As of 12/2024
We take the protection of your personal data very seriously and strive to provide you with comprehensive information about the processing of your personal data. The following privacy policy explains how and for what purposes we process your personal data when you visit our website and/or contact us.
As a rule, the personal data of yours that we collect is obtained directly from you. The specific legal bases are the EU General Data Protection Regulation (GDPR) and the German Telecommunications and Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz – TTDSG).
The controller within the meaning of Article 4(7) GDPR responsible for the processing of data described below is:
Schwarz Corporate Affairs GmbH & Co. KG
Stiftsbergstraße 1
74172 Neckarsulm, Germany
Phone: +49(0)7132 – 30788600
E-mail: kontakt@mail.schwarz
We treat all personal data that we receive from you by e-mail, telephone or mail confidentially. We use your data solely for the limited purpose of processing your inquiry. The legal basis for the processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the interest in responding to your inquiries so that customer satisfaction is ensured and promoted.
When you send us personal data by contacting us for purposes of initiating or performing an existing contractual relationship, Article 6(1)(b) GDPR is the legal basis for data processing.
As a rule, we do not transfer the data to third parties outside of Schwarz Corporate Affairs GmbH & Co. KG. In exceptional cases, we will have a processor process the data on our behalf. Such processors are carefully selected and bound by contract in accordance with Article 28 GDPR.
Where necessary to process your inquiry, we transfer your data to companies of Schwarz Group, such as Schwarz Dienstleistung KG.
You are under no statutory or contractual obligation to provide personal data to us. However, if you do not provide us with the data required to process your request, we will not be able to process or respond to it.
We delete or securely anonymize all information we receive from you when you make inquiries no later than 90 days after the final response is sent to you. The information is retained for 90 days in case you contact us again after receiving a response from us on the same matter and we need to refer to our previous correspondence. Based on experience, we generally do not receive any questions concerning our responses after 90 days. If you assert your rights as a data subject, your personal data will be stored for three years after the final response in order to document the fact that we provided you with comprehensive information and that the legal requirements have been met.
Personal data that you send to us as part of initiating or performing a contract will be deleted after no more than 12 years.
As part of your press inquiry, we also process your business contact details in addition to your inquiry. We use your data solely for the limited purpose of processing your inquiry. In addition, we keep your request for a fixed period of time to ensure that the request history can be traced. The legal basis for the processing is Article 6(1)(f) GDPR. The legitimate interest lies in effectively and expertly processing your inquiry.
In addition, we may forward your request internally to other companies of Schwarz Group for coordination. Article 6(1)(f) GDPR is the applicable legal basis for this. The legitimate interest lies in a uniform external presentation of the Schwarz Group and the effective and professional processing of your request.
As a rule, we do not transfer the data to third parties outside of Schwarz Group. In exceptional cases, we will have a processor process the data on our behalf. Such processors are carefully selected and bound by contract in accordance with Article 28 GDPR.
Where necessary to process your inquiry, we transfer your data to companies of Schwarz Group.
You are under no statutory or contractual obligation to provide personal data to us. However, if you do not provide us with the data required to process your request, we will not be able to process it.
We will retain any personal data that we receive from you in connection with inquiries for 10 years.
When you visit this website, log files are generated containing the following information:
The legal basis for the processing is Article 6(1)(f) GDPR. Our legitimate interest arises from our interest in protecting our systems and preventing improper and/or fraudulent activity each time that a user accesses this website.
In exceptional cases, your personal data may be accessible to Schwarz IT KG, Stiftsbergstraße 1, 74172 Neckarsulm, Germany, for support and maintenance purposes because the website is hosted on our behalf on servers provided and operated by Schwarz IT KG.
You are under no statutory or contractual obligation to provide personal data to us. However, such data will be processed for technical reasons as soon as you access our site. The only way to prevent your data from being processed is to stop using our website.
We retain said data for a period of 10 days.
We, Schwarz Corporate Affairs GmbH & Co. KG, Stiftsbergstraße 1, 74172 Neckarsulm, Germany, are the controller with respect to data processing in connection with the use of "cookies" and other similar technologies to process usage data on all (sub-)domains at www.gruppe.schwarz.
Cookies are small text files that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our websites. Cookies do not cause any harm to your end device, nor do they contain any viruses, trojans or other malware. The cookie stores certain information connected with the specific end device deployed. This does not, however, mean that we will immediately become aware of your identity.
You may also configure your browser to ensure that a warning appears every time a new cookie is placed. This makes the use of cookies more transparent for you. You may also configure your browser to refuse acceptance of all or some cookies from certain sources. Please be advised, however, that disabling cookies may limit the functionality of this website.
Cookies and the other technologies used to process usage data are deployed for the following purposes, depending on the categories of cookie/other technologies:
Depending on the purpose, the use of cookies and similar technologies to process usage data involves processing the following types of personal data in particular:
Technically Necessary:
Preferences:
Statistics:
Marketing:
The legal basis for using preference, statistics and marketing cookies and similar technologies is your consent given pursuant to Article 6(1)(a) GDPR. The legal basis for using technically necessary cookies and similar technologies is your consent given pursuant to Article 6(1)(f) GDPR and section 25 (2) no. 2 TTDSG. We have a legitimate interest in ensuring the technical stability and security of website operation.
You may withdraw/modify your consent at any time with effect for the future without this affecting the lawfulness of the processing based on consent before its withdrawal. Click here to make your selection.
For an overview of the cookies and other technologies we use, including the respective purposes of processing, storage periods and any third party providers involved, see our cookie policy.
When using cookies and similar technologies to process usage data, we may on occasion retain specialized service providers, particularly from the field of online marketing, to process data. These service providers process data on our behalf.
If you have consented to processing for marketing purposes, we may potentially share your User ID and the associated user profiles with third parties via the providers of advertising networks.
For information about other recipients in connection with using cookies to process data, see our cookie policy under the heading "Providers".
We use the Google Analytics web analytics service to analyze user access to our website. The legal basis for this data processing is your consent given pursuant to Article 6(1) sentence 1 (a) GDPR (for data processing) and section 25 (1) of the German Telecommunications Digital Services Data Protection Act (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz – TDDDG) (for using cookies, etc.). We use data generated during your use of our website for purposes of user navigation, statistical analyses and adapting our website to your needs. This involves the following data:
Google Analytics 4 operates largely without using traditional cookies, but rather based on an analysis of your behavior on our website. The processed IP address is automatically truncated so that no direct identification is possible. Further information on data processing when using Google Analytics is available at: here.
Under certain circumstances, we may need to transfer your personal data to other recipients. When using Google Analytics, your aforementioned data is transferred to Google Ireland, Limited Gordon House, Barrow Street Dublin 4, Ireland.
The user data collected via Google Analytics are generally deleted after 14 months.
As a rule, we do not transfer your data to recipients located outside of the European Union or the European Economic Area. To the extent that you have consented to the use of the relevant cookies, your data will only be transferred to the servers of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, if it is processed using Google Analytics. Some of these servers are located in the US. In addition, we have no control over the extent to which Google uses your data for its own purposes. The European Commission has certified some third countries as having a level of data protection comparable to that offered by the GDPR by means of an adequacy decision. For service providers headquartered in the US, this only applies if they base the data transfer on the EU-US Data Privacy Framework dated July 10, 2023 (DPF). This is the case for this recipient.
You are under no statutory or contractual obligation to provide personal data to us. You may prevent cookies from being stored by adjusting the aforementioned settings, selecting the categories of cookies accordingly or by withdrawing or modifying any consent you may have given.
For information on the duration of storage for cookies, see our cookie policy If "persistent" is entered in the "expiration" column, the cookie will be stored permanently until it is manually deleted.
The party responsible for the collection and processing of data described below (the controller) is in some cases Schwarz Corporate Solutions KG (SCOS), Stiftsbergstraße 1, 74172 Neckarsulm, Germany, or Schwarz Corporate Affairs GmbH & Co. KG (SCA) and in some cases the operator of the relevant social media platform. For certain types of processing, SCOS or SCA (hereinafter referred to as responsible operators) and the platform operator act as joint controllers as defined in Article 26 GDPR.
SCOS uses the following social media sites:
SCA uses the following social media sites:
The relevant responsible operators have only limited control over the processing of data by the operators of social media platforms (e.g., the management of members and the information shared). In the situations in which the relevant responsible operators are able to have influence and can set parameters for the data processing, we endeavor to ensure within the confines of the options available to us that the social media platform operator deals with the data in accordance with data protection law requirements. In many cases, however, the relevant responsible operators are unable to influence the way in which social media platform operators process data and also does not know exactly which data they process.
Platform operators operate the entire IT infrastructure of the service, have their own privacy policies and maintain their own user agreements with you (where you are a registered user of the social media service). The operator is also solely responsible for all questions relating to the data that makes up your user profile, which the responsible operators as companies have no access to.
You will find further information about the data processing performed by social media platform operators and your rights to object in the privacy policies of the operators.
The responsible operators process data on their social media sites for the purpose of providing information to users about services, promotions, prize draws, specific topics and latest company news, to interact with visitors to their social media sites on these topics, and to respond to relevant inquiries and positive or negative feedback.
The responsible operators merely reserve the right to delete content if it becomes necessary to do so. They may share their content on their site if this is one of the functions of the social media platform, and communicate with you through the social media platform. Article 6(1)(f) GDPR is the legal basis for this. The processing is carried out for the purpose of public relations work and communications. Operators of social media platforms have no ability to influence the responsible operators' processing of your data in connection with customer communications or prize draws.
As already mentioned, where social media platform operators give the responsible operators the option, they make sure they design their social media sites to be as compliant as possible with data protection laws.
The data entered by you on the responsible operators’ social media sites, such as comments, videos, images, likes, public messages, etc., is published by the social media platforms and is not used or processed by the responsible operator for other purposes at any time. The responsible operators merely reserve the right to delete unlawful content if it becomes necessary to do so. This would be the case, for example, for posts that infringe rights or violate the law, comments that incite hatred, offensive comments (sexually explicit content) or attachments (e.g., images or videos), which may be in violation of copyright laws, moral rights/rights of publicity or criminal law.
The responsible operators may share your content on their site if this is one of the functions of the social media platform, and communicate through the social media platform. If you post an inquiry on the social media platform, the responsible operator may also, depending on the required response, refer you to other more secure modes of communication that guarantee confidentiality. You always have the option of sending confidential inquiries to the responsible operator's postal address.
You are under no statutory or contractual obligation to provide personal data to the responsible operator. When you use their social media sites for purely informational purposes, the responsible operators do not collect any personal data. You can still visit the responsible operator’s sites even if you do not wish to provide it with any personal data, but you will not be able to use any enhanced features such as the news function and the function allowing you to post images or comments etc.
The responsible operator deletes or securely anonymizes all information it receives from you when you make inquiries no later than 90 days after the final response is sent to you. The information is retained for 90 days in case you contact SDL again after receiving a response from the responsible operator on the same matter and it needs to refer to our previous correspondence. Based on experience, we generally do not receive any questions concerning responses after 90 days. If you assert your rights as a data subject, your personal data will be stored for three years after the final response in order to document the fact that the responsible operators provided you with comprehensive information and that the legal requirements have been met.
All public posts that you put on the social media sites of the responsible operators remain in the timeline for an indefinite period, unless the responsible operators delete them as part of updating the information on the topic, they violate the law or breach their guidelines or policies, or you delete the post yourself. The responsible operators have no control over the deletion of your data by the operator itself. The privacy policy of the relevant operator therefore also applies in relation to the storage period.
In some cases, we and the operator of the social media service act as joint controllers as defined in Article 26(1) GDPR:
The responsible operators and the platform operator act as joint controllers with regard to the web tracking methods used by the social media platform operator. Web tracking can occur regardless of whether you are logged in or registered on the social media platform. As already explained, unfortunately the responsible operators have almost no control over the web tracking methods used by social media platforms. The responsible operators are unable, for example, to switch web tracking off.
The legal basis for the web tracking methods is Article 6(1)(f) GDPR. Optimizing social media platforms and the relevant fan pages is seen as a legitimate interest for the purpose of the above provision.
For further information about recipients and categories of recipients and the storage time/criteria for determining storage time, please refer to the privacy policies of the platform operators. The responsible operators do not have any control over this.
You will find information on the rights available to you to prevent these web tracking methods in the privacy policies of the platform operators. You can also contact the platform operators about this using the contact details provided in the legal notice section of their respective websites.
The responsible operators have only a very limited ability to influence and prevent the provision of statistics to them by social media platform operators. However, the responsible operators do ensure that they do not receive any additional optional statistics.
Please be aware that it is possible that social media platforms will use your profile and user behavior data in order to analyze, for example, your habits, personal relationships and preferences etc. The responsible operators have no control over the processing or disclosure of your data by social media platform operators.
As the operator of the TikTok Page, SCOS has access to the so-called TikTok Analytics. The TikTok Analytics are a non-derogable part of a TikTok Page and contain anonymized statistical data of users who have interacted with the TikTok Page of the SCOS and/or its content.
This data is collected with the help of so-called cookies, which are set by TikTok and each contain a unique user ID. TikTok processes the so-called "engagement data" to create TikTok Analytics. This may include some or all of the following:
Actions of persons: Viewing content provided by a TikTok account; liking content; commenting on or sharing content; clicking on areas within a TikTok account or its content (e.g., video anchor, account profile, app download); starting a communication with the TikTok account that provided the content.
Information about the actions, the people performing the actions and the browsers/apps used to perform them, such as date and time of action; viewing duration; country/city; age/gender group; user interests; user's device type; and source of content views (e.g., "For You" tab, "Follow" tab, search, etc.).
SCOS does not have access to this information collected by TikTok. As the operator of the TikTok Page, TikTok only provides SCOS with anonymized statistical analyses and reports on the information collected.
As the operator of the TikTok Page, SCOS is jointly responsible with TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland, for the collection of the information presented and its consolidation into anonymized analytics provided to SCOS by TikTok, so that it has concluded a joint responsibility agreement with TikTok. You can access this at https://www.tiktok.com/legal/page/global/tiktok-analytics-joint-controller-addendum/en A summary of the main contents of this agreement can be found at https://www.tiktok.com/legal/page/global/information-about-tiktok-analytics/en .
By collecting the collected data and aggregating it into anonymized statistics, SCOS aims to better understand site visitors and gain insights into what content on its TikTok Page is of interest to its audience. On the basis of Article 6(1)(f) GDPR, SCOS aims to tailor the content and its information offering to the needs of its visitors in the best possible way and to optimize it accordingly.
If you have any questions about the use of your data with regard to TikTok Analytics and/or wish to assert your data subject rights in this regard, you can contact TikTok directly: https://www.tiktok.com/legal/report/privacy . Alternatively, you can contact TikTok's data protection officer directly: https://www.tiktok.com/legal/report/DPO .
As the provider of the social network and the fact that SCOS, as the operator of the TikTok Page, does not have access to the data collected about you as part of TikTok Analytics, TikTok alone has direct access to the necessary information and can also immediately take any necessary measures and provide information. In this respect, you are requested to assert your rights directly against TikTok. Should you nevertheless require the support of SCOS, we will be happy to assist you.
We have embedded the Insight Tag from LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, on our website. When our website is accessed, data is forwarded to LinkedIn via a redirect. The following data can be forwarded:
LinkedIn can mark the end device you are using with a cookie and a unique identifier, or may read an existing cookie. If you are signed in to LinkedIn, this data can be used to display targeted advertising for us on the LinkedIn pages. We can also use this data to evaluate the success of our LinkedIn ads. The legal basis for storing the cookie and forwarding data to LinkedIn Ireland Unlimited Company is consent given pursuant to Article 6(1) sentence 1(a) GDPR.
Unlimited Company. For this reason, we have entered into a joint controller agreement with LinkedIn pursuant to Article 26 GDPR that determines the responsibilities for compliance with the obligations under the GDPR. Given the fact that we do not have access to the data collected about you in the context of the LinkedIn Insight Tag, LinkedIn alone has direct access to the necessary information and can also take any necessary action and provide information directly. In this respect, please contact LinkedIn directly to assert your rights as data subject regarding data processing in relation to the Insight Tag. Nevertheless, please feel free to contact us if you need our support.
With respect to using the LinkedIn Insight Tag, we cannot rule out LinkedIn also processing data in the US. To ensure an appropriate level of data protection in the event that data is transmitted outside of the EU, we have entered into the European Commission's standard contractual clauses with LinkedIn.
LinkedIn is responsible for the further processing and evaluation of the data collected. Further information about data privacy at LinkedIn in general and detailed information about how the data collected in the context of the Insight Tag is handled, such as the legal basis for data processing by LinkedIn, can be found in LinkedIn's privacy policy at: https://de.linkedin.com/legal/privacy-policy?trk=content_footer-privacy-policy. You can change your ad preferences here: https://www.linkedin.com/mypreferences/d/categories/ads.
We have integrated the Meta Pixel of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, on our website. When our website is accessed, data is forwarded to Meta via a redirect. The following data can be forwarded:
Meta can mark the end device you are using with a cookie and a unique identifier, or may read an existing cookie. If you are signed in to Facebook, this data can be used to display targeted advertising for us on the Facebook pages. We can also use this data to evaluate the success of our Facebook ads. The legal basis for storing the cookie and forwarding data to Meta Platforms Ireland Limited is consent given pursuant to Article 6(1) sentence 1(a) GDPR.
With respect to collecting and transmitting the above data, we are a joint controller together with Meta Platform Ireland Limited. For this reason, we have entered into a joint controller agreement with Meta pursuant to Article 26 GDPR that determines the responsibilities for compliance with the obligations under the GDPR. You may access this at https://www.facebook.com/legal/controller_addendum Meta has been appointed as the point of contact for queries from data subjects regarding data collected via the Meta Pixel. Therefore, we would ask you to contact Meta’s data protection officer directly for questions regarding your rights as a data subject: https://www.facebook.com/help/contact/540977946302970. Given the fact that we do not have access to the data collected about you through the Meta Pixel, Meta alone has direct access to the necessary information and can also take any necessary action and provide information directly. Should you nevertheless require our support, we will be happy to assist you.
With respect to using the Meta Pixel, we cannot rule out Meta also processing data in the US. Any transfer of your data to the US is done on the basis of an adequacy decision issued by the European Commission (https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_de).
Facebook is responsible for the further processing and evaluation of the data collected. Further information about data privacy at Meta in general and detailed information about how the data collected in the context of the Meta Pixel is handled, such as the legal basis for data processing by Meta, can be found in Meta's privacy policy at: https://www.facebook.com/about/privacyhttps://privacycenter.instagram.com/policy/
You can change your ad preferences here: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screenhttps://accountscenter.instagram.com/ad_preferences/
Under Article 15(1) GDPR, you have the right to obtain information, free of charge, on the personal data stored about you.
If the statutory requirements are met, you also have a right to rectification (Article 16 GDPR), erasure (Article 17 GDPR) and restriction of processing (Article 18 GDPR) of your personal data.
If the basis of processing is Article 6(1)(e) or (f) GDPR, you have a right to object under Article 21 GDPR. If you object to processing, your data will no longer be processed thereafter, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests of the data subject in the objection.
If you have provided the processed data yourself, you have a right to data portability under Article 20 GDPR.
If the data processing is carried out on the basis of consent granted under Article 6(1)(a) or Article 9(2)(a) GDPR, you may withdraw that consent at any time with effect for the future without this affecting the lawfulness of the previous processing.
In the above-mentioned cases, or if you have questions or complaints, please write to or e-mail the data protection officer. You also have a right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority located in the state in which you live or where the controller is domiciled has jurisdiction.
For further questions concerning the processing of your data or the exercise of your rights, please contact the data protection officer of the respective controller.
Schwarz Corporate Affairs GmbH & Co. KG
- Data protection officer -
Stiftsbergstraße 1
74172 Neckarsulm, Germany
datenschutz@mail.schwarz
Schwarz Corporate Solutions KG
- Data protection officer -
Stiftsbergstraße 1
74172 Neckarsulm, Germany
datenschutz@mail.schwarz