser.com
By post: SCHIESSER GmbH
Data Protection Officer
Schützenstrasse 18
78315 Radolfzell
29.3. Purposes of processing and legal basis in keywords (Art. 13 (1) (c) GDPR)
Protection against theft and vandalism, proof of damage to regulatory bodies (insurance companies, etc.), facilitating the prosecution of criminal offenses, protecting employees from assaults, exercising domiciliary rights, defending and exercising legal claims
The legal basis in each case is Art. 6 (1) (f) GDPR
29.4. Categories of personal data
Only video data, i.e. image recordings, are recorded as categories of personal data.
29.5. Specification of the legitimate interest (Art. 13 (1) (d) GDPR)
The following legitimate interests (Art. 6 (1) (f) GDPR) of the operator are pursued: Protection against theft and vandalism, proof of damage to regulatory bodies (insurance companies, etc.), facilitating the prosecution of criminal offenses, protecting employees from assaults, exercising domiciliary rights, defending and exercising legal claims
29.6. Duration of storage (Art. 13 (2) (a) GDPR)
The video recordings are usually stored for 48 hours. If there is a need for further storage due to the aforementioned incidents, this period is extended as required.
29.7. Recipients or categories of recipients
The video data may be forwarded to the following recipients for the aforementioned purposes (e.g. in the event of a robbery): Law enforcement authorities, regulatory bodies (insurance companies, etc.), internal SCHIESSER departments, SCHIESSER service providers
29.8. Transfer to a third country
There are no plans to transfer the video data to a third country.
29.9. Your rights
See above, section 20.
29.10. Source of the personal data
The exclusive source of the personal data collected from you in the context of video surveillance is the video surveillance itself.
29.11. Provision of personal data
The operator has a legitimate interest in collecting, processing and using the video data. If you do not wish the data to be made available, a visit to the store is not possible.
30. Applications
The companies listed below operate the application platform and subsequent applicant management up to the establishment of the employment relationship and personnel management as joint controllers in accordance with Article 26 of the EU General Data Protection Regulation (GDPR). Information on this is provided below.
30.1. Controller centres - Joint responsibility in accordance with Article 26 GDPR
SCHIESSER Gesellschaft m.b.h.
Moosfeldstrasse 1
A-5101 Bergheim, Germany
SCHIESSER GmbH
Schützenstrasse 18
78315 Radolfzell, Germany
SCHIESSER International ApS
Automatikvej 1
DK-2860 Søborg,
Stephanie Square Centre Stephanie Square Centre
Avenue Louise 65 Louizalaan 65
Box 11 Box 11
1050 Brussels 1050 Brussel
SCHIESSER Poland spólka z o. o.
Towarowa 7
00-839 Warsaw
SCHIESSER Schweiz GmbH
Thurgauerstrasse 117
8152 Glattpark (Opfikon)
and
SCHIESSER International Nederland B.V.
Stadsweide 610
6041 TP Roermond
as the “controller”
The aforementioned controllers have defined the following areas of activity as joint controllers with regard to the application process:
Impact area 1:
A. Provision of a platform for job applications
B. Implementation of the job application process
C. Implementation of the personnel management
D. Provision of processes and structures and
E. the fulfilment of the information obligations in accordance with Articles 13 and 14 GDPR / Articles 19 et seq. CH-FADP
Impact area 2:
A. Decision on the establishment/justification of the employment relationship
B. Implementation/termination of the employment relationship
SCHIESSER GmbH, Schützenstraße 18, 78315 Radolfzell, Germany, is responsible for the processing of personal data within the scope of joint controllership in Impact area 1.
1. Collection of the data
Collection of the personal data of the relevant data subject groups (applicants) - (step A); information obligations in accordance with Articles 13, 14 and 26 (2) sentence 2 GDPR / Articles 19 et seq. CH-FADP – (Step A)
2. Storage of the data
Storage of the data in the applicant management system (steps A and B) and, if applicable, storage of the data in the personnel management system when an employment relationship is established (step C). Information obligations in accordance with Articles 13, 14 and 26(2) sentence 2 GDPR / Art. 19 et seq. Swiss FADP - (Step C)
3. Processing / use of the data
Recording and processing / evaluation of the above-mentioned data categories, in particular in the application management system to screen relevant applicants. Forwarding the data to the relevant controllers. When an employment relationship is established, the data is forwarded to the HR department and stored in the personnel management system.
The subject of processing in Scope 1, the legal basis of which is Art. 6(1)(b) GDPR / Art. 328b Swiss Code of Obligations, includes the following types/categories of data:
· Master data
· Employment contract data (employment contract, notices of termination, warnings, (interim) disciplinary data, etc.)
· Certificates, attestations, etc.
· Data relating to the company pension scheme
· Wage and salary data
· Telecommunications data
· Health data (proof of any severe disability and similar data and documents)
All parties are responsible for the processing of personal data in Impact area 2 within the scope of joint responsibility.
1. Collection of data
Collection of additional personal data of the relevant data subject groups (applicants) (step A).
2. Processing / use of the data
Recording and processing/evaluation of the above-mentioned data categories, in particular in the application management system to screen the relevant applicants (step A)
The subject of processing in Scope 2, the legal basis of which is Art. 6(1)(b) GDPR / Art. 328b Swiss Code of Obligations, includes the following types/categories of data:
· Master data
· Employment contract data (employment contract, notices of termination, warnings, (interim) disciplinary data, etc.)
· Certificates, attestations, etc.
· Application data
The controllers are jointly responsible for the process stages described below:
· Determination of the purpose of data processing (DP)
· Determination of the categories of personal data concerned
· Safeguarding of data subject rights pursuant to Articles 15, 16, 17, 18, 19, 20, and 21 GDPR / Article 19 et seq. Swiss Federal Act on Data Protection (CH-FADP)
· Documentation of technical and organisational measures (TOM) pursuant to Article 32 GDPR / Articles 6, 7, and 8 CH-FADP
· Risk assessment and (if necessary) performance of data protection impact assessments (DPIA) pursuant to Article 35 GDPR / Articles 22, 23 CH-FADP
· Coordination with the supervisory authorities
· Evaluation and monitoring of processors pursuant to Article 28 GDPR / Article 9 CH-FADP
· Provision and documentation of records of processing activities (RPA) pursuant to Article 30 GDPR / Article 12 CH-FADP
· Assessment and communication in the event of data protection breaches pursuant to Articles 33, 34 GDPR / Article 24 CH-FADP.
30.2. Data Protection Officer
Should you have any further questions regarding the collection, processing and use of your personal data, please contact our data protection officer by email at datenschutz@schiesser.com.
By post:
SCHIESSER GmbH
Data Protection Officer
Schützenstrasse 18
78315 Radolfzell
Germany
30.3. Order processing
To efficiently conduct application procedures, we use an applicant management system provided by d.vinci HR-Systems GmbH, Nagelsweg 37-39, 20097 Hamburg, which operates applicant management as a processor as defined by Article 4 No. 8 GDPR / Article 9 CH-FADP. A data processing agreement pursuant to Article 28 GDPR / Article 9 CH-FADP has been concluded with the provider to ensure compliance with data protection regulations.
For the exercise of your data subject rights as well as the handling of the application process, we remain your primary point of contact. You may contact us or the Data Protection Officer directly using the contact details of the responsible parties provided above.
30.4. Subject matter of data protection
The subject of data protection is the processing of personal data, specifically in the context of applicant management. This includes, pursuant to Article 4 No. 1 GDPR / Article 5 CH-FADP, all information relating to an identified/specific or identifiable/specific natural person (hereinafter referred to as the “data subject”), which is required for the decision regarding the establishment of an employment relationship or, after the establishment of the employment relationship, for its execution or termination, in accordance with Article 6(1)(b) GDPR / Article 328b Swiss Code of Obligations (OR).
As part of the application process and/or the use of the system, processing activities may also take place that are either based on legitimate interest in accordance with Article 6(1)(f) GDPR or on the basis of your consent in accordance with Article 6(1)(a) GDPR. Processing activities may also be considered if there is a legal obligation to process data or if processing is in the public interest, as set out in Article 6(1)(c) and (e) GDPR, for example in the context of criminal prosecution or investigations by public authorities. The individual settings in your web browser, the configuration of the corresponding cookie settings and your user behaviour allow you to determine and control the scope of processing yourself.
30.5. Collection and use of your data
a) Visit the website (Impact area 1)
For operational and maintenance purposes and in accordance with the provisions of telemedia regulations, interaction is recorded (“system logs”), which are required for the operation of the website or processed for system security purposes, for example to analyse attack patterns or illegal usage behaviour (“evidence function”).
Your internet browser automatically transmits the following data when you access the career portal:
· date and time of access,
· Browser type and version,
· operating system used,
· quantity of data sent.
· IP address of the access
This data is not used for direct allocation in the context of applicant management and is deleted again promptly in accordance with the legitimate retention periods, unless longer retention is required for legal or factual reasons, for example for evidence purposes. In individual cases, storage for the aforementioned purposes may be considered. The legal basis is Article 6(1)(f) GDPR and, in particular, the provisions of the TDDDG (Section 3 et seq.).
b) Session cookies (Impact area 1)
Information on the cookies we use are available above in this document under the section “Cookies”.
c) Application process (Impact areas 1 and 2)
When applying to us, we recommend that you provide the following information to ensure an efficient and successful application (Impact area 1):
· Contact details (address, telephone number)
· Curriculum vitae data e.g.
· School education
· Vocational training
· Professional experience
· Language skills
· Profiles in social networks (e.g. XING, LinkedIn, Facebook)
· Documents in connection with applications (application photos, cover letters, certificates, references, work samples, etc.)
The legal basis for processing for the purpose of conducting the application process and initiating an employment relationship is Article 6(1)(b) GDPR / Article 328(b) CO (Scope 1 and 2). In addition, the use of the applicant management system by controllers is in the legitimate interest in accordance with Article 6(1)(f) GDPR) (Scope 1 and 2).
If consent (within the meaning of Article 6(1)(a) GDPR) is required for a specific processing activity, it will be obtained separately and transparently by the respective controller, unless it results from the transparency requirement through conclusive and voluntary conduct on your part, such as voluntary participation in a video interview (Scope 1 and 2).
d) Forwarding of data
SCHIESSER and its affiliated companies use a central service company for personnel management, SCHIESSER GmbH, Schützenstraße 18, 78315 Radolfzell. This constitutes Scope 1. If you have applied for a position with another employer within SCHIESSER, Scope 1 may be left in the event of a positive evaluation of your application, and the data will be transferred to your potential future employer (Scope 2).
Accordingly, access by internal departments and professional personnel of the respective controller (your potential future employer (Scope 2)) is required for the decision on establishing the employment relationship. For this purpose, your information may be forwarded by email or within the management system to additional persons at the respective controller. The legal basis may be Article 6(1)(b) and (f) GDPR / Article 328b CO.
However, your data is not passed on to unauthorised third parties in the context of applicant management and is only processed for the purposes described in this information in accordance with Article 13 GDPR / Article 19 et seq. Swiss FADP.
The transfer also takes place within the framework of order processing in accordance with Article 28 GDPR / Article 9 Swiss FADP, i.e., within the scope of processing activities in which the controller has a legitimate interest in outsourcing processing activities that it would otherwise be entitled to carry out itself. The controller in this case takes the measures to ensure compliance with data protection regulations.
Disclosure to third parties may also take place for the defence of legal claims based on legitimate interest or in the context of the investigation of or disclosure to government agencies, insofar as this is required by law or there is an obligation to disclose. The information obligations towards data subjects within the meaning of Articles 13, 14 GDPR / Article 19 et seq. Swiss FADP will be fulfilled in advance of the respective disclosure, insofar as these must be fulfilled separately.
30.6. Talent pool (Impact area 1)
If your application is unsuccessful, you may be included in our talent pool if you click on the Contact Us button. If a similar or otherwise suitable position is open, we are then able to contact you. Admission to the talent pool takes place on a voluntary basis.
The legal basis for this is your consent (within the meaning of Article 6(1)(a) GDPR) to be included in the talent pool. You may revoke this consent to inclusion in the pool at any time with effect for the future. Please contact our data protection officer using the contact details provided above. We also write to you after 2 years to ask whether you would still like to be part of the talent pool.
30.7. Deletion and use of data (Impact areas 1 and 2)
Your data is stored for the duration of the application process and in accordance with the legitimate retention periods after completion of the application process. Data is deleted 6 months after rejection and at the latest after termination of your employment. After the retention period expires, the data is completely anonymised. The processing of anonymised data records is not subject to the material scope of the data protection regulations, so that anonymised data can be processed for statistical and analytical purposes, for the creation of market studies or for product development.
30.8. Messenger (Impact area 1)
We use Messenger for communication purposes and therefore ask you to observe the following information on the functionality of Messenger, on encryption, on the use of communication metadata and on your options to object.
You are also able to contact us by alternative means, e.g. by telephone or email. Please use the contact options provided to you or the contact options provided within our online offer.
In the case of end-to-end encryption of content (i.e. the content of your message and attachments), we would like to point out that the communication content (i.e. the content of the message and attached images) is encrypted from end to end. This means that it is not possible to view the content of the messages, not even by the Messenger providers themselves. You should always use an up-to-date version of Messenger with encryption enabled to ensure that the message content is encrypted.
However, we would also like to point out to our communication partners that although the providers of the Messenger are not able to view the content, they are able to find that out and when communication partners communicate with us and that technical information about the device used by the communication partners and, depending on the settings of your device, location information (metadata) is also processed.
a) Processed data types
· See above.
· Meta/communication data (e.g. device information, IP addresses)
b) Legal bases and purposes
If we ask communication partners for permission before communicating with you via Messenger, the legal basis for our processing of your data is their consent (in accordance with Article 6(1)(a) GDPR). Otherwise, if we do not ask for your consent and you contact us, for example, we use Messenger in relation to our contractual partners and in the context of contract initiation as a contractual measure (in accordance with Article 6(1)(b) GDPR) and, in the case of other interested parties and communication partners, on the basis of our legitimate interests (in accordance withArticle 6(1)(f) GDPR) in ensuring swift and efficient communication and in fulfilling the needs of our communication partners with regard to communication via Messenger. Furthermore, we would like to point out that we do not transmit the contact details provided to us to Messengers for the first time without your consent. In addition to the purposes described above, these include in particular the processing of contact requests, communication and applicant management.
c) Revocation, objection and deletion
You may revoke your consent at any time with effect for the future and object to communication with us via Messenger at any time. In the case of communication via Messenger, we delete the messages in accordance with our general deletion guidelines (i.e., for example, as described above, after the end of contractual relationships subject to statutory retention requirements) and otherwise as soon as we can assume that we have answered any information from the communication partners, if no reference to a previous conversation is to be expected and the deletion does not conflict with any statutory retention obligations. You also have the option of cancelling the interview using the “/stop” command. The data is then deleted immediately.
d) Right to refer to other means of communication
Finally, we would like to point out that, for your security, we reserve the right not to answer enquiries via Messenger. This is the case if, for example, internal contractual details require special confidentiality or a reply via Messenger does not meet the formal requirements. In such cases, we refer you to more appropriate communication channels.
e) Services used and service providers
WhatsApp (via PitchYou, see below): WhatsApp Messenger with end-to-end encryption; service provider: WhatsApp Inc. WhatsApp Legal 1601 Willow Road Menlo Park, California 94025, USA; website: https://www.whatsapp.com/; Privacy Policy: https://www.whatsapp.com/legal.
f) Order processor PitchYou
The application via WhatsApp function is provided by an IT service provider (PitchYou GmbH,
Campusallee 9, D-51379 Leverkusen), who is able to access your data for this purpose. Further information can be found here: https://www.pitchyou.de/datenschutz. We have concluded an order processing contract with PitchYou in accordance with Article 28 GDPR.
Candidate data from “Application via WhatsApp” is transferred to us via an interface and deleted from the “Application via WhatsApp” infrastructure in PitchYou immediately after transfer. Further processing will then take place exclusively and directly at SCHIESSER. In addition, you have the option to terminate the interview in the Messenger by using the command "/stop". The data is then deleted immediately. The legality of the processing undertaken on the basis of the consent until the withdrawal of consent is not affected by the withdrawal of consent.
30.9. Further information in accordance with Article 26 GDPR
The above-mentioned companies operate the application platform and the subsequent applicant management up to the establishment of the employment relationship as joint controllers for processing, inter alia, in accordance with Article 26 of the EU General Data Protection Regulation (GDPR).
The controllers have defined the purposes and means of the data processing they perform jointly for this purpose.
A joint controllership agreement in accordance with Article 26 GDPR between the above-mentioned companies. This contract sets out the specific obligations, rights and responsibilities of each company when processing personal data jointly in the context of the processing in question.
Below, we inform you, inter alia, in accordance with Article 26(2) sentence 2 GDPR about the essential contents of this agreement.
a) Impact areas
The areas of activity and the corresponding responsibilities are described above.
b) Content of the agreement in accordance with Article 26
1. Definition of responsibility
The agreement regulates the responsibilities of the parties, in particular in the different process areas mentioned above. In addition, the obligations of the parties with regard to the principle of data minimisation within the meaning of Article 5 (1) c) GDPR and special obligations for the contracting parties responsible in the individual process areas, such as compliance with the data protection regulations, are specified.
2. Legal basis
The agreement documents the legal bases of the parties in the processing of data.
3. Categories of data
The agreement documents the categories of data processed (see above).
4. Categories of data subjects
The agreement documents the categories of data subjects processed.
5. Order processor
If processors are engaged, the contracting parties undertake to conclude appropriate data processing agreements in accordance with Article 28 GDPR / Article 9 Swiss Data Protection Act.
6. Rights to information
The agreement obliges the contracting parties to process requests for information or other claims to data subjects’ rights and defines corresponding mutual obligations to provide information.
7. Further obligations
The agreement obliges the contracting parties to comply with further requirements under data protection regulations (such as, if applicable, conducting a data protection impact assessment, obliging employees to maintain confidentiality, complying with retention obligations, observing the principles of data protection by design and data protection-friendly default settings, using appropriate state-of-the-art technical and organisational measures, taking measures in the event of a breach of the protection of personal data and the associated reporting obligations, etc.).
8. Further information
Data subjects may contact the SCHIESSER data protection officer at any time. Please contact our data protection officer using the contact details provided above.
However, data subjects may also exercise their rights in relation to the processing operations under joint responsibility against one of the jointly responsible companies mentioned above.
SCHIESSER GmbH, Schützenstraße 18, 78315 Radolfzell, Germany, coordinates with the relevant company, if necessary, with regard to enquiries addressed to it in order to answer the enquiry effectively.
