Privacy Policy
We are pleased that you are visiting our website. The protection and security of your personal information while using our website is very important to us. Therefore, we would like to inform you at this point about which of your personal data we collect when you visit our website and for what purposes it is used.
This privacy policy applies to the online offering of Schamel Meerrettich GmbH & Co. KG, which is accessible under the domain www.schamel.de and various subdomains (“our website”).
Who is responsible, and how can I reach you?
Responsible for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR):
Schamel Meerrettich GmbH & Co. KG
Johann-Jakob-Schamel-Platz 1
91083 Baiersdorf/Bavaria
Tel.: 09133 7760-0
Email: info@schamel.de
Data Protection Officer:
Datenschutz Pöllinger GmbH
Dresdner Str. 38
92318 Neumarkt
Tel.: 09181 – 2705770
Email: datenschutz@datenschutz-poellinger.de
What is the purpose?
This privacy policy meets the legal requirements for transparency in the processing of personal data. Personal data includes all information relating to an identified or identifiable natural person. This includes information such as your name, age, address, telephone number, date of birth, email address, IP address, or user behavior when visiting a website. Information for which we cannot establish a reference to your person (or only with disproportionate effort), e.g., through anonymization, is not considered personal data. The processing of personal data (e.g., collecting, querying, using, storing, or transmitting) always requires a legal basis and a defined purpose.
Stored personal data will be deleted as soon as the purpose of the processing has been achieved, and there are no legal grounds for further data retention. We will inform you about specific storage periods or criteria for storage in each processing operation. Regardless, we may store your personal data in individual cases for the assertion, exercise, or defense of legal claims and in the presence of legal retention obligations.
Who receives my data?
We only disclose your personal data processed on our website to third parties if it is necessary to fulfill the purposes and is covered by the legal basis (e.g., consent or the protection of legitimate interests). Furthermore, we may disclose personal data to third parties on a case-by-case basis if it serves the assertion, exercise, or defense of legal claims. Possible recipients may include law enforcement authorities, lawyers, auditors, courts, etc.
In cases where we use service providers for the operation of our website, who process personal data on our behalf within the scope of order processing according to Art. 28 GDPR, these service providers may be recipients of your personal data. More information about the use of processors and web services is available in the overview of the individual processing operations.
Do you use cookies?
Cookies are small text files that are sent by us to the browser of your end device during your visit to our websites and stored there. Alternatively, information can be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies enable us to conduct various analyses, allowing us, for example, to recognize your browser when you revisit our website and to transmit various information to us (non-essential cookies). By using cookies, we can make our online offer more user-friendly and effective, for example, by tracking your use of our website and determining your preferred settings (e.g., country and language settings). If third parties process information through cookies, they collect the information directly through your browser. Cookies do not cause any damage to your end device. They cannot execute programs and do not contain viruses.
We inform you about the respective services for which we use cookies in the individual processing operations. Detailed information about the cookies used can be found in the cookie settings or the consent manager of this website.
What rights do I have?
Under the conditions of the legal provisions of the General Data Protection Regulation (GDPR), you, as a data subject, have the following rights:
- Right to information according to Art. 15 GDPR about the data stored about you in the form of meaningful information about the details of the processing and a copy of your data.
- Right to rectification according to Art. 16 GDPR of incorrect or incomplete data stored by us.
- Right to erasure according to Art. 17 GDPR of the data stored by us, provided that processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, or for the assertion, exercise, or defense of legal claims.
- Right to restriction of processing according to Art. 18 GDPR if the accuracy of the data is disputed, the processing is unlawful, we no longer need the data, and you refuse its deletion because you need it to assert, exercise, or defend legal claims, or you have objected to the processing according to Art. 21 GDPR.
- Right to data portability according to Art. 20 GDPR, i.e., the right to receive selected stored personal data about you in a structured, common, and machine-readable format, or to request the transfer to another person responsible.
- Right to object according to Art. 21 GDPR, provided that your personal data are processed based on legitimate interests or for the performance of a task carried out in the public interest or in the exercise of official authority.
- Right to withdraw your consent given under data protection law at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
- Right to lodge a complaint with a supervisory authority according to Art. 77 GDPR if you believe that the processing of your personal data violates data protection law. The competent supervisory authority depends on the state of your residence, your work, or the alleged violation. A list of the supervisory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Processing Operations
Provision of the Website
Data Processed
When you access and use our website, we collect the following personal data that your browser automatically transmits to our server and stores temporarily in a log file:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the accessed file
- Website from which the access occurs (Referrer-URL)
- Used browser and, if applicable, the operating system of your computer, as well as the name of your access provider
Our website is hosted by a service provider who processes data on our behalf for the specified purposes in accordance with Art. 28 GDPR.
Purpose and Legal Basis
The processing is carried out to safeguard our predominant legitimate interest in displaying our website and ensuring its security and stability, based on Art. 6(1)(f) GDPR. Data collection and storage in log files are essential for the operation of the website. There is no right to object to processing due to the exception under Art. 21(1) GDPR. If further storage of log files is required by law, the processing is based on Art. 6(1)(c) GDPR. While there is no legal or contractual obligation to provide data, accessing our website without providing the data is technically not possible.
Storage Duration
The mentioned data is stored for the duration of displaying the website and, for technical reasons, for a maximum of 7 days beyond that.
Contact Form
Data Processed
On our website, we offer you the opportunity to contact us through a provided form. The information collected via mandatory fields is necessary to process the request. You may also voluntarily provide additional information that you consider necessary for processing the contact request.
When using the contact form, your personal data is not disclosed to third parties.
Purpose and Legal Basis
The processing of your data through the use of our contact form is for the purpose of communication and handling your inquiry, based on your consent according to Art. 6(1)(a) GDPR and § 25(1) TTDSG. If your request relates to an existing contractual relationship with us, the processing is for the purpose of contract fulfillment based on Art. 6(1)(b) GDPR. There is no legal or contractual obligation to provide your data; however, processing your request without providing the information in the mandatory fields is not possible. If you do not wish to provide this data, please contact us through alternative means.
Storage Duration
If you use the contact form based on your consent, we store the collected data for each request for a duration of three years, starting from the completion of your request or until the withdrawal of your consent.
If you use the contact form within the context of a contractual relationship, we store the collected data for each request for a duration of three years from the end of the contractual relationship.
Customer Account Registration
Data Processed
In the context of order processing, we collect your personal data for the registration of a customer account. You can choose to order as a guest or register a permanent user account. The information collected during registration via mandatory fields is identical in both cases and necessary for processing orders in the online shop. When registering a permanent user account, we additionally collect a password that you set yourself. You may also voluntarily provide additional information that you consider necessary for order processing.
The disclosure of your personal data to third parties (e.g., shipping service providers / logistics) and processors according to Art. 28 GDPR only occurs if necessary for order processing.
Purpose and Legal Basis
We process your personal data for the purpose of registering a customer account to fulfill a contract with you, based on Art. 6(1)(b) GDPR. There is a contractual obligation to provide your data insofar as it relates to the mandatory fields, as this information is necessary for the identification of your person and for our contract fulfillment. There is no legal obligation to provide the data. Without providing this information, ordering in our online shop, and thus concluding a contract, is not possible. There is no obligation to provide the additional voluntarily provided information. Ordering in our online shop is possible without disclosing this optional information.
The additional processing of your password for the registration of the permanent user account is for the purpose of providing a customer account, displaying your previous purchases, and storing your purchase-related data (e.g., storing billing address, different delivery addresses) based on your consent according to Art. 6(1)(a) GDPR. By deleting your customer account, you can revoke your consent for the future with effect according to Art. 7(3) GDPR.
Storage Duration
If you order as a guest, we store your personal data until the complete processing of your order (end of the contract). When registering a permanent customer account, we store purchase-related data beyond the end of the contract until the withdrawal of your consent (deletion of the customer account). In both cases, further storage of your data only occurs if there are legal retention obligations (e.g., tax and commercial law).
Collection and Processing of Data for Shop Orders
To the extent that you have provided us with additional personal data (address, payment terms), we use this information only to process the order or to fulfill contracts concluded with you, and to deliver the goods. The legal basis for this is Art. 6(1)(b) GDPR (contractual or pre-contractual measures).
Payment Processing
When using the PayPal payment method, data is transmitted to the payment service provider PayPal. The payment service provider is responsible for payment data. Information, especially about the responsible entity of the respective payment service provider, the contact details of the data protection officer of the payment service provider, and the categories of personal data processed by the payment service provider, can be found at the following address: PayPal Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full?locale.x=de_DE. The legal basis for this is Art. 6(1)(b) GDPR (contractual or pre-contractual measures).
Presence on Social Media Platforms
We maintain so-called fan pages, accounts, or channels on the networks listed below to provide you with information and offers within social networks, and to offer you additional ways to contact us and learn about our offers. Below, we inform you about the data we or the respective social network processes about you in connection with the access and use of our fan pages/accounts.
Data Processed by Us
If you want to contact us via messenger or direct message through the respective social network, we usually process your username through which you contact us and potentially store additional data communicated by you if necessary for processing/responding to your request.
The legal basis is Art. 6(1)(f) GDPR (processing is necessary to protect legitimate interests of the controller).
(Static) Usage Data Processed by Social Networks
Through insights functionalities, we receive automatically provided statistics regarding our accounts. The statistics include, among other things, the total number of page views, likes, information about page activities and post interactions, reach, video views, as well as information about the proportion of men/women among our fans/followers.
The statistics contain only aggregated data that cannot be attributed to individual persons. They are not identifiable to us through this information.
What data the social networks process from you
In order to view the content of our fan pages or accounts, you do not have to be a member of the respective social network and therefore no user account is required for the respective social network.
Please note, however, that the social networks also collect and store data from website visitors without a user account (e.g. technical data in order to be able to display the website to you) and use cookies and similar technologies when the respective social network is accessed, over which we have no influence whatsoever. Details on this can be found in the privacy policy of the respective social network (see the corresponding links above)
If you wish to interact with the content on our fan pages/accounts, e.g. comment on, share or like our posts/contributions and/or wish to contact us via messenger functions, you must first register with the respective social network and provide personal data.
We have no influence on the data processing by the social networks when you use them. To the best of our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, as well as for the analysis of user behavior (using cookies, pixels/web beacons and similar technologies) on the basis of which advertising based on your interests is displayed both within and outside the respective social network. It cannot be ruled out that your data will also be stored by the social networks outside the EU/EEA and passed on to third parties.
Information on the exact scope and purposes of the processing of your personal data, the storage period/deletion as well as guidelines on the use of cookies and similar technologies in the context of registration and use of the social networks can be found in the data protection provisions/cookie guidelines of the social networks. There you will also find information on your rights and options to object.
Facebook Pixel
Type and scope of processing
We use Facebook Pixel from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, to create so-called Custom Audiences, i.e. to segment visitor groups of our online offer, determine conversion rates and subsequently optimize them. This happens in particular when you interact with advertisements that we have placed with Meta Platforms Ireland Limited.
Purpose and legal basis
The use of Facebook Pixel is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where no adequacy decision of the European Commission exists (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Meta Platforms Ireland Limited. Further information can be found in the privacy policy for Facebook Pixel: https://www.facebook.com/privacy/explanation.
Google Analytics
Type and scope of processing
We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of visits to our website, subpages visited and the length of stay of visitors.
Google Analytics uses cookies and other browser technologies to evaluate user behaviour and recognize users.
This information is used, among other things, to compile reports on website activity.
Purpose and legal basis
The use of Google Analytics is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where no adequacy decision of the European Commission exists (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics: https://policies.google.com/privacy.
Google Tag Manager
Type and scope of processing
We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and enables us to control the precise integration of services on our website.
This allows us to flexibly integrate additional services in order to evaluate user access to our website.
Purpose and legal basis
The use of Google Tag Manager is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG.
We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).
In cases where no adequacy decision of the European Commission exists (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of June 4, 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.
In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).
Google Analytics uses cookies and other browser technologies to evaluate user behaviour and recognize users.
This information is used, among other things, to compile reports on website activity.
Storage period
The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.
