Data protection

We are pleased about your visit to our website https://byschulz.com and the interest you show in our company. With the aim of offering you the highest possible degree of transparency, we inform you in the following about the nature, scope and purpose of the collection, processing and use of personal data that arise in the context of the use of our website. You can access the General Data Protection Regulation (hereinafter referred to as “GDPR”) as a complete document here.

Table of contents

1. Definitions of terms
2. Controller pursuant to Art. 4 No. 7 GDPR
3. Legal basis for processing
4. Storage of data / deletion of data
5. Disclosure of personal data
6. Collection of personal data
6.1. Exclusive informational use of our website
6.2. Contact via e-mail
6.3. Contact form
7. Cookies
8. Hosting
9. YouTube
10. Newsletter
10.1. Registration and confirmation (double opt-in procedure)
10.2. Unsubscription
10.3. Use of the program rapidmail
11. OpenStreetMap
12. Etracker analytics (webtracking)
13. Your rights
14. Right of objection
15. Data security

1. Definitions of terms

The following terms that we use within our privacy policy are defined within Art. 4 of the GDPR. This is only an excerpt from Art. 4 GDPR. You can view all definitions in the GDPR (available here).

  • Personal data (Art. 4 No. 1 GDPR)
    Personal data means any information relating to an identified or identifiable natural person (hereinafter “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Processing (Art. 4 No. 2 GDPR)
    Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Pseudonymization (Art. 4 No. 5 GDPR)
    Pseudonymization includes the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
  • Controller (Art. 4 No. 7 GDPR)
    The controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
    A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  • Third Party (Art. 4 No. 10 GDPR)
    A third party is a natural or legal person, public authority, agency or other body, other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
  • Consent (Art. 4 No. 11 GDPR)
    Consent of the data subject means any freely given indication of his or her wishes in an informed and unambiguous manner, in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.
  • Undertaking (Art. 4 No. 18 GDPR)
    An undertaking means a natural or legal person engaged in an economic activity, regardless of its legal form, including associations or partnerships regularly engaged in an economic activity.

2. Controller pursuant to Art. 4 No. 7 GDPR

by, schulz GmbH
Bühler Straße 121
D-66130 Saarbrücken
Germany
Phone : +49 (0)681 – 95 97 25 0
Fax : +49 (0)681 – 95 97 25 20
E-mail : info@byschulz.com
You can access our complete imprint here :
https://byschulz.com/imprint

3. Legal basis for processing

For each processing operation described in our privacy policy, we will inform you of the relevant legal basis on which the processing is carried out. A distinction is made here between the following groups of cases in which processing is lawful:
You have given us consent to process the personal data concerning you for one or more specific purposes (Art. 6 para. 1 s. 1 lit. a) GDPR).
There is a contract between you and us for the performance of which the processing is carried out or the processing is necessary for the performance of pre-contractual measures which are carried out at your request (Art. 6 para. 1 s. 1 lit. b) GDPR).
The fulfillment of a legal obligation to which we are subject requires the processing (Art. 6 para. 1 s. 1 lit. c) GDPR).
The protection of vital interests of you or another natural person require processing (Art. 6 para. 1 s. 1 lit. d) GDPR).
The performance of a task assigned to us in the public interest or the exercise of official authority require processing (Art. 6 para. 1 s. 1 lit. e) GDPR).
The necessity of processing to protect our legitimate interests or those of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, override (Art. 6 para. 1 s. 1 lit. e) GDPR).

4. Storage of data / deletion of data

Within the processing described in our privacy policy, we will inform you of the corresponding storage period or the times of deletion or blocking of data. If no explicit storage period is defined, the data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer exists.
Storage may take place beyond the defined periods if legal regulations to which we are subject (e.g. § 147 AO (Abgabenordnung), § 247 HGB (Handelsgesetzbuch)) stipulate a different storage period.
Following the storage period, the personal data will be deleted or blocked unless further storage is required by us on a legal basis. In addition, storage beyond the specified period is possible in the event of a (possible) legal dispute with you or other legal proceedings.

5. Disclosure of personal data

If your personal data is passed on, you will be informed accordingly at the relevant point in our data protection declaration. If your personal data is transferred outside the European Economic Area and thus to so-called third countries, you will be informed accordingly at the relevant point in our data protection declaration. In principle, we will only transfer personal data to third countries where an adequate level of protection has been confirmed by the EU Commission or where we can ensure the careful handling of personal data on the basis of contractual agreements or other suitable guarantees.

6. Collection of personal data

In the following, we will inform you about the collection of personal data (such as name, e-mail address, address or user behavior).

6.1. Exclusive informational use of our website

If you do not register on our website (for example, in the form of a newsletter) or otherwise transmit data to us (for example, by using a contact form), only those personal data are collected that are transmitted by your browser to our server. This is data that is technically necessary for us to provide you with the website for viewing while ensuring a secure and stable display. This is the following information, which is derived from a log file line :

Internet protocol address (IP address)
Time and date of the respective access
Time zone difference to Greenwich Mean Time (GMT)
The specific page accessed
Status of the access / Hypertext Transfer Protocol (http)
Amount of data that was transferred in each case
Website from which our website was accessed (referrer URL)
Internet browser used (incl. language and version)
Operating system used

The legal basis for the collection of the listed data results from Art. 6 para. 1 s. 1 lit. f) GDPR. We have a legitimate interest in ensuring an error-free connection and comfortable use of our website, as well as analysing system stability and security and using the data for further administrative purposes.

6.2. Contact via e-mail

If you contact us via the e-mail address provided in section 2 or other e-mail addresses of our company that are published on our website, we will store your e-mail address as well as other contact data within your e-mail (e.g. your name or your telephone number) in order to process your enquiry. This data is deleted immediately as soon as further storage is no longer necessary. If there are legal retention periods with regard to the data, the deletion of the data will be replaced by a corresponding restriction of the processing. Depending on the reason for sending the e-mail, the legal basis for processing the data is Art. 6 para. 1 s. 1 lit. f) GDPR or Art. 6 para. 1 s. 1 lit. f) GDPR, i.e. it is either used to process the contract concluded with you and to fulfill our (pre-)contractual obligations or is based on our legitimate interest in contacting people interested in our services.

6.3. Contact form

When contacting us via the contact form available on our website, the contact data you provide will be stored and processed by us in order to process your request. Depending on the reason for contacting us, the legal basis for processing the data is Art. 6 para. 1 s. 1 lit. b) GDPR or Art. 6 para. 1 s. 1 lit. f) GDPR, i.e. it is either used to process the contract concluded with you and to fulfil our (pre-)contractual obligations or it is based on our legitimate interest in contacting people interested in our services.

7. Cookies

We use cookies on our website. Cookies are small, browser-specific text files that are stored on your hard drive. This provides certain information to the body that sets the respective cookie, which, however, can neither execute programs nor transmit viruses. Cookies are divided into the following classes:
First, a distinction is made according to who set the respective cookie (website operators in the form of first-party cookies or third parties in the form of third-party cookies).
Then there is a distinction regarding the duration of storage.

  • There are transient cookies that are automatically deleted when the browser is closed, which mainly concerns so-called session cookies that store a session ID. With these session cookies, your computer will be recognised if you call up our website again within a session with the same browser. When you close the browser or log out, these temporary cookies are deleted.
  • In addition, there are so-called persistent cookies, which are stored for a longer period of time (up to two years). However, the period until deletion differs from cookie to cookie. You can delete these cookies manually at any time via your browser settings.
  • Another group is formed by the so-called Flash cookies. This is a Flash player-bound cookie that stores the technical data required for the playback of video or audio content (e.g. picture quality or network speed). Normally, there is no automatic expiry date here and the cookies store the required data independently of the browser used. Some browsers (e.g. Firefox) offer the option of deleting Flash cookies together with the other cookies.

Furthermore, a distinction is made between cookies based on their function, which is most relevant from a data protection perspective.

  • Technical (essential) cookies are cookies that are necessary to perform basic functions of the website (e.g. saving a product that has been placed in the shopping cart).
  • Performance cookies collect information about the use of the website and any errors that occur. This is anonymous information that is used to improve the website.
  • Advertising cookies or targeting cookies make it possible to display adapted advertising (also from third parties) to the user of the website and to determine the effectiveness of this advertising.
  • Sharing cookies connect the website with other services (e.g. social media sites).

We use automated technical cookies only and thus cookies that are essential for the operation of our website on the basis of our legitimate interest within the meaning of Art. 6 para. 1 s. 1 lit. f) GDPR in order to design our website effectively and to continuously improve it.
We would like to point out that you can prevent the storage of cookies at any time by setting your browser accordingly. We have compiled further information in this context with regard to the most popular browsers below, but we would like to point out that this may restrict the functionality of our website.

8. Hosting

Our website is hosted by the company HostPress GmbH, Bahnhofstraße 34, 66571 Eppelborn, Imprint: https://www.hostpress.de/impressum/ (hereinafter referred to as “HostPress”). When you access our website, the personal data mentioned in this privacy policy is transmitted to HostPress for purely informational use of the website. For this purpose, we have concluded a corresponding contract for order processing with the company HostPress. The server locations of HostPress are exclusively in Germany. Here you can find the data protection information of HostPress : https://www.hostpress.de/datenschutz/.

9. YouTube

We integrate YouTube videos on our website. This is a video portal of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Imprint : https://www.google.de/intl/de/contact/impressum.html. The parent company of this Irish-based company is: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google”). Google’s privacy policy can be found here : https://policies.google.com/privacy?hl=en.
We have implemented the videos in an “enhanced privacy mode”, which ensures that a data transfer to the USA and thus to an insecure third country only takes place when you start playing the video. If you call up a sub-page on which a YouTube video is implemented and play it, Google receives the information about this call-up and a transmission of the personal data mentioned in this data protection declaration takes place for purely informational use of the website to Google (and thus possibly to an insecure third country). This transmission serves the creation of a user profile by Google and takes place regardless of whether you have a Google account. However, if you have an account and are logged into your account when you call up a sub-page on which a YouTube video is embedded, this data is assigned. This data is stored by Google and used for advertising and/or market research purposes, such as the provision of tailored advertising. Regarding the storage, we refer to the explanations of Google, available at : https://policies.google.com/technologies/retention?hl=en

We only use YouTube if you have given us your express consent to do so via Consent-Tool (Art. 49 para. 1 lit. a) GDPR). Your data will then be transferred with your consent to the USA and thus to an insecure third country. For the USA, there is currently neither an EU adequacy decision nor other suitable guarantees. The protection of your data cannot be guaranteed in the destination country USA. In the USA, there is currently no level of data protection equivalent to that in the EU. Therefore, the transfer is associated with corresponding risks. In particular, there are no guarantees that your transmitted data will not be accessed by government authorities. For example, it cannot be ruled out that U.S. authorities may access your data on the basis of Section 702 of the Foreign Intelligence Surveillance Act (FISA) and/or on the basis of the so-called CLOUD Act (Clarifying Lawful Overseas Use of Data Act). In this context, we expressly point out that as an EU citizen, you have no effective legal protection against the processing of your data by US authorities. If you give your consent, you do so in full knowledge of these risks, which you thereby also consciously accept. You can revoke your consent at any time by clicking on the “Revoke / Change privacy settings” button located in the footer of our website.

10. Newsletter

10.1. Registration and confirmation (double opt-in procedure)

The only mandatory information you need to registration mask is your e-mail address. The registration takes place by means of a double opt-in procedure. This means that after your registration you will receive an e-mail to the e-mail address you entered. This e-mail contains a link. By clicking on this link, you can confirm that you would like to receive our newsletter from now on. After confirmation, we will store your e-mail address as well as any additional data you voluntarily provide (the legal basis for this is Art. 6 para. 1 s. 1 lit. a) GDPR) in order to send you the newsletter in the future.
If this confirmation does not take place within 4 weeks, the information provided to us (your e-mail address) will be deleted. Furthermore, only your IP address and the times of newsletter registration, newsletter confirmation and newsletter unsubscription after sending the last newsletter will be stored by us for the period in which it is necessary for us to keep proof of your registration, including your confirmation and unsubscription, as well as to enable clarification of any misuse of your data (the time of deletion is thus determined by the statute of limitations for any claims).

10.2. Unsubscribe

You have the right to revoke your consent regarding the sending of our newsletter at any time and thus to unsubscribe from the newsletter without incurring any costs other than the transmission costs according to the basic rates. There are two ways to do this. Firstly, you can send us a corresponding e-mail to info@byschulz.com or click on the link “Unsubscribe from newsletter”, which is available at the end of every newsletter you receive from us.

10.3. Usage of the program rapidmail

Newsletter dispatch :
To send our newsletter, we use the program rapidmail of the company rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg im Breisgau (hereinafter referred to as “rapidmail”), the imprint of rapidmail can be found here : https://www.rapidmail.de/impressum. For this purpose, we have concluded a corresponding contract for order processing with the company rapidmail. The servers of the service are operated exclusively in Germany : https://www.rapidmail.de/newsletter-marketing-dsgvo-und-datenschutz-konform.
Tracking :
The program enables us to regularly optimize the newsletter for you by analyzing your opening behavior. This is done through the use of so-called tracking pixels (a tracking pixel – also called web beacon – is a small graphic that is automatically reloaded when an HTML email is called up and thus enables tracking of user behavior). We can determine when you read our newsletter through the tracking pixels used. By subscribing to the newsletter, you consent to this, which is the legal basis for the processing according to Art. 6 para. 1 s. 1 lit. a) GDPR. The consent is automatically revoked when you unsubscribe from the newsletter. In order to prevent tracking, you can deactivate the display of images by default in your e-mail program, whereby the newsletter may not be displayed in full and certain functions may therefore not be used.

11. OpenStreetMap

We include map material from OpenStreetMap on our website. If you access the map material from the EU or the UK, servers in the EU or the UK are used for this purpose. Due to an adequacy decision of the EU, the UK is considered a “safe third country” in terms of data protection. If you retrieve the map from locations other than those mentioned above, caches in non-secure third countries may also be used, which is why we expressly advise against this.

If you do so, this constitutes your express consent to the possible third country transfer (Art. 6 para. 1 s. 1 lit. a) GDPR), which will be collected by OpenStreetMap when you call up the maps. In this regard, we refer to the privacy policy of the provider.

The legal basis is our legitimate interest (Art. 6 para. 1 lit. f) GDPR) to enable you as our user to find our location in a generally usable and convenient manner. As far as we are aware, the user data is used by OpenStreetMap exclusively for the purpose of displaying the map functions and for temporarily storing the selected settings. This data may include, in particular, IP addresses as well as location data of users, which, however, will not be collected without their consent (usually within the settings of their mobile devices). If necessary, you can prevent this through settings on your mobile devices.

12. Etracker analytics (webtracking)

We use the etracker analytics service of etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany, Imprint : https://www.etracker.com/en/imprint/ (hereinafter referred to as “etracker”) on our website. Here you can find FAQ from etracker regarding the GDPR : https://www.etracker.com/en/docs/faq-2/eu-gdpr/. You can access etracker’s privacy policy here : https://www.etracker.com/en/data-privacy/.
We have concluded a corresponding contract for order processing with the company etracker. We use etracker Analytics based on our legitimate interest according to Art. 6 para. 1 s. 1 lit. f) GDPR, in this case in the interest of evaluating our website and improving it for you as a user. As standard, etracker Analytics does not use cookies, but records visit behavior (using purely technical parameters, such as the shortened IP address or the browser used) within a session (website visit) by means of cookie-less session tracking. A fingerprinting process is used to generate a hash value (a combination of characters from which the original data cannot be derived) from purely technical data (such as the shortened IP address or the browser used), to which the date of the page call is also added in order to make it even less likely that the identity of the user can be determined. This value is automatically deleted every 24 hours. Within the 24 hours, this fingerprint makes it possible to analyze user behavior.
You can object to the data processing here at any time :

13. Your rights

Below we clarify your rights under the GDPR. You can access the GDPR here as a complete document.

  • Right to information according to Art. 15 para. 1 GDPR
    You have the right to request confirmation from us as to whether personal data concerning you is being processed. If this is the case, in addition to the right to information about this personal data, you have the right to information about the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your personal data have been disclosed or will be disclosed in the future (in particular in the case of recipients in third countries or in international organizations), the storage period or Criteria for determining the storage period, the existence of a right to rectify or erase the personal data concerning you or the right to restrict processing on our part, as well as about the existence of a right to object to such processing, the existence of a right to lodge a complaint with a supervisory authority, any available information about the origin of the data (in the event that they were not collected by us), the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved and the scope and intended effects of such processing.
  • Right to rectification according to Art. 16 GDPR
    You have the right to request from us the immediate correction of inaccurate personal data as well as the completion of incomplete personal data concerning you.
  • Right to erasure (“right to be forgotten”) according to Art. 17 para. 1 GDPR
    You have the right to request that we delete the personal data concerning you without undue delay. However, according to Art. 17 para. 3 GDPR, this right does not exist if the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest in the field of public health, for archiving purposes in the public interest or for the establishment, exercise or defense of legal claims.
  • Right to restriction of processing pursuant to Art. 18 para. 1 GDPR
    You have the right to demand that we restrict the processing of your personal data if you dispute the accuracy of your personal data (the restriction applies for the period that allows us to verify the accuracy), the processing of your personal data is unlawful and you refuse to delete it, we no longer need your personal data for the processing purposes, but you need it to assert, exercise or defend legal claims or you object to the processing pursuant to Art. 21 para. 1 GDPR (the restriction applies here as long as it has not yet been determined whether our legitimate reasons outweigh yours).
  • Right to data portability according to Art. 20 GDPR
    You have the right to obtain from us the personal data concerning you in a structured, commonly used and machine-readable format, as well as to have it transferred to another controller without hindrance from us (or to request that it be transferred directly from us to another controller, if this is technically feasible), if the processing by us was based on consent or a contract or was carried out with the help of automated processes.
  • Right to revoke consent granted pursuant to Art. 7 para. 3 GDPR
    You have the right to revoke your consent at any time with effect for the future, so that the data processing based on the consent can no longer be continued in the future, but the legality of the processing carried out until your revocation is not affected.
  • Right to complain according to Art. 77 GDPR
    Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you infringes the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or the place of the alleged infringement. For more information, please visit the website of the Federal Commissioner for Data Protection and Freedom of Information.

14. Right of objection

In addition to the aforementioned rights, you also have the right to object at any time with future effect to the processing of your personal data which is carried out on the basis of the performance of a task carried out in the public interest or in the exercise of official authority (Art. 6 para. 1 s. 1 lit. e) GDPR) or for the protection of legitimate interests on our part (Art. 6 para. 1 s. 1 lit. f) GDPR), provided that there are grounds for doing so which arise from your particular situation. In the event of an objection, no further processing of the personal data will be carried out unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. In the case of processing of your personal data for the purpose of direct marketing or profiling, where there is a link to direct marketing, you have a general right to object without having to provide reasons based on your particular situation. In the event of an objection, we will immediately cease processing the personal data for these purposes. To exercise your right of revocation or objection, simply send an e-mail to : info@byschulz.com

15. Data security

Our website uses the encryption and communication protocol TLS 1.3 (Transport Layer Security). Through the TLS certificate used by us and issued by a certification authority, we enable an encrypted data exchange between web browser and web server, whereby sensitive data cannot be read by third parties. We use the procedure with the highest encryption level that your browser supports, which is usually 256-bit encryption. The higher the bit number, the longer the key and therefore the better the protection against third parties.

This privacy policy was created individually for this website by Frame for Business GmbH in cooperation with the Law Firm Dr. Schultheiß.

[borlabs-cookie type="btn-cookie-preference" title="Customize cookie settings"/]