Name and address of the controller
90411 Nuremberg, Germany
Tel: +49 (0)911 58 68 61 0
Name and address of the data protection officer
MG & P – Meinhardt, Gieseler & Partner mbB
90489 Nuremberg, Germany
Tel: +49 (0)911 580 560 0
1. Collection and retention of personal data and purpose of its use
1.1 Visit of our website
Each time you access our website and each time you retrieve a file, data about this process is collected by us/our service provider/website host and is stored in a log file. After no more than seven days, the personal data is anonymised by truncating the IP address and sent to us. As a result, we collect the following information and store it until it is automatically deleted:
The stated data is processed for the following purposes:
1.2 Forms on our website
We use forms to request information from you at various points on our website. This is necessary to enable us to contact you, to give you access to exclusive content or to plan events. According to Article 6(1)(1) of the GDPR , your express consent is required each time, which we also obtain.
Users’ information can be stored in our Customer Relationship Management System and marketing automation platform ("CRM & Marketing System") or comparable request organisation.
Any personal data collected will be deleted after the statutory retention periods have expired. If necessary, we will forward personal data within SCHEMA to the correct recipient in order to process your request. You can revoke your consent to the processing of your data at any time. In mailings, you can do this by clicking on the unsubscribe button. Otherwise, you can also send your unsubscribe request to firstname.lastname@example.org at any time.
2. Passing on data
We do not pass your data on to third parties outside of SCHEMA for purposes other than the following. We will pass your data on to third parties only if:
Our website uses ‘cookies’ in several places. Cookies are small text files which are stored on your computer and which your browser saves. The purpose of cookies is to make our website more user friendly and secure.
The cookies we use are on the one hand so-called "session cookies". They are automatically deleted after the end of the browser session.
On the other hand, additional cookies are permanently stored in the browser. The information that cookies are used on the website will only be displayed again after these cookies have been deleted.
Cookies do not cause any damage to your server, nor do they contain any viruses, trojans or other malware.
The data processed by cookies is necessary for the stated purposes to protect our legitimate interests and those of third parties pursuant to Article 6(1)(1)(f) of the GDPR.
By visiting the SCHEMA websites, you consent to the use and storage of cookies.
Opt-out options and consequences:
You can deactivate or restrict the transmission of cookies by changing the settings of your Internet browser. Cookies that have already been saved can be deleted at any time.
If you deactivate cookies for our web pages, you may no longer be able to use all the functions of our web pages to their full extent.
4. Google Analytics
5. Online conferences via "zoom
5.1 Purpose of the processing
We use the "Zoom" tool to conduct online conferences. "Zoom" is a service provided by Zoom Video Communications, Inc.
5.2 Person responsible
SCHEMA GmbH is responsible for data processing directly related to the execution of online conferences.
Note: If you call up the website of "Zoom", the provider of "Zoom" is responsible for data processing. However, calling up the website is only necessary in order to download the software for using "Zoom".
You can also use "Zoom" if you enter the respective meeting ID and, if necessary, other access data for the meeting directly in the "Zoom" app.
If you do not want to or cannot use the "Zoom" app, the basic functions can also be used via a browser version, which you can also find on the "Zoom" website.
5.3 Which data is processed?
When using "Zoom", different types of data are processed. The scope of the data also depends on the information you provide before or during participation in an online conference.
The following personal data are processed:
User details: first name, last name, telephone (optional), e-mail address, password (if "Single-Sign-On" is not used), profile picture (optional), department (optional).
Meeting metadata: Subject, Description (optional), Attendee IP addresses, Device/Hardware information.
For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of online meeting chat.
When dialing in by phone: information on incoming and outgoing phone number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be saved.
Text, audio and video data: You may be able to use the chat, question or survey functions in an "online meeting". To this extent, the text entries you make are processed in order to display and, if necessary, log them in an online conference. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera on the terminal device are processed for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time using the "Zoom" applications.
In order to participate in an online conference or enter the "meeting room", you must at least provide information about your name.
5.4 Scope of processing
We use "Zoom" to conduct online conferences. If we want to record online conferences, we will inform you transparently in advance and - if necessary - ask for your consent. The fact of the recording will also be displayed in the "Zoom" app.
If it is necessary for the purpose of recording the results of an online conference, we will log the chat contents.
For recording and follow-up purposes, we may also process questions asked by conference participants.
If you are registered as a user at "Zoom", reports on online conferences (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) can be stored for up to one month at "Zoom".
Automated decision-making within the meaning of Article 22 GDPR is not used.
5.5 Receiver / passing on of data
Personal data processed in connection with participation in online conferences are generally not passed on to third parties, unless they are specifically intended to be passed on. Please note that content from online conferences as well as from personal meetings often serves the purpose of communicating information with customers, interested parties or third parties and is therefore intended to be passed on.
Other recipients: The provider of "Zoom" necessarily obtains knowledge of the above-mentioned data, insofar as this is provided for in our contract processing agreement with "Zoom".
5.6 Data processing outside the European Union
"Zoom" is a service provided by a provider from the USA. Processing of personal data therefore also takes place in a third country. We have concluded an order processing contract with the provider of "Zoom" which meets the requirements of Article 28 GDPR.
An adequate level of data protection is guaranteed on the one hand by the "Privacy Shield" certification of Zoom Video Communications, Inc. but also by the conclusion of the so-called EU standard contract clauses.
6. Your rights
You have the right to:
7. Right to object
If your personal data is processed on the basis of legitimate interest in accordance with Article 6(1)(1)(f) of the GDPR, you have the right under Article 21 of the GDPR to object to the processing of your personal data on grounds relating to your particular situation or to object to direct marketing. In the latter case, you have a general right to object that will be implemented by us without having to state a specific situation.
If you would like to make use of your right to withdraw consent or right to object, simply send an email to email@example.com.
8. Data security
When you visit our website, we use secure socket layer security technology in conjunction with the highest level of encryption that your browser supports. Generally this is 256 bit encryption. If your browser does not support 256 bit encryption, we will use 128 bitv3 technology instead. You will know if an individual page of our website has been transferred encrypted by a key or lock symbol appearing in your browser's address bar.
As well as this, we use appropriate technical and organisational security measures to protect your data against accidental or deliberate manipulation, full or partial loss, destruction, and against unauthorised access by third parties. We are continuously improving our security measures in line with technological advancement.
9. Updates and changes to this data privacy notice
This data privacy notice is currently valid and was updated in May 2020.
As a result of the development of our website and offers, or due to changes in legislation or official requirements, it may be necessary to make changes to this data privacy notice. You can always find the most recent data privacy notice on our website and can print it out from there.