Notification about the protection of your personal data – information obligation in accordance to Article 13 DS-GVO

We want to use the commencement of the European Data Protection General Order (DS-GVO) as an opportunity to inform you about our usage of your data as well as your personal rights.
For this purpose we have compiled the following information:  

1.    Person responsible for data handling

Aufzugswerke Schmitt + Sohn GmbH & Co KG.
Hadermühle 9-15
90402 Nürnberg
Phone: + 49 (911) 24 04-0

Data protection officer:
Mr. Thomas Brunner

2.    Purpose and legal basis of the data processing

We process your personal data with due regard to the EU Data Protection Regula-tion (DS-GVO), the Federal Data Protection Law (BDSG-neu) as well as all other relevant laws read in conjunction with Article 6 DS-GVO.
Your personal data are being processed for various reasons and include different information, depending on the nature of the business relation:

Clients: Data will be stored on commission and in accordance to Art. 6, para. 1 sentence 1 lit. a and b DS-GVO solely for the mentioned purposes in relation to the appropriate processing of the order and as is necessary to the mutual fulfill-ment of obligations resulting from the customers contract.

Interested parties: Data will be stored in accordance to Art. 6 para. 1 sentence 1 lit. a DS-GVO for the purpose of contacting the interested party. The stored data consist of information that has been passed on for this purpose (i.e.: e-mail-address).
Job-applicants: As part of your application you will provide data that you consider necessary for this purpose. This data will be processed by us for further use. This processing takes place regardless of the form of your application (i.e.: written, electronically, online upload, etc.) and is based on Art. 6 para. 1 sentence 1 lit. a DS-GVO.

External service providers: Data storage takes place on the basis of a commission between the contractor and the client. The stored information only consists of data necessary to the fulfillment of the contract according to Art. 6 para. 1 sen-tence1 lit. b DS-GVO.

Suppliers: Data storage takes place on the basis of a commission pursuant to Art. 6 para. 1 sentence 1 lit. b. DS-GVO for the stated purposes, the proper pro-cessing and the mutual fulfillment of obligations under the contract.
Additionally the processing of personal data may serve the fulfillment of legal ob-ligations, e.g. commercial or fiscal storage requirements, Art. 6 para. 1 lit. c DS-GVO.

3.    Recipients or categories of recipients of personal data

Recipients or categories of recipients of personal data may differ depending on the business relationship and may vary to different degrees.

Internal recipients: The relevant data are received by specialized companies or de-partments of the company group that are commissioned with processing duties for the purpose of fulfilling the obligations of the contractual relationship and the protection of the company’s legitimate interests.

External service providers: Based on a contractual relationship, an application pro-cess or an existing interest in the company or a contractual relationship, selected data are passed on to external service providers. These service providers are affili-ates who have been obliged to confidentiality and to protect the security of your data. Such service providers include, for example, IT service providers, legal and tax consultants, craft companies, banks, credit agencies, etc.
You can find out which service providers are involved in your individual case by means of your right of access.

Further recipients/authorities: Due to legal obligations, individual data must be passed on to additional recipients and authorities including, for example, the fi-nance authority, IHK/HWK, court of laws, social security, pension funds, etc.

4.    Duration of the data storage

The storage of the data and the associated deletion deadlines depend on the business relationship as well as the type of data.

A multitude of personal data are subject to statutory retention requirements as well as other legal guidelines and may only be deleted after the deadline has ex-pired.
Other data can only be deactivated by blocking, e.g. debtor data within the ERP system that refers to debtor items. There is no possibility of deleting this data.

In general, data about customers, business partners and service providers are stored in accordance to the archiving obligation, e.g. for commercial or tax pur-poses and will only be deleted after the appropriate deadline has expired. (§ 257 HGB, § 147 in connection with §§ 140,141 AO).

Personal data on applications are stored for a maximum of six months and will then be deleted. (§ 61 (1) ArbGG in conjunction with § 15 AGG).

Parties interested in the company will be deleted two years after the last contact.

You have the possibility of objecting to the storage of your data at any time and you are also able to request a premature deletion, provided that no legal regula-tion is contrary to this request.

5.    Rights of persons affected

According to the European Data Protection General Order the following rights apply for persons affected, § 32 ff BDSG-neu:

  • Right to information
    You can request information on the data stored about you at the address mentioned above. The right to information also includes details about who the data were disclosed to and for what purpose (§ 34 BDSG-neu).
  • Right to correction, blocking and deletion
    In addition and under certain circumstances you may request the correction or deletion of your data. However, if retention obligations exist according to commercial or tax regulations, the data are blocked instead of deleted (§ 35 BDSG-neu)
  • Right of revocation and objection
    You have the right to object to the processing of your personal data for di-rect marketing purposes. If we process your data to protect legitimate inter-ests, you may dispute this processing if your particular situation gives you reasons that speak against the processing of the data.

6.    Right of appeal

According to Art. 77 DS-GVO you have the possibility to issue a complaint to the data protection officer mentioned above or a data protection supervisory authori-ty.
The data protection supervisory authority responsible for our company is:

Bayerisches Landesamt für Datenschutzaufsicht
Postfach 606
91511 Ansbach

7.    Forwarding data to a third country

Personal data will not be forwarded to service providers outside the European Economic Area (EWR).

8.    Automated decision-making

Automated decision-making (including profiling) is not applied.

9.    Updating the privacy policy

This data protection notification may be updated at a later date due to modifica-tions of, for example, the legal provisions. An up-to-date version is available on our homepage at