Your privacy is important to us. The principles relating to processing of personal data as set out in the General Data Protection Regulation (GDPR) – transparency, lawfulness, purpose limitation, accuracy and data minimisation – are also the standards we set for ourselves when handling your data. We are strongly committed to living up to the trust you place in us in this respect as well. That is why we protect your personal data against unauthorised access among other things.
The controller is:
Schäffer Maschinenfabrik Gesellschaft mit beschränkter Haftung (GmbH)
Auf den Thränen
Phone: +49 (0) 2943 9709-0
Fax: +49 (0) 2943 9709-50
Managing directors: Jürgen Jachalke, Siegfried Schäffer and Rüdiger Lohoff
Register No. HRB 5299 Paderborn Local Court
VAT ID: DE 811367639
I. General information:
1. Personal data
Personal data is information relating to an identified or identifiable natural person. This includes information about your identity such as your name, your e-mail address, or your postal address. Information that cannot be linked with your identity (such as statistical information used to count the number of website users) is not considered personal information, however.
There is no automated decision-making based on your personal data in relation to usage of our website.
2. Collection, processing and use of personal data when visiting our website
As the website operator, based on our legitimate interest (see Article 6(1)(f) of the GDPR), we collect data regarding access to this website and store such data as server log files on the website server. The following data are logged in this way:
- Website visited
- Time of access
- Volume of data sent (in bytes)
- Source/reference from which you accessed the site
- Browser used
- Operating system used
- IP address used
The server log files are automatically erased on a regular basis. Data are stored for security reasons, e.g. to facilitate investigation of misuse or malfunctions. If data must be collected for evidentiary purposes, they are excluded from erasure until matters have been finally resolved. These data are not merged with other data sources.
Your personal data are transmitted in encrypted form over the Internet. We use SSL (Secure Socket Layer) encryption for the data transmission.
3. Legal basis of data processing
Insofar as we obtain your consent to processing of your personal data, Article 6(1)(a) of the GDPR constitutes the legal basis for such data processing.
Insofar as we process your personal data because processing is necessary for the performance of a contract or under a quasi-contractual relationship with you, Article 6(1)(b) of the GDPR constitutes the legal basis for such data processing.
Insofar as we process your personal data because processing is necessary for compliance with a legal obligation, the lawfulness of data processing is based on Article 6(1)(c) of the GDPR.
Furthermore, Article 6(1)(f) of the GDPR may constitute the legal basis for data processing, if processing of your personal data is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by your interests or your fundamental rights and freedoms which require protection of personal data.
Cookies are small text files placed by your browser on your end device. The cookies are stored until you close your browser and may automatically store certain information again even if you have closed our website if you happen to visit our website again, for example. This applies to the contents of your shopping cart, for instance.
If you log into our webshop using your personal login data, you have the option of enabling the “stay logged in” feature. In this case, a cookie is placed on your computer which then identifies your computer again the next time you visit our site. If you log off again, then this cookie is deleted.
a) This website uses the following types of cookies, with their scope and function explained below:
- Transient cookies (see b)
b) Transient cookies are automatically deleted when you close the browser. They include, without being limited to, session cookies. Session cookies store what is known as a session ID, which is used to assign various requests from your browser to the one session. This allows your computer to be remembered when you return to our website. Session cookies are deleted when you log out or close the browser.
c) You can set-up your browser according to your preferences; for instance, you can refuse to accept third-party cookies or all cookies. Please be aware that in that case you may not be able to use all features of this site.
5. Rights of persons concerned
We are strongly committed to explaining how we process personal data and to informing you about your rights as transparently as possible. If you would like more detailed information or wish to exercise your rights, you may contact us at any time so that we can address your concerns.
You have extensive rights with respect to the processing of your personal data. First of all, you have an extensive right to information and under certain circumstances may demand correction and/or deletion or blocking of your personal data. You may also obtain restriction of processing and you have a right to object. You also have a right to data portability with a view to personal data that you have transmitted to us.
If you wish to assert any of your rights and/or would like more detailed information concerning these, please contact our data protection officer.
You may at any time revoke your consent with future effect. Withdrawal of consent does not affect the lawfulness of any processing performed on the basis of such consent given up until the withdrawal thereof. Our data protection officer is also your contact in this regard.
Insofar as the processing of your personal data is not based on consent given by you but on another legal basis, you may object to the data processing. Your objection will lead to a review and, if necessary, to termination of the data processing. You will be informed of the outcome of the review and – if the data processing is to be continued after all – you will receive further information from us on why the data processing is admissible.
We would like to point out here that we may still store personal data after a business relationship has ended. We can only erase personal data if no statutory retention periods prevent this. We can only meet any requests for erasure once the retention periods have expired. If you would like data to be erased during a retention period, we will block the personal data from use during the retention period and thereby not use it further.
6. Protection of minors
Children and young people under 18 years of age should not transfer any personal data to us without permission from their parents or guardians.
You will find links to offerings of other operators on our website. These links are indicated. We have no influence over the content of linked sites. Please check out any linked site to find out the data provisions which apply there if you wish.
We can be contacted in various ways, including via the contact form on our website.
If you wish to use the contact form on our website, we record the personal data you provide in the contact form for this, especially your first name, surname and email address. We also store the IP address and date and time of the request. We only process the data transferred via the contact form so that we can respond to your query or concern.
You can decide which information you transfer to us via the contact form. Your consent constitutes the legal basis for processing of your data pursuant to Article 6(1)(a) of the GDPR.
After we handle the matter, the data are initially stored in case there are any follow-up queries. A deletion of the data can be requested at any time. Otherwise, the data are erased after the matter has been fully dealt with; statutory retention obligations remain unaffected.
II. Integration of third-party providers
1. Integration of YouTube videos
Our website includes YouTube videos stored on http://www.youtube.com that can be played directly from our website. These are all embedded in “enhanced privacy mode”, i.e. no data about you as a user are transferred to YouTube if you do not play the videos. The data referred to in paragraph 2 are only transferred if you play the videos. We have no influence on this data transfer.
When you visit the website, YouTube is informed that you have accessed the corresponding page on our website. The data specified under Section I of this Policy are also transferred. This takes place regardless of whether or not YouTube provides a user account via which you are logged in or there is no user account. If you are logged into Google, these data are directly assigned to your account. If you do not wish to have these data assigned to your YouTube profile, you will need to log out before activating the button. YouTube stores your data as usage profiles and uses these for the purposes of advertising, market research and/or needs-based design of its website. In particular, such analysis is conducted (even for users that are not logged in) in order to provide appropriate advertising and inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles; please contact YouTube if you wish to exercise this.
III. Registration and use of Parts & Service
We provide spare parts lists as an interactive spare parts system via the Parts & Service online tool. As a dealer or importer of Schäffer loaders, you may use this tool to directly order spare parts and access available documentation. As an end customer, you can use the guest access to access the spare parts list for your machine.
You need to register to use the Parts & Service online tool. The registration form is available on our website. Once you have provided all of the necessary information, you can submit it to us electronically. We collect and store the following data for the registration:
- Your individual customer number
- Your company name
- Your complete address (company/customer address), including city, postcode, country
- Your telephone number
- The account user’s first name and surname
- The account user’s email address
- Optionally, the department in which the user works
This information enables us to contact you and to adjust and pre-select features of our service for customers. It also allows us to identify customers and their specific product-related requirements. Only then can we address customer needs. Therefore, these data are processed on the basis of your consent as well as the interests in question based on Article 6(1)(a) and (f) of the GDPR.
The data sets are erased when the service has been performed, unless they are retained for documentation or service purposes or on legal grounds. In particular, we retain the data for six months to allow us to provide fast, competent assistance if there are follow-up queries regarding the service history. This is the only way we can provide effective system-related advice. This is in the interest of our customers (Article 6(1)(f) of the GDPR).
You may view and amend your personal data at any time in the “User administration” section, provided you have created a personal profile on our website. You need your email address and a password that has been randomly generated or chosen by you to log in. If you have forgotten your password, you may request a new one by providing the email address we have stored and the postcode of the delivery address given by you. For security reasons, we recommend that you then replace this password with a password of your choosing.
a) Collection, storage and use of data
We use the registration data we have stored to determine the invoice address for orders from you. If the spare parts are to be sent to a different address, you can specify this during the order process. This delivery address can also be stored for future orders.
If you use a different delivery address, we collect and process the following data:
- The company name/name of the person to whom the delivery should be made
- The address of the recipient
- Optionally, the serial number of the machine for which a spare part is being ordered
Certain other data are collected and stored during the ordering process. These may be personal in nature, depending on the user. In particular, these are information regarding bank details with corresponding data such as IBAN, BIC or account number, bank sort code and account holder/credit card number. Please note that we collect the aforementioned data again if a different invoice address is used. We require the data specified in order to identify you, send you the products ordered and complete the purchase process, including payment. The legal basis for this is Article 6(1)(b) and (f) of the GDPR.
In relation to the order process as well, we only record data that are actually required for order processing. In that sense, you as the user decide for yourself which data to give to us. Only the data explicitly requested are required to process the order. Optionally, you may also transfer us personal data. We use the optionally transferred data to improve our offerings, increase service quality and for statistical purposes. The legal basis for this is Article 6(1)(b) and (f) of the GDPR.
We may also process the data you provide in order to inform you about other interesting products from our portfolio or send you emails with technical information. The legal basis for this is Article 6(1)(f) of the GDPR.
We are obliged under commercial and tax law to store your address, payment and order data for a period of ten years. However, we restrict processing after two years, i.e. your data are only used to comply with legal obligations.
The order process is encrypted using TLS technology in order to prevent unauthorised third-party access to your personal data, especially financial data.
The entry of personal data is always encrypted. We use SSL (Secure Socket Layer) encryption for this, with a key length of at least 128 bits. You can tell the transfer is encrypted by the https URL in your browser address bar and the key or closed padlock icon in the lower status bar or beside the address bar.
4. Disclosure of data to third parties
Data are expressly not disclosed to third parties for advertising or marketing purposes. Your personal data with respect to your address or order are only collected and processed for our own marketing purposes.
In order to assess creditworthiness, we source information on your payment history from the following credit agencies:
A credit assessment is only conducted under consideration of section 29 of the Federal Data Protection Act (BDSG) if we can credibly claim a legitimate interest in this. This would be the case if we were to first deliver and then receive payment later. In this case, we provide our service in advance. We list the payment methods used in this context as so-called subsequent payment methods. We reserve the right to restrict the possible payment methods for our own protection against bad debt due to negative creditworthiness.
We also submit data regarding non-fulfilment of contractual obligations to the aforementioned credit agencies. These then store and transfer the data in order to provide the pool customers querying them with information for assessing the creditworthiness of natural persons. In particular, address data may be transferred to companies that collect receivables as a matter of business in order to locate debtors. When supplying information, credit agencies may also provide their contracting parties with a probability value calculated from their pool of data for assessing the credit risk (scoring process).
Third parties are involved for creditworthiness assessment, in accordance with statutory requirements, insofar as this is necessary for the purposes of our legitimate interests and those of third parties and there is no reason to assume that such are overridden by your interests or fundamental rights and freedoms which require protection of personal data. The collection, storage and disclosure are therefore carried out for the purpose of fraud prevention based on Article 6(1)(1)(f) of the GDPR.
IV. Data protection contact
Lawyer Dr. Christoph Worms
c/o BRANDI Rechtsanwälte
Rathenaustraße 96, D-33102 Paderborn, Germany
Phone: +49 (0) 5251 7735-0
V. Right to lodge a complaint
You have the right to report suspected breaches of data protection provisions and to lodge a complaint regarding these with the relevant supervisory authority. Your complaint can be directed to:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
(North Rhine-Westphalia Commissioner for Data Protection and Freedom of Information)
Postfach 20 04 44
Phone: +49 (0) 211 38424-0
Fax: +49 (0) 211 38424-10
You may also contact the relevant authority in your member state, especially if you are not a German citizen, or:
Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
(Federal Commissioner for Data Protection and Freedom of Information)
Phone: +49 (0) 228 997799-0
Fax: +49 (0) 228 997799-5550