We are pleased about your interest in the Schaeffler Group (Schaeffler AG and affiliated companies) and our products. The protection of your privacy when using our online offer is very important for us. If personal data is processed, we observe the applicable data protection laws.
I. General information about data processing
1. Scope and purpose of processing of personal data
In principle, we collect and use your personal data only insofar as it is necessary to provide a functional website as well as our content and services offered on the website. Your personal data is regularly collected and used only after your consent. An exception to this applies in cases where the processing of the data is permitted by law.
2. Legal basis for data processing
Processing of your personal data is based on the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
If you have given your consent to the processing of personal data for specific purposes, the legal basis for processing of personal data is Art. 6 (1)(a)GDPR. You can withdraw your consent at any time. Please remember that the withdrawal is only effective for the future. Processing based on consent before its withdrawal is not affected.
If processing is necessary for the purposes of the legitimate interests pursued by Schaeffler or by a third party (e.g. to establish or defend legal claims; to ensure IT security; to prevent crimes; to conduct business and to further develop services and products) and if your interests, fundamental rights and freedoms as data subject do not override the aforementioned interest, Art. 6 (1)(f)GDPR serves as the legal basis for processing.
3. Data erasure and retention period
We process and store your personal data for as long as this is necessary to satisfy the respective purpose. In addition, such storage may take place in order to comply with a legal obligation by Union or Member State law, regulation or other provision to which we as controller are subject. If the data is no longer necessary or if a retention period prescribed by the aforementioned laws has expired, your data will be erased on a regular basis.
4. Access to personal data within the Schaeffler Group and by third parties
Within the Schaeffler Group, those entities gain access to your data who require it as a part of “least privilege” (assignment of user rights to the lowest possible extent) and the “need-to-know” principle (knowledge of data only if necessary).
We may only transfer data to third parties outside the Schaeffler Group if this is necessary, if statutory provision so requires, if you have given your consent or if any commissioned processors have agreed to comply with the requirements of the GDPR and the BDSG.
Under these conditions, recipients of personal data may be: competent internal specialist departments and external service providers, if necessary.
5. Transfer of personal data to a third country or to an international organisation
A transfer of data to countries outside the EU/EEA (so-called third countries) will only take place as it is necessary or required by law, you have given your consent or as part of data processing by a processor. If service providers in third countries are deployed, in addition to written instructions, they are required to comply with data protection standards in Europe by agreeing on the EU standard contractual clauses.
6. IT security and links to third party websites
The Schaeffler Group uses technical and organisational security measures to protect your data that we manage against accidental or intentional destruction, manipulation, loss or access by unauthorised persons. These safeguards are constantly being developed in accordance with the respective new technical possibilities.
7. Obligation to provide personal data
While entering into a contract, you must provide the personal data that is necessary to establish, implement and terminate the contract and to satisfy the resulting duties or that Schaeffler must collect due to legal provisions. Without these data no contract with Schaeffler can be concluded.
If we provide you with offers and services on this website that you can voluntarily use, there is no duty to provide your data to us, but without your personal data, you may not be able to use our offers and services.
8. “Profiling” and automated decision-making
We do not use fully automated decision-making pursuant to Art. 22 GDPR. Schaeffler basically does not use “profiling”. If we use it in individual cases, we will inform you about this separately, if it is required by law and – if necessary - obtain your prior consent.
9. Sources of your personal data
We use data that we receive from you. If you are an employee of the Schaeffler Group, we receive your data from the user administration system.
II. Data processing for the provision of the website and the creation of log files
By default, when you visit our website, our web servers obtain and collect the name of your Internet service provider, your IP address, the website from which you are visiting us, the websites you visit on our website, and the date and duration of the visit. This data is stored in the log files of our systems. However, the use of the IP address is limited to the technically necessary extent and is abbreviated and therefore used only anonymously, so that it is not possible to assign the IP address to a user. The data is not merged with personal data.
The legal basis for the temporary storage of data is Art. 6 (1)(f)GDPR.
The temporary storage of the abbreviated IP address by our systems is technically necessary to display the website to your terminal device. Storage in log files is done to ensure the functionality of the website. Data is not being analysed for marketing purposes in this context. For these purposes, we have legitimate interest in processing of data according to Art. 6 (1)(f)GDPR.
The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Therefore, there is no possibility for you as a user to object to such processing.
III. Data processing in respect of services offered on the website
On our website various services are offered, for the use of which we request personal data from you. In this context, it is always optional for you to provide us with personal data.
1. Website registration and login
You need to register in order to be able to use the website offerings. For this, we require the following data from you: title, first name, last name, e-mail address, and the purpose of registration. Once your password has been created, you can use the offerings on the website. You can then add other data such as contact details and address data to your profile.
Registration is not required for employees of the Schaeffler Group.
2. Use of our contact and request forms
The website has contact and request forms that can be used to contact us electronically.
To use the contact forms, you must fill mandatory information in the respective input mask marked by an asterisk (e.g. your e-mail address). All other information is optional for you. This personal data will be sent to a department of our company that is responsible for processing and stored in our systems. At the time of sending your message, the date and time of the entry will be saved. We will obtain your consent for processing of the data during the inquiry process.
The data filled in the input mask will be used exclusively to process your inquiry.
The legal basis for the processing of your personal data is Art. 6 (1)(a)GDPR.
The data will be erased as soon as the communication process is completed.
You have the right withdraw your consent to the processing of personal data at any time to by sending an e-mail to firstname.lastname@example.org. In this case, all personal data stored as part of the contact will be deleted with effect for the future. Depending on the time of your withdrawal, we may not be able to answer your request.
The legal basis for the processing of personal data using cookies is Art. 6(1)(f)GDPR.
V. Your rights as data subject
If your personal data is being processed, you are the data subject pursuant to the GDPR and you have the following rights:
1. Right of access (Art. 15 GDPR)
Upon request you can obtain from us confirmation from us as to whether or not your personal data is being processed by us. If this is the case, you can request us to give you access to the information provided for by law (see Art. 15 (1)GDPR). We will also notify you of appropriate safeguards pursuant to Art. 46 GDPR in the context of data transfer, in case your personal data is being transferred to a third country or to an international organisation. There are restrictions according to Sections 34 and 35 BDSG.
2. Right to rectification (Art. 16 GDPR)
You have a right to rectification and/or completion if the processed personal data is inaccurate or incomplete. We have to rectify the data without due delay.
3. Right to restriction of processing (Art. 18 GDPR)
Provided that the legal requirements are met (see Art. 18 (1)GDPR), you have the right to restrict processing of your personal data. For consequences of the restrictions please refer to Art. 18(2) and (3) GDPR .
4. Right to erasure (Art. 17 GDPR)
You have the right to demand from us erasure of your personal data without undue delay, and we are obliged to immediately erase this data if any of the reasons pursuant to Art. 17 (1)GDPR applies. The right to erasure does not apply in cases of Art. 17 (3)GDPR. Furthermore, there are restrictions pursuant to Sections 34 and 35 BDSG.
5. Right to notification
If you have exercised your right to rectification, erasure, or restriction of processing, we are obliged to notify each recipient to whom the personal data have been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. We have to inform you about those recipients upon your request.
6. Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format. For details please refer to Art. 20 GDPR.
7. Right to object (Art. 21 GDPR)
You have the right to object at any time to the processing of your personal data that is based on Art. 6 (1)(e) or (f)GDPR on grounds relating to your particular situation. Further details can be found in Art. 21 GDPR.
In addition, you have a right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR in conjunction with Section 19 BDSG.
VI. Name and contact details of the controller
Schaeffler Technologies AG & Co. KG
Telephone: +49 9132 82-1476
Fax: +49 9132 82-5901
VII. Contact details of the data protection officer
Schaeffler Technologies AG & Co. KG
Data Protection Officer
Telephone: +49 9132 82-1476
Fax: +49 9132 82-5901
Status: Version 1.0, 08.05.2018