Skip to content

Data Protection Policy

We are very pleased about your interest in our company. Data protection is very important to the management of SCHIFFL IT Service GmbH.

The purpose of this Data Protection Policy is to explain the data we collect during your visit about you and your use of our websites. What do we do with your data generated through use of our website?

1. Definitions

The Data Protection Policy of SCHIFFL IT Service GmbH is based on the terms used by the European body that issues directives and regulations in its General Data Protection Regulation (GDPR). Our Data Protection Policy is intended to be easy to read and understand for the general public, and for our clients and business partners as well. To help ensure this, we’d like to explain the terminology used in advance.

The terms we use in this Data Protection Policy include the following:

  • Personal data
    ‘Personal data’ refers to all information relating to an identified or identifiable natural person (hereinafter referred to as the ‘data subject’). A natural person is deemed identifiable if he or she can be identified, directly or indirectly, in particular through assignment of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of said natural person.
  • Data subject
    A data subject is any identified or identifiable person whose personal data are processed by the controller in charge of the processing.
  • Processing
    ‘Processing’ is taken to denote any operation or set of operations performed on personal data, whether or not by automated means. These operations can include the collection, recording, organisation, structuring, storage, adaptation or alteration, reading-out, retrieval, use, disclosure by transmission, dissemination or any other rendering-available, alignment or combination, restriction, erasure or destruction of personal data.
  • Profiling
    ‘Profiling’ refers to any form of automated processing of personal data consisting of the use of these personal data to assess certain personal aspects relating to a natural person, and specifically to analyse or predict aspects relative to that natural person’s performance at work, economic situation, health, personal preferences,interests, dependability, behaviour, location or movements.
  • Controller or party responsible for processing
    The controller or party responsible for processing is the natural or legal person, public authority, agency or any other body which, acting alone or jointly with others, determines the purposes for, and the means of, the processing of personal data. Where the purposes and means of such processing are laid down by the laws of the European Union, or by the laws of the Member States, provision can be made with regard to the identity of the controller or the criteria governing the controller’s designation under European Union law or the laws of the Member States.
  • Processor
    A processor is a natural or legal person, public authority, agency or other body that processes personal data on the controller’s behalf.
  • Consent
    Consent by the data subject is any freely given, specific, informed and unambiguous expression of the data subject’s wishes by which he or she, in the form of a statement or some other clear, affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Controller and Data Protection Officer

The controller for the purposes of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a character relevant to data protection is the following:

SCHIFFL IT Service GmbH
Leverkusenstraße 54
22761 Hamburg
Deutschland

Tel.: +494042938100
e-mail: info@schiffl.de
URL: www.schiffl.de

You can reach our Data Protection Officer, Mr Roppiler, at datenschutz@schiffl.de

Data subjects are welcome to contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.

3. Technical organisational measures

Throughout our offer, we use the latest SSL security standard (256-bit Secure Socket Layers). Your data are encrypted directly during transmission, and all data protection-relevant information – name, address and other information – is transmitted in encrypted form.

4. The data collected when accessing this website

Server log files

Whenever our website is visited, the web server automatically collects the following data:

  • the browser type and versions used
  • the operating system used by the accessing system
  • the website from which an accessing system reaches our website (known as the ‘referrer’)
  • the subpages on our website that are accessed through an accessing system
  • the date and time the website is accessed
  • the ‘Internet protocol’ address (IP address)
  • the Internet service provider of the accessing system

The purpose for collecting these data is

  • to help us deliver the contents of our website correctly
  • to optimise the contents of our website and the advertising for it
  • to keep our IT systems and website technology functioning at all times
  • to provide law-enforcement authorities with the information they need to enforce the law in the event of cyberattack.

With this purpose in mind, SCHIFFL IT Service GmbH statistically evaluates the anonymously collected data and information with the aim of improving data protection and data security in our company, ultimately to ensure optimum protection for the personal data we process. The anonymous data in the server log files are stored separately from all the personal data a data subject provides.

Our legitimate interests pursuant to Art. 6 (1) (f) GDPR form the legal basis for the automated collection of data of persons who access our website.


Cookies

The SCHIFFL IT Service GmbH website uses cookies. Cookies are text files that are placed and stored on a computer system via an Internet browser.

Cookies contain a so-called ‘cookie ID’ that is used to uniquely identify the cookie. It consists of a string of characters that can be used to assign websites and servers to the specific Internet browser in which the cookie was stored. This makes it possible to distinguish the websites and servers, and the data subject’s individual browser, from other Internet browsers containing other cookies. A particular Internet browser can be recognised and identified through its unique cookie ID.

The data subject can prevent our website from setting cookies at any time through an appropriate setting of the Internet browser used, thereby permanently objecting to the storage of cookies. Any cookies already stored can also be deleted at any time using a web browser or other software programs. This can be done using any conventional Internet browser. If the data subject deactivates cookie storage in his or her Internet browser, some of our website’s functions may not be fully usable.

The cookies we use are ‘strictly necessary cookies’ or ‘functional cookies’. Strictly necessary cookies are required to operate our websites. They are deleted when the website or Internet browser is closed.

The functional cookie is only used to store your decision to accept cookies. This is why the cookie notice will not appear the next time you visit our website.

We do not use cookies for analysis or target group-oriented advertising.

Our legitimate interests pursuant to Art. 6 (1) (f) GDPR form the legal basis for placing cookies on the computers of visitors to our website.


Use of Google Analytics

We use Google Analytics to analyse website usage. We use the data obtained in this way to improve our website and advertising.

Google Analytics is a web-analytics service operated and provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States). Google processes website-usage data on our behalf and has a contractual obligation to take steps to ensure the confidentiality of the data processed.

The following data are recorded during your website visit:

  • Pages accessed
  • Orders, including the revenue amount and products ordered
  • Achievement of ‘website targets’ (e.g., contact requests and registration for newsletters)
  • Your behaviour when visiting the pages (e.g., clicks, scrolling behaviour and dwelltime)
  • Your approximate location (country and city)
  • Your IP address (in truncated form to prevent clear assignment)
  • Technical information such as browser, Internet provider, device and monitor resolution
  • The original source of your visit (i.e. the website or promotional material through

These data are transmitted to a Google server in the USA.

Google Analytics stores cookies in your web browser for a period of two years from your last visit. These cookies contain a randomly generated user ID that identifies you during subsequent visits to the website.

The data recorded are saved together with the randomly generated user ID; this permits evaluation of pseudonymous user profiles. These user-related data are automatically deleted after 14 months. Other data are stored indefinitely in aggregated form.

If you do not consent to this recording, you can prevent it through one-off installation of the browser add-on that deactivates Google Analytics or by rejecting cookies using our dialogue for cookie settings. (Source: traffic3.net)


Google Tag Manager

We use the tag management system "Google Tag Manager (GTM)" provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") on our website to manage JavaScript and HTML tags for tracking and analytics with our own and third-party software. Tags are small code elements that help us, among other things, measure traffic and visitor behavior, understand the effectiveness of our advertising, set up remarketing and audience targeting, and test and optimize our website. GTM serves only as a utility that facilitates the integration and management of our tags through an interface. GTM only implements tags, which means it does not set its own cookies (in an empty state) and does not collect personal data itself. It triggers other tags that in turn may collect personal data. However, GTM does not have access to this data.

If a deactivation has been carried out at the domain or cookie level, it remains in effect for all tracking tags, provided these are implemented with the Google Tag Manager. These processing operations are carried out only with the explicit consent in accordance with Art. 6 (1) (a) GDPR.

Further information about the Google Tag Manager and Google’s Privacy Policy can be found at https://policies.google.com/privacy?hl=en and at https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/


LinkedIn Insight Tag

Our website uses the conversion tool "LinkedIn Insight Tag" from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser that allows the following data to be collected: URL, referrer URL, IP address, device and browser properties (user agent) as well as timestamps and page events (e.g. page views). IP addresses are shortened or (if used to reach members across devices) hashed. Members' direct identifiers are removed within seven days to pseudonymize the data. This remaining pseudonymized data is then deleted within 90 days.

LinkedIn does not share personal data with SCHIFFL but offers anonymized reports on website audience and ad performance. In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. SCHIFFL can use this data to display targeted advertising outside its website without identifying you as a website visitor. You can find more information on data protection at LinkedIn in the LinkedIn data protection information.

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To deactivate the Insight tag on our website ("opt-out"), click here.


Use of SalesViewer® Technology

On this website, data is collected and stored for marketing, market research, and optimization purposes using SalesViewer® technology from SalesViewer® GmbH, based on the legitimate interests of the website operator (Art. 6 (1) (f) GDPR).

For this purpose, a JavaScript-based code is used to collect company-related data and corresponding usage information. The data collected using this technology is encrypted using a non-reversible one-way function (so-called hashing). The data is immediately pseudonymized and not used to personally identify visitors to this website.

The data stored within the context of SalesViewer will be deleted as long as it is no longer necessary for its intended purpose and there are no legal retention obligations that prevent its deletion.

You can object to the data collection and storage at any time with effect for the future by clicking this link https://www.salesviewer.com/opt-out to prevent future data collection by SalesViewer® on this website. This will place an opt-out cookie for this website on your device. If you delete your cookies in this browser, you will need to click this link again.


Contacting us through our website

Due to legal regulations, the SCHIFFL IT Service GmbH website contains information that permits rapid electronic contact with our company as well as direct communication with us; this also includes a general electronic mail (‘e-mail’) address. If a data subject contacts the controller responsible for processing by e-mail or via a contact form, any personal data the data subject transmits are stored automatically. Such personal data voluntarily transmitted by a data subject to the controller responsible for processing are stored for the purpose of processing or of contacting the data subject.

In the case of e-mails sent to apply for a vacancy, your data will be forwarded to the Personio company. Compliance with the requirements of data protection is governed by an order processing agreement.

These personal data will not be forwarded to third-party recipients for any other e-mails sent to us.


Duration of storage of personal data collected through the website

Server log files are stored for a maximum of 30 days. Data for job candidates will be deleted after a maximum of 6 months if the candidate is not hired. Functional cookies are deleted automatically after one year at the latest.

5. Your rights

The General Data Protection Regulation (GDPR) gives you various rights regarding your data, which we explain here.


Art. 15 GDPR: Right to information of the data subject

You have the right to obtain information about the personal data we have stored about you.


Art. 16 GDPR: Right of rectification

If the data concerning you are incorrect or incomplete, you have the right to request the rectification of incorrect information or the completion of incomplete information.


Art. 17 GDPR: Right to erasure

Subject to the conditions of Art. 17 GDPR, you may request the erasure of your personal data. Your right to erasure depends, among other things, on whether we still need the data concerning you to meet our legal or contractual obligations.


Art. 18 GDPR: Right to restrict processing

Subject to the conditions of Art. 18 GDPR, you may request restriction of the processing of personal data concerning you.


Art. 21 GDPR: Right to object

You have the right, for reasons arising from your specific situation, to object to the processing of your personal data at any time.


Art. 7 (3) GDPR: Right to revoke consent

You have the right to rescind your consent to the processing of your personal data at any time. Revocation of consent will not affect the legality of processing undertaken on the basis of this consent prior to its revocation.


Art. 77 (1) GDPR: Right to Complain

You have the right to lodge a complaint with a supervisory authority regarding the processing of personal data by the data controller.

6. Data protection during the job-application process

We process our job advertisements and related applications via Personio GmbH, a company based in Germany. This company processes your data on our behalf. We thus remain the controller with respect to your data. As we use an SSL-encrypted connection to transmit your data to Personio, these data are not visible to third parties. All data are stored in a database. The basis for processing by Personio is an order processing agreement between us and Personio.

Only data that you provide to us are collected and processed.

The legal basis for data processing is the consent you grant us within the scope of your job application.

If we decide to choose another applicant, we will delete your data after 6 months in order to be able to respond in the event of any legal actions that may arise. If we would like to keep your data on hand longer, to have access to them in connection with a subsequent vacancy, we will solicit your consent in writing beforehand.

Only senior managers and HR staff will have access to your data.

7. Existence of automated decision-making

As a responsible company, we do not make use of automatic decision-making or profiling.

8. Newsletter

When subscribing to our company's newsletter, the data entered in the respective input form is transmitted to the data controller responsible for processing. The responsible parties can be the designated contact persons for the respective newsletter from the SCHIFFL group Holding GmbH & Co. KG corporate group, as well as its subsidiaries and affiliates. The registration for our newsletter follows a double opt-in procedure. This means that after registration, you will receive an email asking you to confirm your subscription. This confirmation is necessary to prevent anyone from subscribing with someone else's email address. During the newsletter registration, the user's IP address, as well as the date and time of registration, are stored. This serves to prevent misuse of the services or the email address of the data subject. The data will not be disclosed to third parties, except where there is a legal obligation to disclose. The data is used exclusively for sending the newsletter. The newsletter subscription can be canceled by the data subject at any time. Likewise, consent to the storage of personal data can be revoked at any time. For this purpose, a corresponding link can be found in each newsletter. The legal basis for processing the data after registration for the newsletter by the user is Article 6(1)(a) GDPR if the user has given consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7(3) of the German Unfair Competition Act (UWG).

1.1 Use of rapidmail

Description and Purpose: We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. Rapidmail is used to organize and analyze the sending of newsletters, among other things. The data you enter for the purpose of receiving the newsletter is stored on rapidmail’s servers in Germany. If you do not want analysis to be conducted by rapidmail, you must unsubscribe from the newsletter. We provide a corresponding link for this purpose in every newsletter message. For analysis purposes, emails sent with rapidmail contain a so-called tracking pixel, which connects to rapidmail's servers when the email is opened. This allows us to determine whether a newsletter message has been opened. Additionally, we can use rapidmail to find out which links in the newsletter message are clicked. Links in the email can optionally be set as tracking links, allowing your clicks to be counted.

Legal Basis: The legal basis for data processing is Article 6 (1) (a) GDPR.

Recipients: The recipient of the data is rapidmail GmbH.

Transfer to Third Countries: Data is not transferred to third countries.

Duration: The data you have stored with us for the purpose of the newsletter as part of your consent will be stored by us until you unsubscribe from the newsletter. After which it will be deleted from both our servers and rapidmail's servers. Data stored with us for other purposes (e.g., email addresses for the members’ area) remain unaffected by this.

Right to Withdraw: You have the option to withdraw your consent to data processing at any time with effect for the future. The legality of data processing operations that have already taken place remains unaffected by the withdrawal.

Further Data Protection Information: For more details, please refer to rapidmail's data security information at: https://www.rapidmail.de/datensicherheit. More information on rapidmail's analysis functions can be found at the following link: https://www.rapidmail.de/wissen-und-hilfe.

Disclaimer

Conditions of Use

1. Scope
These Conditions of Use shall apply to every use of our website. All of the information and statements provided on our web pages shall be non-binding. SCHIFFL IT Service GmbH does not guarantee the accuracy or completeness of any information contained therein; specifically, these web pages shall not be deemed to establish any warranties, representa- tions of certain product characteristics or other legal claims. Any errors of content will of course be corrected immediately when discovered. As we do not constantly monitor the information contained in other websites to which our web pages provide links, we cannot take responsibility for their content. Links to such sites, and to certain third-party products or services, are provided for the sake of convenience only and shall not be interpreted to constitute our consent to their content.

2. Data or software download
If data or software are made available for download on our website, SCHIFFL IT Service GmbH makes no assurances that these data or this software will be free from defects. SCHIFFL IT Service GmbH conducts a thorough review for the presence of viruses in all data and software available for download. It is nevertheless recommended to check down- loaded data or software once more for viruses using the latest virus-scanning software.

3. Copyright and other special rights
The content of this website is protected by copyright. Only a single copy of the information found on this website may be downloaded to a single computer for your personal, non- commercial internal use. For the remainder, any logos, graphics, copy, sounds or images found on this website may be copied, reproduced, modified, published, downloaded, sent, transmitted or put to any other use only with the prior written permission of SCHIFFL IT Service GmbH. Any product or company names mentioned may involve registered trade- marks or brands the unauthorised use of which may result in claims for injunctive relief and for damages.

4. Confidentiality and the protection of personal data
As the Internet is not a secure system, no assurances can be given that information or per- sonal data transmitted to us will be protected from coming to the attention of third parties during transmission. SCHIFFL IT Service GmbH commits not to disclose this information to third parties for promotional purposes. If other data or information is transmitted to SCHIFFL IT Service GmbH through this website for no specific purpose, you grant SCHIFFL IT Service GmbH the right to put these data or this information to commercial or non-commercial use, at its discretion, and specifically to reproduce, modify, transmit or publish it.

5. Liability
SCHIFFL IT Service GmbH accepts no liability for any damage caused by the use of this website or the downloading of data; specifically, SCHIFFL IT Service GmbH accepts no liability for direct or indirect consequential damage, loss of data, loss of profit, system fail- ure or loss of production. The above disclaimer shall not apply if the damage owes to non- accidental conduct or gross negligence, or if a material contractual obligation (cardinal ob- ligation) has been culpably breached.

6. Applicable law
The legal relationships established between you and SCHIFFL IT Service GmbH through the use of this website are subject to the laws of the Federal Republic of Germany, to the exclusion of the UN Convention on Contracts for the International Sale of Goods. Any legal disputes with registered traders arising due to use of this website shall be resolved before a competent Hamburg, Germany, court of law.