Data protection declaration according to GDPR
I. Name and address of the person responsible
In accordance with the GDPR and other national data protection laws of the member states as well as other data protection regulations, the person responsible is:
Carl Schröter GmbH & Co. KG
Martinistraße 8-10, 28195 Bremen, Deutschland
Telephone: +49 (0)421 36909-0
II. Name and address of the data protection officer
The data protection officer is:
AMZ Arbeitsmedizinische Zentraldienst GmbH
Muhliusstraße 53, 24103 Kiel, Deutschland
Telephone: +49 (0) 431 55 22 66
III. General remarks on data processing
Thank you for your interest in our company, which is part of the Carl Schroeter Group, and our services. It is important to us to assure you that we respect your privacy and are committed to the comprehensive protection of your personal data. It therefore goes without saying that we comply with the provisions of the EU General Data Protection Regulation (GDPR) and other relevant data protection laws. Read on if you would like to learn more about our data protection principles:
This data protection declaration regulates the collection, processing, and usage (all referred to in the following only as "processing") of your personal data that may have become available to us when using our website and/or our application or if you contact us regarding the initiation or conduct of a contract or simply for information. We handle your data in strict compliance with the relevant data protection laws and the following principles.
We comply with these principles in accordance with Art. 5 GDPR. Your data may only be processed with the appropriate security for set purposes, with the necessary minimum and to keep it up to date, and is only saved for the set purpose of collection.
1. Extent of processing of personal data
Your data may only be processed with the appropriate security for their set purposes, reduced to a necessary minimum, kept up to date, and only saved for the set purpose of collection. In principle, we only collect and process the personal data of users if it is necessary to handle them in our contracts. After executing our contracts, we only process your data after you have given your consent. There are exceptions, e.g. if obtaining consent was not possible due to factual reasons or the processing of the data is permitted by legal provisions.
2. Legal basis for the processing of personal data
Art. 6(1)(a) GDPR is the legal basis if we obtain consent for the processing operations of personal data.
Art. 6(1)(b) GDPR is the legal basis when processing personal data that is needed to handle or fulfil contracts, and when the contracting party is the affected person.
This also applies to processing operations needed for pre-contractual measures.
Art. 6(1)(c) GDPR is the legal basis when processing personal data that is necessary to fulfil legal duties, to which our company is subjected.
If the processing is necessary to ensure a rightful interest of our company or a third party and if the freedoms, rights and interests of the affected person do not override this rightful interest, Art. 6(1) GDPR is the legal basis for the processing.
3. Right to erasure ('right to be forgotten') and storage periods
As soon as the storage purpose lapses, all personal data will be deleted or locked. The storage may be extended if a European or national legislator, in accordance with European Union regulations, laws or other provisions to which the affected person is subjected, intended this. The data may be deleted or locked if the storage period lapses. If the data is needed for the conclusion or performance of contract, it may be stored longer.
4. Processing data in accordance with performing transport and logistical services
For performing transport and logistical services, the a. hartrodt group may need to process personal data. The processing of personal data may be necessary before concluding a contract (e.g. to create an offer) and while performing the contract.
The processing of personal and business contact data (e.g. surname, first name, company, physical address, e-mail address, phone number and/or fax number) that are indispensable to performing our services may include the following data categories. In individual cases, the processing of further data categories may be needed, for example:
- Shipping and transport information, e.g:
- Shipping contact details of carriers and consignees, their physical address, e-mail address and telephone number,
- Signature of the acknowledgement of receipt,
- Account data,
- Claims information and
- Further information that will make it easier for us to provide our services and information that will be communicated to us regarding the risks to be insured, but only insofar as this relates to personal data.
- Information that enables us to verify the identity of a person.
- The name, email address and telephone number of a third party if we are asked to provide that third party with information regarding an insurance benefit or other service.
- Payment Information and Financial Data (e.g., Account Details)
- Tax information to the extent that you make use of services for which the processing of tax data is required.
- Other personal data provided to us by you or third parties in the course of the provision of our services
If you transfer personal data to us, please ensure their accuracy and relevance, and that it is needed for the initiation and provision of the business relation. Especially if you transfer data concerning a third person, you are legally bound to consider the general data protection principles
As part of the procurement of insurance cover, the settlement of claims under an insurance contract or recourse against a party liable for a claim, we may process address information. Such information to locate an address may also include GPS data, geocodes, latitude/longitude and graphical representations.
In individual cases, we transfer personal data to a country other than the country in which the data was collected. Data is primarily transferred for the purpose of providing our services, for example to other companies of the Carl Schroeter Group or other companies affiliated with us. Please note that Carl Schroeter GmbH & Co. KG cooperates with numerous partners in order to offer you the best possible service (e.g. hiring experts). This may also make the transmission of personal information necessary within the scope of what is legally permissible.
The countries to which we transfer data may have data protection laws that differ from the standards of the legal system under which you transferred the data to us. If we transfer data to other states, we will protect your data in accordance with this data protection declaration and in compliance with the applicable legal requirements.
In the event of the transfer of personal data between jurisdictions whose levels of protection differ, we will comply with the stricter legal requirements. We apply specific contracts for the protection of personal data (e.g. the model contracts of the EU Commission for the transfer of data in third countries), and we regularly work together with our partners and contractors to ensure compliance with all applicable legal requirements.
Further information regarding the data that may be collected during the installation or use of our web site is provided on an "as is" basis.site or our web applications, please refer to the relevant section of this data protection declaration.
You can find further information regarding the processed data when using our website or installing our apps in the respective chapters on data protection declaration.
IV. Providing the website and creating log files
1. Description and extent of data processing
Our system automatically collects data and information about computers accessing our website. The following data is collected:
- Information about the browser and the used version
- The operating system of the user
- The internet service provider of the user
- The IP-address of the user
- Date and Time of access
- Websites that the user's system enters through our website
This data is also stored in the log files of our system. We do not store this data together with the personal data of the user.
2. Legal basis for the data processing
Art. 6(1)(f) GDPR is the legal basis for the temporary storage of data in the log files.
3. Purpose of data processing
It is necessary for our system to temporarily save the IP address so as to deliver our website to the user's computer. Therefore, the IP address of the user has to be stored for the entire time of access. It is stored in the log files to ensure the functionality of the website.
In addition, this data helps optimise our website and ensures the safety of our information technology systems. An evaluation of the data due to marketing purposes does not take place in this context. Our rightful interest in data processing in accordance with Art. 6(2)(f) GDPR lies in the purpose for which we use them.
4. Duration of storage
The data is deleted as soon as it does not anymore serve the purpose for which it was collected. When collecting data to display on the website, the purpose is no longer served when the session is terminated. Storing data in log files happens after seven days. The data can no longer be stored. In this case, the IP addresses of the users are deleted or distorted, such that you cannot associate it to the accessing client anymore.
5. The possibility to oppose and remove
The collection and storage of data in the log files are mandatory for the smooth operation of the website. Therefore, the user cannot oppose it.
V. Usage of cookies
1. Description and extent of data processing
The following data may be transmitted as described above:
- Entered search terms
- Frequency of page views
- Usage of website functions
The user's data that are collected this way are pseudonymised through technical provisions. Therefore, you cannot associate the collected data to the accessing user. The data is not stored together with the other personal data of the user.
When accessing our website, the user is informed on the usage of cookies for analytical purposes by an information banner. The user is also informed about the data protection declaration in this context.
2. Legal basis for data processing
Art. 6(1)(f) GDPR is the legal basis for processing personal data by using technically necessary cookies. Art. 6(1)(a) GDPR is the legal basis for processing personal data by using cookies for analytical purposes after having received consent from the user.
3. Purpose of data processing
The purpose of analysing cookies is to improve the quality of our website and its contents. By using these cookies, we learn how our website is used and are able to optimise our range. Our rightful interest in processing personal data in accordance with Art.6 (1)(f) GDPR lies in the purpose for which we use them.
4. Storage duration, possibility to refuse and remove
Cookies are stored on the computer of the user and are transmitted from it to our website. This is why you as a user are in full control of the usage of cookies. By changing the preferences in your internet browser, you can restrict or deactivate the usage of cookies. Stored cookies can be deleted at any time. This may also happen automatically. But when you deactivate the usage of cookies for our website or any other for that matter, it is possible that you cannot use all its functions to their full extent.
1. Description and extent of data processing
We offer users the possibility to register on our website by entering their personal data. This data is entered into the input mask, transmitted to us and stored. The data is not transmitted to third parties.
The following data is collected as part of the registration process:
- First name
- E-mail address
- Telephone number
- Time zone
When registering, the following data is stored:
- The IP address of the user
- Date and time of registration
During the registration process, the user has to consent to the collection of data.
2. Legal basis for data processing
Art. 6(1)(a) GDPR is the legal basis for data processing after the user has given his/her consent. Art. 6(1)(b) GDPR is the additional legal basis if the registration concerns the completion of a contract and the user is a contracting partner, or if the registration is about the conduct of pre-contractual measures.
3. Purpose of data processing
The registration of a user is mandatory for having access to certain contents and services on our website.
The user’s registration is necessary for completing a contract (Track & Trace) with the user or to conduct pre-contractual measures.
4. Storage time
The data will be deleted as soon as it does not serve its purpose anymore.
This is the case for the data collected during the registration process if the registration on our website is cancelled or changed.
This is the case for data collected during the registration process in order to complete a contract or to conduct pre-contractual measures, if the data is no longer needed to conduct the contract.
Even after completing the contract, it may be necessary to store personal data of the contracting partner to fulfil contractual or legal requirements.
5. Possibility to refuse and remove
You as a user always have the possibility to cancel your registration.
You can always change your stored data.
For example, there are two possibilities for cancelling the newsletter. You can either cancel the subscription on our website or when you receive the newsletter. Regarding the other tools, please contact the respective person responsible.
If the data is necessary to complete a contract or to conduct pre-contractual measures, it may only be deleted prematurely if such deletion is not opposed to any contractual or legal obligations.
VII. Rights of the data subject
If your personal data is processed, you are the affected person in accordance with the GDPR, and you have the following rights:
1. Right to information
- You can request a confirmation from the person responsible on whether personal data concerning you are processed. If your personal data are processed, you can request information about the following topics:
- For what purpose is your personal data processed;
- The categories of personal data that is processed;
- The recipients or the categories of recipients your personal data are disclosed to or will be disclosed to;
- The planned duration of storage of your personal data or if this is not possible, the criteria for the duration of storage;
- The existence of the right to correct or delete your personal data, the right to restrict processing by the person responsible or the right to object to the processing;
- The existence of the right to appeal to a supervisory authority;
- All available information about the origin of the personal data if it is not collected from the affected person;
- The existence of an automated decision-making process including profiling in accordance with Art. 22(1) and (4) GDPR and - at least in these cases – significant information about the logic involved as well as the consequence and desired effects of this processing for the affected person.
You have the right to request information on whether your personal information is transmitted to a third party or an international organisation. In this context, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR regarding the transmission.
2. Right to rectification
You have the right to rectification and/or completion with respect to the person responsible if your processed personal data is incomplete or incorrect. The person responsible has to rectify and/or complete the personal data immediately.
3. Right to restrict the processing
You can request to restrict the processing of your personal data under the following conditions:
- If you deny the correctness of your personal data for a period of time that allows the person responsible to review the data;
- If the processing is unlawful and you object to the deletion of your personal data, and you want to restrict the usage of your personal data;
- If the person responsible no longer requires your personal data for the purpose of processing, but only for the assertion, exertion and defence of legal claims or;
- If you oppose the processing in accordance with Art 21(1) GDPR, and it is to be decided whether the justifications by the person responsible outweigh yours.
If the processing of your personal data is restricted, the data may only be processed with your consent. Exceptions concern its storage, if it is used for asserting, exerting, or defending legal claims, to protect the rights of another natural or legal person or for reasons of public interest to the European Union or a member state.
If the processing is restricted by the above mentioned conditions, you will be informed by the person responsible before the restriction is lifted.
4. Right to erasure (‘right to be forgotten’)
a. Obligation to delete
You can request the person responsible to delete your personal data immediately. The person responsible is obliged to immediately delete your personal data if one of the following conditions is met:
- Your personal data is not necessary anymore for the purpose it was collected or processed.
- You revoke your consent to the processing in accordance with Art 6 (1(a)) or Art 9(2)(a) GDPR, and there is no other legal basis for the processing.
- You file an objection in accordance with Art. 21(1) GDPR against the processing and there are no overriding, justifiable reasons; or, you file an objection in accordance with Art. 21(2) GDPR against the processing.
- Your personal data were processed illegally.
- The deletion of your personal data is needed to fulfil a legal obligation in accordance with the rights of the European Union or a member state, to which the person responsible is subjected.
- Your personal data was collected in relation to the offered services of the information company in accordance with Art. 8(1) GDRP.
b. Information transfer to third parties
If the person responsible has published your personal data and is obligated to delete them in accordance with Art 17(1) GDPR, he/she has to take measures, including technical ones, to inform the one in charge of processing the personal data that you as the affected person request the deletion of all links to this personal data or any copies or replications thereof.
The right to deletion is considered null and void if the processing is necessary:
- to exercise the right to free speech and information;
- to fulfil a legal obligation that requires data processing in accordance with the law of the European Union or member state(s) to which the person responsible is subjected, or to perform a task of public interest; or the exercise of official authority that has been transferred to the person responsible;
- for reasons of public interest or public health in accordance with Art 9(2)(h) & (i), as well as Art 9(3) GDPR;
- for archiving purposes of public interest, scientific or historical research purposes or for state purposes in accordance with Art. 89(1) GDPR, as long as the right stated in a) makes the completion of the goals prospectively impossible or seriously affects these goals; or
- to assert, exert and defend against legal claims.
5. Right of access by the data subject
If you assert your right to rectification, deletion or restriction of processing towards the person responsible, he/she is obligated to inform all recipients of your personal data about the need for rectification, deletion or restriction. Exceptions are made where it is not possible to contact the recipient or if it requires a disproportionate expense. You have the right to be informed about those recipients.
6. Right to data portability
You have the right to receive the personal data that you provided to the person responsible in a structured, common, and machine-readable format.
In addition, you have the right to transmit your personal data to another responsible person without hindrance by the person responsible to whom you first provided the data, if
- The processing is based on consent in accordance with Art 6(1)(a) GDPR or Art. 9(2)(a), or is based on a contract in accordance with Art. 6(1)(b) GDPR, and
- The data is processed by means of automated methods.
When exerting this right, you also have the right for your personal data to be sent directly from one responsible person to another, if that is technically feasible. The freedoms and rights of other persons must not be affected by this. The right to data portability does not affect personal data that is necessary to perform a task of public interest or to exercise official authorities transferred to the person responsible.
7. Right to object
You have the right to file an objection against the processing of your personal data in accordance with Art. 6(1)(e) or (f) GDPR due to your special situation. This is also valid for profiling in accordance with these regulations.
The person responsible cannot process your personal data anymore, unless he/she can find compelling and legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing is necessary to assert, exert or defend legal claims.
If your personal data is processed for direct advertising, you have the right to object to the processing of your personal data. This is also valid for profiling that is connected to direct marketing.
If you object to processing done for the purpose of direct marketing, your personal data will not be processed for this purpose.
You have the possibility to exercise your right to objection associated with the usage of services provided by the information company – notwithstanding regulation 2002/58/EU – with the help of automated processes using technical specifications.
8. Right to withdrawal of data protection declaration of consent
You have the right to withdraw your data protection declaration of consent. By withdrawing your consent, the legitimacy of processing before such withdrawal is not affected.
9. Automated decision in individual cases including profiling
You have the right not to be subject to an automated decision – including profiling – that becomes legally effective towards you or seriously affects you in any other way. This is not valid, if the decision:
- Is necessary for the completion of a contract between you and the person responsible;
- Is allowed by legal regulations of the European Union or member states, to which the person responsible is subjected, and if these legal regulations include appropriate measures to preserve your rights and freedoms as well as your rightful interests.
- is based on your explicit consent.
However, these decisions may not be based on special categories of personal data according to Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR is applied and appropriate measures taken to protect your rights, freedoms and rightful interests.
Regarding this cases, the responsible person has to take appropriate measures, to protect the rights and freedoms, and your rightful interests. This includes at least the right to request an intervention by someone on the part of the responsible person, to explain your own position, and to contest the decision.
10. Notification of a personal data breach to the supervisory authority
Untouched by any administrative or legal remedy, you have the right to complain to a supervisory authority, especially in the member state where you reside, work, or where the alleged breach has taken place. You may complain if you are of the opinion that the processing of personal data affecting you violates the GDPR. The supervisory authority informs the complainant about the state and results of the complaint, including the possibility of a judicial remedy according to Art. 78 GDPR.
VIII. Zugriff Dritter auf Ihre personenbezogenen Daten
The collection, processing and usage of personal data are performed by us and – where they are not explicitly excluded – by other companies of the Carl Schroeter group or by commissioned external service providers that are contractually and legally bound to data protection. In the two last-mentioned cases, we will ensure that the group companies and external service providers follow the relevant legal data protection regulations and comply with this data protection declaration. We orient ourselves under the legal requirements of the EU GDPR, if there are no overriding, stricter legal requirements applicable.
Furthermore, no third parties have access to your personal data. We will neither sell this data nor utilise it in any other way. We will only transfer your data to the competent authorities on behalf of administrative or legal orders or to fulfil or report any obligation. This is also valid for the case of a juridical order. In the case of a legal, administrative, or juridical reporting obligation, we will review whether the transfer is lawful according to the principles of the EU GDPR and/or the applicable national laws, and if necessary take legal action.
We have taken technical and organisational measures to protect your personal data against loss, change, theft or unauthorised access by third parties. Our IT systems are set up so that the Carl Schroeter GmbH & Co KG complies with the requirements of Art 32ff. of the EU GDPR.
X. Children and minors
Knowingly, we do not process the personal data of minors under 16 years of age as long as we are not legally bound to do so. Should we be notified that we have received such information without any legal obligation or the consent of their parents or guardians, we will delete the data immediately.
XI. Deleting and blocking
We will delete your personal data if and when their business purpose ceases to exist or if we are bound to do so by relevant legal data protection regulations. In the case of consent, we will delete your personal data after having received your objection or after the purpose of your consent (Digit 2) ceases to exist.
If you wish, we will block your personal data either partially or completely unless this harms an overriding legal interest in the processing of data at the Carl Schroeter GmbH & Co. KG. To do so, please let us know the extent to which and for which time span you wish to block your data. If technically feasible, you can exclude your personal data from being processed in certain fields.
The website of the Carl Schroeter GmbH & Co. KG may contain hyperlinks and electronic cross references to third-party websites. Since the Carl Schroeter GmbH & Co. KG is not responsible for the contents and conformity of these third-party websites to relevant regulations, we recommend taking a closer look at the data protection declaration of these websites.