Skip to content

Data Protection Policy

We are very pleased about your interest in our company. Data protection is very important to the management of SCHIFFL IT Service GmbH.

The purpose of this Data Protection Policy is to explain the data we collect during your visit about you and your use of our websites. What do we do with your data generated through use of our website?

1. Definitions

The Data Protection Policy of SCHIFFL IT Service GmbH is based on the terms used by the European body that issues directives and regulations in its General Data Protection Regulation (GDPR). Our Data Protection Policy is intended to be easy to read and understand for the general public, and for our clients and business partners as well. To help ensure this, we’d like to explain the terminology used in advance.

The terms we use in this Data Protection Policy include the following:

  • Personal data
    ‘Personal data’ refers to all information relating to an identified or identifiable natural person (hereinafter referred to as the ‘data subject’). A natural person is deemed identifiable if he or she can be identified, directly or indirectly, in particular through assignment of an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of said natural person.
  • Data subject
    A data subject is any identified or identifiable person whose personal data are processed by the controller in charge of the processing.
  • Processing
    ‘Processing’ is taken to denote any operation or set of operations performed on personal data, whether or not by automated means. These operations can include the collection, recording, organisation, structuring, storage, adaptation or alteration, reading-out, retrieval, use, disclosure by transmission, dissemination or any other rendering-available, alignment or combination, restriction, erasure or destruction of personal data.
  • Profiling
    ‘Profiling’ refers to any form of automated processing of personal data consisting of the use of these personal data to assess certain personal aspects relating to a natural person, and specifically to analyse or predict aspects relative to that natural person’s performance at work, economic situation, health, personal preferences,interests, dependability, behaviour, location or movements.
  • Controller or party responsible for processing
    The controller or party responsible for processing is the natural or legal person, public authority, agency or any other body which, acting alone or jointly with others, determines the purposes for, and the means of, the processing of personal data. Where the purposes and means of such processing are laid down by the laws of the European Union, or by the laws of the Member States, provision can be made with regard to the identity of the controller or the criteria governing the controller’s designation under European Union law or the laws of the Member States.
  • Processor
    A processor is a natural or legal person, public authority, agency or other body that processes personal data on the controller’s behalf.
  • Consent
    Consent by the data subject is any freely given, specific, informed and unambiguous expression of the data subject’s wishes by which he or she, in the form of a statement or some other clear, affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Controller and Data Protection Officer

The controller for the purposes of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a character relevant to data protection is the following:

Leverkusenstraße 54
22761 Hamburg

Tel.: +494042938100

You can reach our Data Protection Officer, Mr Roppiler, at

Data subjects are welcome to contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.

3. Technical organisational measures

Throughout our offer, we use the latest SSL security standard (256-bit Secure Socket Layers). Your data are encrypted directly during transmission, and all data protection-relevant information – name, address and other information – is transmitted in encrypted form.

4. The data collected when accessing this website

Server log files

Whenever our website is visited, the web server automatically collects the following data:

  • the browser type and versions used
  • the operating system used by the accessing system
  • the website from which an accessing system reaches our website (known as the ‘referrer’)
  • the subpages on our website that are accessed through an accessing system
  • the date and time the website is accessed
  • the ‘Internet protocol’ address (IP address)
  • the Internet service provider of the accessing system

The purpose for collecting these data is

  • to help us deliver the contents of our website correctly
  • to optimise the contents of our website and the advertising for it
  • to keep our IT systems and website technology functioning at all times
  • to provide law-enforcement authorities with the information they need to enforce the law in the event of cyberattack.

With this purpose in mind, SCHIFFL IT Service GmbH statistically evaluates the anonymously collected data and information with the aim of improving data protection and data security in our company, ultimately to ensure optimum protection for the personal data we process. The anonymous data in the server log files are stored separately from all the personal data a data subject provides.

Our legitimate interests pursuant to Art. 6 (1) (f) GDPR form the legal basis for the automated collection of data of persons who access our website.


The SCHIFFL IT Service GmbH website uses cookies. Cookies are text files that are placed and stored on a computer system via an Internet browser.

Cookies contain a so-called ‘cookie ID’ that is used to uniquely identify the cookie. It consists of a string of characters that can be used to assign websites and servers to the specific Internet browser in which the cookie was stored. This makes it possible to distinguish the websites and servers, and the data subject’s individual browser, from other Internet browsers containing other cookies. A particular Internet browser can be recognised and identified through its unique cookie ID.

The data subject can prevent our website from setting cookies at any time through an appropriate setting of the Internet browser used, thereby permanently objecting to the storage of cookies. Any cookies already stored can also be deleted at any time using a web browser or other software programs. This can be done using any conventional Internet browser. If the data subject deactivates cookie storage in his or her Internet browser, some of our website’s functions may not be fully usable.

The cookies we use are ‘strictly necessary cookies’ or ‘functional cookies’. Strictly necessary cookies are required to operate our websites. They are deleted when the website or Internet browser is closed.

The functional cookie is only used to store your decision to accept cookies. This is why the cookie notice will not appear the next time you visit our website.

We do not use cookies for analysis or target group-oriented advertising.

Our legitimate interests pursuant to Art. 6 (1) (f) GDPR form the legal basis for placing cookies on the computers of visitors to our website.

Weiter zur Cookie Erklärung

Use of Google Analytics

We use Google Analytics to analyse website usage. We use the data obtained in this way to improve our website and advertising.

Google Analytics is a web-analytics service operated and provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, United States). Google processes website-usage data on our behalf and has a contractual obligation to take steps to ensure the confidentiality of the data processed.

The following data are recorded during your website visit:

  • Pages accessed
  • Orders, including the revenue amount and products ordered
  • Achievement of ‘website targets’ (e.g., contact requests and registration for newsletters)
  • Your behaviour when visiting the pages (e.g., clicks, scrolling behaviour and dwelltime)
  • Your approximate location (country and city)
  • Your IP address (in truncated form to prevent clear assignment)
  • Technical information such as browser, Internet provider, device and monitor resolution
  • The original source of your visit (i.e. the website or promotional material through

These data are transmitted to a Google server in the USA.

Google Analytics stores cookies in your web browser for a period of two years from your last visit. These cookies contain a randomly generated user ID that identifies you during subsequent visits to the website.

The data recorded are saved together with the randomly generated user ID; this permits evaluation of pseudonymous user profiles. These user-related data are automatically deleted after 14 months. Other data are stored indefinitely in aggregated form.

If you do not consent to this recording, you can prevent it through one-off installation of the browser add-on that deactivates Google Analytics or by rejecting cookies using our dialogue for cookie settings. (Source:

LinkedIn Insight Tag

Our website uses the conversion tool "LinkedIn Insight Tag" from LinkedIn Ireland Unlimited Company. This tool creates a cookie in your web browser that allows the following data to be collected: URL, referrer URL, IP address, device and browser properties (user agent) as well as timestamps and page events (e.g. page views). IP addresses are shortened or (if used to reach members across devices) hashed. Members' direct identifiers are removed within seven days to pseudonymize the data. This remaining pseudonymized data is then deleted within 90 days.

LinkedIn does not share personal data with SCHIFFL but offers anonymized reports on website audience and ad performance. In addition, LinkedIn offers the possibility of retargeting via the Insight Tag. SCHIFFL can use this data to display targeted advertising outside its website without identifying you as a website visitor. You can find more information on data protection at LinkedIn in the LinkedIn data protection information.

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To deactivate the Insight tag on our website ("opt-out"), click here.

Facebook Ads

We use the "Custom Audiences" function of Facebook Inc. on our website. ("Facebook", Facebook HQ - 1601 Willow Rd, Menlo Park, California 94025, USA). This function is used to display interest-based advertising to users of our website when they visit the social network Facebook. For this purpose, we have implemented the Facebook pixel on this website. Via this pixel, a connection to the Facebook servers is established when visiting our website. In the process, it is transmitted to Facebook that you have visited our website. Facebook associates this information with your Facebook account. The Facebook pixel enables us to measure, evaluate and optimize the effectiveness of Facebook ads for statistical and market research purposes. We only receive reports from Facebook in anonymized form, which means we do not receive any personal data of individual users. For more information on the collection and use of data by Facebook, as well as your rights in this regard and options for protecting your privacy, please refer to Facebook's privacy policy at You can revoke your consent to the use of the "Custom Audiences" function and the related use of the Facebook pixel at any time with future effect by following this link To do this, you must be logged in to Facebook. You have the option to prohibit Facebook as well as its partners from placing advertisements. You can edit the settings for Facebook ads at the following link: Alternatively, you can reject tracking via the cookie settings.

Contacting us through our website

Due to legal regulations, the SCHIFFL IT Service GmbH website contains information that permits rapid electronic contact with our company as well as direct communication with us; this also includes a general electronic mail (‘e-mail’) address. If a data subject contacts the controller responsible for processing by e-mail or via a contact form, any personal data the data subject transmits are stored automatically. Such personal data voluntarily transmitted by a data subject to the controller responsible for processing are stored for the purpose of processing or of contacting the data subject.

In the case of e-mails sent to apply for a vacancy, your data will be forwarded to the Personio company. Compliance with the requirements of data protection is governed by an order processing agreement.

These personal data will not be forwarded to third-party recipients for any other e-mails sent to us.

Duration of storage of personal data collected through the website

Server log files are stored for a maximum of 30 days. Data for job candidates will be deleted after a maximum of 6 months if the candidate is not hired. Functional cookies are deleted automatically after one year at the latest.

5. Your rights

The General Data Protection Regulation gives you a variety of rights with respect to your data; we would like to explain these rights to you here.

Art. 15 GDPR: Right to information of the data subject

You have the right to obtain information about the personal data we have stored about you.

Art. 16 GDPR: Right of rectification

If the data concerning you are incorrect or incomplete, you have the right to request the rectification of incorrect information or the completion of incomplete information.

Art. 17 GDPR: Right to erasure

Subject to the conditions of Art. 17 GDPR, you may request the erasure of your personal data. Your right to erasure depends, among other things, on whether we still need the data concerning you to meet our legal or contractual obligations.

Art. 18 GDPR: Right to restrict processing

Subject to the conditions of Art. 18 GDPR, you may request restriction of the processing of personal data concerning you.

Art. 21 GDPR: Right to object

You have the right, for reasons arising from your specific situation, to object to the processing of your personal data at any time.

Art. 7 (3) GDPR: Right to revoke consent

You have the right to rescind your consent to the processing of your personal data at any time. Revocation of consent will not affect the legality of processing undertaken on the basis of this consent prior to its revocation.

6. Data protection during the job-application process

We process our job advertisements and related applications via Personio GmbH, a company based in Germany. This company processes your data on our behalf. We thus remain the controller with respect to your data. As we use an SSL-encrypted connection to transmit your data to Personio, these data are not visible to third parties. All data are stored in a database. The basis for processing by Personio is an order processing agreement between us and Personio.

Only data that you provide to us are collected and processed.

The legal basis for data processing is the consent you grant us within the scope of your job application.

If we decide to choose another applicant, we will delete your data after 6 months in order to be able to respond in the event of any legal actions that may arise. If we would like to keep your data on hand longer, to have access to them in connection with a subsequent vacancy, we will solicit your consent in writing beforehand.

Only senior managers and HR staff will have access to your data.

7. Existence of automated decision-making

As a responsible company, we do not make use of automatic decision-making or profiling.


Conditions of Use

1. Scope
These Conditions of Use shall apply to every use of our website. All of the information and statements provided on our web pages shall be non-binding. SCHIFFL IT Service GmbH does not guarantee the accuracy or completeness of any information contained therein; specifically, these web pages shall not be deemed to establish any warranties, representa- tions of certain product characteristics or other legal claims. Any errors of content will of course be corrected immediately when discovered. As we do not constantly monitor the information contained in other websites to which our web pages provide links, we cannot take responsibility for their content. Links to such sites, and to certain third-party products or services, are provided for the sake of convenience only and shall not be interpreted to constitute our consent to their content.

2. Data or software download
If data or software are made available for download on our website, SCHIFFL IT Service GmbH makes no assurances that these data or this software will be free from defects. SCHIFFL IT Service GmbH conducts a thorough review for the presence of viruses in all data and software available for download. It is nevertheless recommended to check down- loaded data or software once more for viruses using the latest virus-scanning software.

3. Copyright and other special rights
The content of this website is protected by copyright. Only a single copy of the information found on this website may be downloaded to a single computer for your personal, non- commercial internal use. For the remainder, any logos, graphics, copy, sounds or images found on this website may be copied, reproduced, modified, published, downloaded, sent, transmitted or put to any other use only with the prior written permission of SCHIFFL IT Service GmbH. Any product or company names mentioned may involve registered trade- marks or brands the unauthorised use of which may result in claims for injunctive relief and for damages.

4. Confidentiality and the protection of personal data
As the Internet is not a secure system, no assurances can be given that information or per- sonal data transmitted to us will be protected from coming to the attention of third parties during transmission. SCHIFFL IT Service GmbH commits not to disclose this information to third parties for promotional purposes. If other data or information is transmitted to SCHIFFL IT Service GmbH through this website for no specific purpose, you grant SCHIFFL IT Service GmbH the right to put these data or this information to commercial or non-commercial use, at its discretion, and specifically to reproduce, modify, transmit or publish it.

5. Liability
SCHIFFL IT Service GmbH accepts no liability for any damage caused by the use of this website or the downloading of data; specifically, SCHIFFL IT Service GmbH accepts no liability for direct or indirect consequential damage, loss of data, loss of profit, system fail- ure or loss of production. The above disclaimer shall not apply if the damage owes to non- accidental conduct or gross negligence, or if a material contractual obligation (cardinal ob- ligation) has been culpably breached.

6. Applicable law
The legal relationships established between you and SCHIFFL IT Service GmbH through the use of this website are subject to the laws of the Federal Republic of Germany, to the exclusion of the UN Convention on Contracts for the International Sale of Goods. Any legal disputes with registered traders arising due to use of this website shall be resolved before a competent Hamburg, Germany, court of law.