Logistics throughout Europe

And at your door.
Wherever you need us.

Privacy policy

Responsible person

Schäflein AG
Am Etzberg 7
97520 Röthlein
Email: info@schaeflein.de
Link to the masthead: www.schaeflein.de/en/masthead.html
Contact to the Data Protection Officer: datenschutzbeauftragter@schaeflein.de

Types of data processed

  • Inventory data, e.g., name, address
  • Contact data, e.g., emails, telephone numbers
  • Content data, e.g., text entries, photographs, videos
  • Usage data, e.g., websites visited, certain interest in content, access times of the user
  • Meta/communications data, e.g., information about equipment, IP addresses


Categories of data subjects

In general, we refer in the following to users of as well as visitors to our online range as “users”.


Purpose of processing

The purpose of processing is to make our online range, its functions and content available, to answer contact enquiries and to communicate with customers. Furthermore, it is necessary for security reasons and to measure our coverage/marketing.


The terms we use

“Personal data”: refers to identified or identifiable natural persons (hereinafter also described as “data subjects”). A natural person in this sense is identifiable who can be identified directly or indirectly, in particular by allocation to an identifier, e.g. a name, an identification number, specific location data, an online ID (cookies), or one or more special characteristics, which are an expression of the genetic, psychological, economic, cultural, physical physiological or social identity of these natural persons.

“Processing” is any procedure carried out with and without the help of automated processes. This also includes every series of operations which is associated with personal data. This aspect is therefore very far-reaching and covers almost every type of data handling.

Natural or legal persons, public authorities, facilities or other bodies which alone or together with others decide on the intentions and means of processing personal data are described as “responsible persons“.


Relevant legal basis

We wish to inform you about the legal bases of our data processing according to the stipulations of Article 13 of the GDPR. If the legal basis is not mentioned in the data privacy policy, the following shall apply:

  • Legal basis for the procurement of consent: Article 6 para. 1 lit. a and Article 7 GDPR
  • Legal basis for processing in order to fulfil our performance and to carry out contractual requirements and to answer enquiries: Article. 6 para. 1 lit. b GDPR
  • Legal basis for processing in order to fulfil our legal duties: Article 6 para. 1 lit. c GDPR
  • Legal basis for processing in order to protect our legitimate interests: Article 6 para. 1 lit. f GDPR
  • The following Article serves as the legal basis in case a vital interest of the data subject or another natural person makes the processing of personal data necessary: Article 6 para. 1 lit. d GDPR


Security measures

According to the provisions of Article 32 GDPR, we take suitable technical and organisational measures in order to ensure an appropriate security level, taking into account the current state of the art of technology, the implementation costs and the type, scope, circumstances and the purpose of processing as well as the different likelihood of their occurrence and the severity of risk for the rights and freedoms of natural persons.

These measures include in particular those which safeguard confidentiality, integrity and availability of data by controlling physical access to data, as well as measures which concern access, data entry, further transmission, safeguarding of availability and the separation of data, respectively. Furthermore, we have set up procedures which ensure that the rights of individuals affected, the deletion of data and reaction to its endangerment are perceived. Furthermore, we take the protection of personal data already into account during the development phase and/or the selection of hardware, software as well as procedures, according to data privacy principles which use the appropriate technical design and default privacy settings (Article 25 GDPR).


Cooperation with data processors and third parties

If we reveal data to others in connection with our processing, such as persons or companies, i.e. contract processors or third parties, or we permit the transfer of data to these persons or companies or otherwise allow access to the data, this shall only take place in connection with a legal permit, such as for example if a transfer of data to third parties is necessary, i.e. as for example in the case of a payment service provider, in accordance with Article 6 para 1 lit. b GDPR, if you have given your consent, a legal obligation requires this or because of our legitimate interests, for example, when using agents, webhosts, etc.

If we commission third parties with data processing on the basis of a so-called “contract processing agreement”, this shall take place according to Article 28 GDPR.


Transfers to third world countries

If we process data in a third world country, i.e. outside of the European Union (EU) or the European Economic Area (EEA) or if this is the case in the context of third party use or disclosure and/or transfer of data to third parties, this shall only take place in order to fulfil our (pre)contractual obligations if you have given your consent, a legal obligation requires this or on the basis of our legitimate interests. We only have data processed in a third world country if the special conditions of Article 44 ff. GDPR are satisfied subject to legal or contractual permits. This means, for example, that processing is carried out based on specific guarantees, such as one of the officially recognised levels of data protection in the EU (e.g. through the “Privacy Shield” for the USS), or is carried out observing the officially recognised special contractual obligations (“standard contractual clauses”).


Rights of data subjects

Article 15 GDPR states that you have the right to ask for confirmation as to whether the data in question is being processed and that you will receive information about this data, further information and copies of the data.

According to Article 16 GDPR, you have the right to demand the completion of the data that concerns you or the rectification of data that is not correct.

According to Article 17 GDPR, you have the right to have the data in question deleted immediately or, as an alternative, to request a restriction of data processing under Article 18 GDPR.

According to Article 20 GDPR, you are entitled to receive and request the relevant data that you have provided to us.

In addition, you have the right according to Article 77 GDPR to lodge a complaint with the competent supervisory authority.

Right to withdraw

According to Article 7 para. 3 GDPR, you have the right to withdraw your consent, which may have already been granted, also with effect for the future.

Right of appeal

According to Article 21 GDPR, you have the right to appeal against the dissemination of your data in the future. In particular, this may take place by objecting to processing for the purposes of direct marketing.


Cookies and the right to appeal to direct advertising

Small data files which are stored on the user’s PC are called “cookies”. These allow the storage of various types of information. Cookies are used to store information about a user and/or the device on which the cookie is stored during the visit to the website. If cookies are deleted after a visitor leaves the website and closes his browser, they are called temporary cookies and/or “session cookies” or “transient cookies”. Such cookies can, for example, store the shopping cart content of an online shop or a login status. On the other hand, “permanent” and/or “persistent” cookies are those which remain stored after the browser has been closed if the user visits the site again after several days. In addition, cookies make it possible to store the interests of the user, which can be used for measurement of coverage and/or for marketing purposes. So-called “third party cookies” are those which are provided by providers other than the persons responsible for operating the online offer. If this refers only to their cookies, they are called “first-party cookies”.

Since we have both temporary and permanent cookies in use, we will inform you about this accordingly as part of our privacy policy.

If users do not wish that cookies are stored on their computers, they will be asked to deactivate the corresponding option in their browser system settings. It is also possible to delete the stored cookies in the system settings of the browser. It should be noted that the deactivation of cookies may lead to functional limitations of the online offer.

If users generally wish to object to the use of cookies as a result of online marketing, it is possible to do this by using several of the services which are offered, especially in the case of tracking, via the US website http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/ . Besides this, as already mentioned, the storage of cookies in the browser settings can be deactivated at any time. It should be noted, however, that quite possibly not all functions of the online offer may still be available.


Deletion of data

According to Articles 17 and 18 GDPR, data which are processed by us may be deleted or restricted in its further processing. User data stored by us are deleted, unless expressly stated otherwise in this privacy policy, as soon as they are no longer necessary for their actually intended purpose and, in addition, there exists no need or legally required retention provision regarding deletion. If the data is required for other purposes which are legally permissible, these are processed in a restricted way and not deleted. This means that the data will be blocked and will not be processed for any other purpose. This applies for certain data, for example, which has to be retained for commercial or fiscal reasons.

Legal requirements for data retention in Germany:

6 years in accordance with Article 257 para. 1 HGB:

  • Trading accounts, inventories, opening balance sheets, annual financial statements, commercial correspondence, accounting receipts, etc.

10 years in accordance with Article 147 para. 1 AO:

  • Accounts, records, management reports, accounting receipts, commercial and business correspondence, documents relevant for taxation purposes, etc.

Legal requirements for data retention in Austria:

7 years in accordance with Article 132 para. 1 HGB:

  • Bookkeeping records, receipts/invoices, accounts, receipts, commercial papers, income and expenses statements, etc.

22 years in connection with property and 10 years for documents in connection with electronically provided services, telecommunications, broadcasting and television services, which were provided to non-entrepreneurs in the EU Member States and for which the Mini- One-Stop-Shop (MOSS) is used.


Business-related processing

We also process the following data:

  • Contract data, such as the subject and term of the contract, customer category
  • Payment data, such as bank account details, payment history
  • services and customer care, marketing, advertising and market research of our customers, interested parties and business partners on account of contractually agreed services


Hosting services

We use hosting services for the following:

  • Infrastructure and platform services
  • Computing capacity
  • Memory space and database services
  • Security services
  • Technical maintenance services for the provision of the online range of operations

According to Article 6 para. 1 lit. f GDPR in connection with Article 28 GDPR (conclusion of a contract processing agreement), we or our hosting provider process usage data, content data, contract data, contact information, inventory data, metadata and communications data of interested parties, customers and guests of our online services in an effective and secure manner for the provision of our online offer based on our legitimate interests.


Collection of access data and log files

We and/or our hosting provider collect data about any type of access to the server on which this service can be found (server log files) based on our legitimate interests. This is done in accordance with Article 6 para. 1 lit. f. GDPR. This includes the name of the website visited, the date and time of the call, the file, the amount of data transferred to it, the message about a successful call up, the user’s operating system, the previously visited website, the browser type version, the requesting provider and the IP address. For security reasons, such as for the investigation of abuse or fraud, log file information is stored for a maximum of seven days and then deleted. In doing so, certain data, which must be stored for evidential purposes are excluded from deletion up to the final clarification of the incident.


Provision of contractual services

Inventory data, such as names and addresses, as well as the contact information of users, contract data, such as the services used, names of contact persons, payment information, are processed by us. This takes place in order to fulfil our contractual obligations and services in accordance with Article 6 para. 1 lit. b. GDPR. All entries marked in the online forms are required for concluding the contract.

If you use our online services, we store the IP address and the time of the respective user action. This is due to our legitimate interests as well as that of the users, as they are protected from abuse and other unauthorised use. The disclosure of the data to third parties does not occur unless this is necessary for the pursuance of our claims or there is a legal obligation in accordance with Article 6 para. 1 lit. c GDPR.

Usage data, for example, such as the visited websites of our online offer or the interest in our products, and content data, such as entries in a contact form or the user profile, are processed by us in a user profile for advertising purposes, so that product information, for example, can be faded in for the user on the basis of his previously used services.

In this case, the deletion of data takes place after expiration of the legal warranty period and comparable obligations. In addition, a check is made every three years of whether storage is still required. In the case of legal archiving requirements, deletion takes place after they have expired. Until then, these details remain in the customer account.


Administration, financial accounting, office organisation, contact management

We process data in connection with administrative tasks and the organisation of our company as well as with financial accounting and compliance with legal obligations, such as archiving. In doing so, the same data are processed which we processed in association with our contractual services. The bases for this are Article 6. Para. 1 lit. c. GDPR and Article 6 para. 1 lit. f. GDPR. The following individuals are affected by processing: customers, interested parties, business partners and visitors to our homepage. Processing is used for the administration, financial accounting, office organisation, archiving of data, i.e. tasks that serve the maintenance of our business activities, performance of our tasks and the provision of our services. Data deletion in terms of contractual performance and contractual communication is consistent with the information provided in these processing activities. In doing so, we transfer or submit data to the tax authorities or consultants, such as a tax accountant or auditor, as well as other fee-collecting agents and payment service providers. In addition, details concerning suppliers, promoters, and other business partners are processed, for example, due to later contact being made based on our business interests. We generally store such predominantly company-related data on a permanent basis.


Business analysis and market research

In order to conduct our business economically, to identify market trends as well as to establish customer and user preferences, we examine the data which is available to us based on business transactions, contracts, enquiries, etc. We process inventory data, communications data, contract data, payment data, usage data and metadata according to Article 6 para. 1 lit. f. GDPR. These include customers, interested parties, business partners, visitors and users of our online offer.

In this respect, the investigations serve the purpose of making business assessments, marketing and market research. In this way, it is possible for us to take into account the profiles of registered users with details, for example, about their purchasing transactions. These investigations serve to increase user-friendliness, the optimisation of our offer as well as the economic efficiency of our business. In addition, they serve us alone and are not disclosed externally, in case this does not involve an anonymous analysis with summarised values.

In the event that these investigations involve personal analyses or profiles, these will either be deleted or anonymised by us upon termination of the users, otherwise after two years from the conclusion of the contract. Furthermore, we will create the overall business analysis and determine the general tendency anonymously, if possible.


Privacy policy in job applications

Applicant data will be processed by us exclusively for the intended purpose and as part of our application procedure under the legal requirements. According to Article 6 para. 1 lit. b GDPR and Article 6 para. 1 lit. f GDPR, data about job applicants is processed to fulfil our (pre)contractual duties as part of the application process, provided that data processing will be necessary for us in the context of legal proceedings, for example. In Germany, Article 26 BDSG applies as a matter of principle.

A prerequisite for the application process is that applicants provide us with their application data. The application data needed is marked in the case that we offer an on-line form for the application. Otherwise, the required data is specified in the job advertisements. This generally includes personal information, postal and contact addresses as well as the application documents of the applicant, such as the covering letter, CV and certificates. It is also possible that applicants will voluntarily provide us with additional information.

If the application is sent to us, the respective applicants shall declare themselves in agreement with the processing of their data for purposes of our application process, corresponding to the manner and the scope described in this Privacy Policy.

If special categories of personal data pursuant to Article 9 para. 1 GDPR are voluntarily communicated in the context of the application process, processing is also carried out in accordance with Article 9 para. 2 lit. GDPR, such as health data, for example, disablement or ethnic origin. If particular categories of personal data are required as part of the application process for applicants in accordance with Article 9 para. 1 GDPR, their processing also takes place pursuant to Article 9 para. 2 lit. a GDPR, for example, in the case of health data, if this is required to perform the job in question.

If available, it is possible for applicants to submit their applications online using the online form on our website. The data will be transmitted to us encrypted according to technical standards. It is also possible for applicants to send us their applications by email. It should be noted, however, that emails are generally not sent in encrypted form and applicants must therefore provide encryption themselves. Therefore, it is not possible for us to take responsibility for the transmission of the respective application between the sender and the recipient, and/or our server. That is why we recommend that you choose the online form or the postal route to send your application, which is still available to our applicants.

It is possible for us to process all the data provided to us by applicants in the event of a successful application for employment purposes. If an application for a position is not successful, the applicant data will be deleted by us. If an applicant withdraws his/her application, which is possible at any time, the data shall also be deleted.

The deletion of data, assuming a justified withdrawal by the applicant, shall take place after an expiry period of six months. This serves to enable us to answer potential follow-up questions regarding the respective application, as well as to fulfil our obligation to provide evidence under the Equal Opportunities Act. All invoices for possible reimbursements of travel expenses are archived in accordance with fiscal provisions.


Making contact

You can contact us, for example, using the contact form, by email, telephone or social media, in accordance with Article 6 para. 1 lit. b GDPR; we use the information about the user to process contact enquiries and their handling. In doing so, it is possible to save the information about users in a Customer Relationship Management System (“CRM System”). Once the information is no longer necessary, we will delete it and re-check the necessity every two years. The legal archiving requirements shall apply.



In the following we provide you with information about the content of our Newsletter, the registration, dispatch and the statistical evaluation procedures as well as the right to object. By signing up for our Newsletter, you declare your willingness to receive our Newsletter and are in agreement with the previously described procedure.

The content of our Newsletter: We only send Newsletters, emails and other promotional electronic forms of notification to recipients, from whom we have previously received their consent or where the statutory permission has been granted. If the content of the Newsletter should be specifically revised as part of a registration, this shall be decisive for the consent of the user. Furthermore, our Newsletter provides information about our services and ourselves.

Double opt-in and logging: Our Newsletter registration is carried out in a so-called double opt-in procedure. This means that you will receive an email after the registration for our Newsletter, in which you will be asked to confirm this once again. This procedure is necessary so that nobody is able to register with a third-party email address. In order to verify that this registration has fulfilled the legal requirements, all Newsletter entries are logged. This includes the storage of the points in time of registration and confirmation as well as the IP address. In addition, changes to your stored data are logged with the shipping service provider.

Registration data: If you sign up for our Newsletter, all we need is your email address. In order to be able to address you personally, we ask you to provide your name optionally.

Germany: The dispatch of our Newsletter and the associated measurement of success are made on the basis of consent granted by the recipient pursuant to Article 6 para. 1 lit. a, Article 7 GDPR in connection with Article 7 para. 2 No. 3 UWG and/or on the basis of the statutory permission pursuant to Article 7 para. 3 UWG.

The registration process for our Newsletter is logged on the basis of our legitimate interests according to Article 6 para. 1 lit. f GDPR. In this respect, our attention is focussed on a user-friendly as well as secure Newsletter system, which on the one hand serves our business interests and on the other also corresponds to the expectations of our users and grants us verification of approved consent.

Giving notice/right to object: You may terminate and/or revoke your given consent to our Newsletter at any time. At the end of our Newsletter you will always find a link with which it is possible to cancel the Newsletter. In order to be able to verify consent which has since lapsed, we are permitted to store the deleted email address up to three years on the basis of our legitimate interests. The processing of this data is limited according to its purpose as a possible defence against claims. If the former existence has been confirmed by the recipient, it is also possible to carry out an individual deletion request.

Newsletter dispatch service provider: The dispatch of the Newsletter is performed using the dispatch service provider Newsletter2Go GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. You can view the data protection provision of the dispatch service provider here: https://www.newsletter2go.co.uk/data-protection/. The dispatch service provider is used on the basis of our legitimate interests acc. to Article 6 Abs. 1 lit. f. GDPR and an order processing agreement pursuant Art. 28 para. 3 p. 1 GDPR.
The dispatch service provider is able to use the data of the recipient in pseudonymised form, i.e. without allocation to a user, for the optimisation or improvement of his own services, e.g. for technical optimisation of dispatch and to present the Newsletter or for statistical purposes. The dispatch service provider, however, does not use the data about Newsletter recipients in order to write to them directly or to pass on the data to third parties.

Newsletter measurement of success: Our Newsletters contain a so-called „web-beacon“, i.e. a pixel-sized file, which either is recalled upon opening by our server or by the server of the dispatch service provider. In doing so, technical information is compiled, such as that about the browser and the system, for example, as well as the IP address and the point in time the information was recalled. This is used for the technical optimisation of services with the help of the technical data or used by the target groups and their reading behaviour, based on the retrieval locations (determined by the IP address) or access times. Further statistical analysis includes the determination whether the Newsletter was opened, when it was mostly opened and which links were clicked in the Newsletter. Although this can be assigned to the respective recipient, it is neither our aspiration nor that of the service provider to observe individual recipients. On the contrary, it is our objective to use these evaluations to improve our Newsletter, in that we are able to recognise the reading habits of recipients and adapt the content of our Newsletter accordingly or send specific content.


Google Analytics

On the basis of our legitimate interests, i.e. the interest in the analysis, optimisation and economic operation of our online range within the meaning of Article 6 para. 1 lit. f. GDPR we use Google Analytics, a web analytical service of Google LLC (“Google”). Google also uses cookies. Information about the use of the online range by the user, which was generated by the cookie, is usually transmitted to a Google server in the USA, where it is also stored. Google is also certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google will use this information for the following purposes: evaluating the use of our online range by users, compiling reports on activities within this online offering, providing other services related to the use of this online offering and internet usage. It is possible that pseudonymous usage profiles of users are created from the processed data, however, we only use Google Analytics with activated IP anonymisation. This means that the IP address of the Google user will be truncated within the Member States of the European Union or in other contracting states to the Agreement in the European Economic Area. Only in exceptional cases is it possible that the full IP address is transmitted to a Google server in the USA and will only be truncated there. The transmitted IP address of the user of the browser will not be combined with other data provided by Google. It is possible that users can prevent cookies from being stored by a specific setting of their browser software. In addition, users may prevent the collection of data generated by the cookie relating to the use of the online offer to Google as well as the processing of this data by Google. For this purpose, you must first download the browser plug-in which is available under the following link and then install it on your PC: https://tools.google.com/dlpage/gaoptout?hl=en. The following Google websites will tell you more about Google’s data usage, settings and possibilities to make an appeal https://www.google.com/intl/en/policies/privacy/partners (“Google’s use of data when you use websites or apps of our partners”), http://www.google.com/policies/technologies/ads (“Use of data for promotional purposes”) and http://www.google.com/settings/ads (“Management of information which Google uses to blend in advertising for you”).

The personal data of users are deleted or anonymised after 14 months.

Click here to be excluded from Google Analytics measurement.


Google Tag Manager

Google Tag Manager is a solution that allows us to manage so-called website tags through a single interface (including the integration of Google Analytics, for example, and other Google marketing services into our online offering). The tag manager itself (which implements the tags) does not process any personal data of users. With regard to the processing of personal data of users, reference is made to the following information about Google services. Usage Policy: https://www.google.com/intl/de/tagmanager/use-policy.html.


Use of Google Adwords conversion tracking

We use the “Google AdWords” online advertising service and conversion tracking as part of Google AdWords. Google conversion tracking is an analytics service provided by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). When you click on an ad delivered by Google a cookie is set on your computer for conversion tracking. These cookies lose their validity after 30 days, they do not contain any personal data and therefore are not used for personal identification. If you visit certain Internet pages on our website and the cookie has not expired yet, Google and we can see that you clicked on the ad and were forwarded to this page. Every Google AdWords customer receives a different cookie. As a result, there is no possibility of cookies being able to be tracked via the AdWords customer websites. The information that is obtained using the conversion cookie is used to produce conversion statistics for AdWords customers who have chosen conversion tracking. With this the customers find out the total number of users who clicked on their ad and were forwarded to a page with a conversion tracking tag. However, they do not receive any information that allows for the user to be personally identified. If you do not want to take part in tracking you can object to its use by preventing the installation of cookies by adjusting your browser software settings accordingly (deactivation option). You will not be included in the conversion tracking statistics then. You can find more detailed information and the Google data privacy policy at:  http://www.google.com/policies/technologies/ads/ and http://www.google.de/policies/privacy/


Google Adwords Remarketing

We also use the Google program for interest-related advertising called Google Remarketing. Third parties, including Google, place ads on websites and use stored cookies based on a user’s previous visit to this website for this. You can also deactivate the use of cookies by Google for this purpose by opening the page to deactivate Google advertising. Alternatively, users can deactivate the use of cookies by third parties by opening the Network Advertising Initiative deactivation page. By using sprintbox.de, you agree that the data about you collected by Google may be processed as described above and for the purpose described above. We would like to point out that Google has its own data privacy policies that are independent from those on the sprintbox.de website. We do not accept any responsibility or liability for these policies and procedures. Please read the Google data privacy provisions before using our website.


Facebook Pixel

Our website measures conversions using visitor action pixels from Facebook, Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).

These allow the behavior of site visitors to be tracked after they click on a Facebook ad to reach the provider’s website. This allows an analysis of the effectiveness of Facebook advertisements for statistical and market research purposes and their future optimization.

The data collected is anonymous to us as operators of this website and we cannot use it to draw any conclusions about our users’ identities. However, the data are stored and processed by Facebook, which may make a connection to your Facebook profile and which may use the data for its own advertising purposes, as stipulated in the Facebook privacy policy. This will allow Facebook to display ads both on Facebook and on third-party sites. We have no control over how this data is used.

Check out Facebook’s privacy policy to learn more about protecting your privacy: https://www.facebook.com/about/privacy/.

You can also deactivate the custom audiences remarketing feature in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. You will first need to log into Facebook.

If you do not have a Facebook account, you can opt out of usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.



This website uses Hotjar, a web analytics service provided by Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe.

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience.  

Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

Check out Hotjar’s privacy policy to learn more about protecting your privacy: https://www.facebook.com/about/privacy/.

Furthermore you can prevent Hotjar`s collection and use of data by downloading and installing the cookie available under https://www.hotjar.com/opt-out.


Online presence in social media

We maintain our online presence within social networks and platforms in order to communicate with active customers, interested parties and users and to inform them about our services, respectively.

We wish to point out that the data of users may be processed outside the areas of the European Union. This can lead to risks for the user as, for example, the assertion of rights of the user could be hampered. With regard to US providers who are certified under the Privacy Shield, we wish to point out that they are obliged to the comply with the data privacy standards of the EU.

Furthermore, the data of users is normally processed for market research and promotional purposes. In this way, user profiles can be created, e.g. from the usage behaviour and the associated interests of the user which result. The user profiles can then be used in order e.g. to place advertisements within and outside the platforms, which presumably correspond to the interests of users. For this purpose, cookies are stored as a rule on the computers of users, in which the usage characteristics and the interests of these users are saved. Furthermore, data can also be stored in the user profiles independently of the equipment used by the user (in particular if the user is a member of the respective platform and is logged into it).

The processing of personal data of the user is carried out on the basis of our legitimate interests in having effective information about the user and communication with the user pursuant to Article 6 para. 1 lit. f. GDPR. In case users are requested to give their consent to data processing by the respective providers (i.e. by declaring their consent, for example, by checking a box or activating a button), the legal basis of processing shall be Article 6 para. 1 lit. a., Article 7 GDPR.

For a detailed presentation of the respective processing and the possibilities to object (opt-out), we refer to the following details linked to the provider.

Also, in the case of inquiries for information and the assertion of user rights, we wish to point out that these can be asserted most effectively through the providers. Only providers have the respective access to the data of users and are able to take the corresponding measures directly and provide information. If you should nevertheless require help, please contact us.

– Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Data Privacy Statement: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

– Xing (XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany) – Data Privacy Statement / Opt-Out: https://privacy.xing.com/en/privacy-policy.


Integration of services and content of third parties

On the basis of our legitimate interests, in other words to investigate, improve and operate our online range economically in accordance with Article 6 para. 1 lit. f. GDPR, we use third-party content or service offerings within our online range to provide content and services, such as the inclusion of videos or fonts, which are collectively referred to hereafter as “content”. It is always assumed that third-party providers of content are aware of the IP address of the users, because it is not possible to send this content to their browser without an IP address. Thus, the IP address is necessary for presenting content. We always strive to use only content whose providers use the IP addresses solely for content provision. It is possible that third parties may use so-called pixel tags, i.e. invisible graphics, also referred to as web beacons, for statistical or marketing purposes. Through these pixel tags, it is possible to evaluate information, such as for example, visitor traffic to individual pages of this website. It is possible to save this pseudonymous information in cookies on the end device of the user. In addition, this may include, but is not limited to technical information about the browser and the operating system, referring websites, visiting times, and other information regarding the use of our online offer, as well as such information which is linked from other sources.


Changes to the provisions of our privacy policy

We therefore ask you to inform yourself continuously about the content of our privacy policy. If it is necessary for us to edit the changes of the data processing operations carried out by us, we shall adapt the privacy statements accordingly. As soon as consent on your part or another individual notification is required, we shall inform you about this.


Parts of the privacy policy were kindly provided by legal counsel RA Dr. Thomas Schwenke .

Do you have any questions or would you like more information? We’ll be pleased to help.

Just give us a call or write to us. We look forward to hearing from you.

Schäflein AG

Am Etzberg 7

97520 Röthlein

phone: +49 (0) 9723 9069-0

fax: +49 (0) 9723 9069-150

email: info@schaeflein.de