We are pleased about your interest in the Schaeffler Group (Schaeffler AG and affiliated companies) and our products. The protection of your privacy when using our online offer is very important for us. If personal data is processed, we observe the applicable data protection laws.
I. General information about data processing
1. Scope and purpose of processing of personal data
In principle, we collect and use your personal data only insofar as it is necessary to provide a functional website as well as our content and services offered on the website. Your personal data is regularly collected and used only after your consent. An exception to this applies in cases where the processing of the data is permitted by law.
2. Legal basis for data processing
Processing of your personal data is based on the EU General Data Protection Regulation (GDPR) and the applicable local data protection law.
If you have given your consent to the processing of personal data for specific purposes, the legal basis for processing of personal data is Art. 6 (1)(a) GDPR. You can withdraw your consent at any time. Please remember that the withdrawal is only effective for the future. Processing based on consent before its withdrawal is not affected.
Processing of personal data in the context of the performance of a contract to which you are a party or in order to take steps prior to entering a contract at your request is based on Art. 6 (1)(b) GDPR. The purposes of data processing are governed by the respective contract documents and the subject matter of the contract.
If processing of personal data is necessary to comply with a legal obligation to which we are subject, Art. 6 (1)(c) GDPR serves as a legal basis.
If processing is necessary for the purposes of the legitimate interests pursued by Schaeffler or by a third party (e.g. to establish or defend legal claims; to ensure IT security; to prevent crimes; to conduct business and to further develop services and products) and if your interests, fundamental rights and freedoms as data subject do not override the aforementioned interest, Art. 6 (1)(f) GDPR serves as the legal basis for processing.
3. Data erasure and retention period
We process and store your personal data for as long as this is necessary to satisfy the respective purpose. In addition, such storage may take place in order to comply with a legal obligation by Union or Member State law, regulation or other provision to which we as controller are subject. If the data is no longer necessary or if a retention period prescribed by the aforementioned laws has expired, your data will be erased on a regular basis.
4. Access to personal data within the Schaeffler Group and by third parties
Within the Schaeffler Group, those entities gain access to your data who require it as a part of “least privilege” (assignment of user rights to the lowest possible extent) and the “need-to-know” principle (knowledge of data only if necessary).
We may only transfer data to third parties outside the Schaeffler Group if this is necessary, if statutory provision so requires, if you have given your consent or if any commissioned processors have agreed to comply with the requirements of the GDPR and the applicable local data protection law.
Under these conditions, recipients of personal data may be: competent internal specialist departments and external service providers, if necessary.
5. Transfer of personal data to a third country or to an international organisation
A transfer of data to countries outside the EU/EEA (so-called third countries) will only take place as it is necessary or required by law, you have given your consent or as part of data processing by a processor. If service providers in third countries are deployed, in addition to written instructions, they are required to comply with data protection standards in Europe by agreeing on the EU standard contractual clauses.
6. IT security and links to third party websites
The Schaeffler Group uses technical and organisational security measures to protect your data that we manage against accidental or intentional destruction, manipulation, loss or access by unauthorised persons. These safeguards are constantly being developed in accordance with the respective new technical possibilities.
7. Obligation to provide personal data
While entering into a contract, you must provide the personal data that is necessary to establish, implement and terminate the contract and to satisfy the resulting duties or that Schaeffler must collect due to legal provisions. Without these data no contract with Schaeffler can be concluded.
If we provide you with offers and services on this website that you can voluntarily use, there is no duty to provide your data to us, but without your personal data, you may not be able to use our offers and services.
8. “Profiling” and automated decision-making
We do not use fully automated decision-making pursuant to Art. 22 GDPR. Schaeffler basically does not use “profiling”. If we use it in individual cases, we will inform you about this separately, if it is required by law and – if necessary - obtain your prior consent.
9. Sources of your personal data
We use data that we receive from you.
II. Data processing for the provision of the website and the creation of log files
By default, when you visit our website, our web servers obtain and collect the name of your Internet service provider, your IP address, the website from which you are visiting us, the websites you visit on our website, and the date and duration of the visit. This data is stored in the log files of our systems. However, the use of the IP address is limited to the technically necessary extent and is abbreviated and therefore used only anonymously, so that it is not possible to assign the IP address to a user. The data is not merged with personal data.
The legal basis for the temporary storage of data is Art. 6 (1)(f) GDPR.
The temporary storage of the abbreviated IP address by our systems is technically necessary to display the website to your terminal device. Storage in log files is done to ensure the functionality of the website. Data is not being analysed for marketing purposes in this context. For these purposes, we have legitimate interest in processing of data according to Art. 6 (1)(f) GDPR.
The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Therefore, there is no possibility for you as a user to object to such processing.
III. Data processing in respect of services offered on the website
On our website various services are offered, for the use of which we request personal data from you. In this context, it is always optional for you to provide us with personal data.
1. Log-in for use of the website
The website is access-protected. For use of the website, enabling of a central administrator by us is necessary. The central administrator can, in turn, enable access to our website for employees (users) in his/her organization. By logging in via a personal log-in (personal e-mail address and password), the respective user can use the website with his/her personal user profile.
The first time a user logs in, a welcome e-mail is sent to the user's e-mail address. The user must change the initially set password via this e-mail. The user's personal data (e-mail address) is saved by us.
The legal basis for processing of the data is Art. 6 (1)(f) GDPR.
Enabling and personal log-in are required for provision of the website content and services. The data are deleted as soon as they are no longer needed for achieving the purpose of their collection. This is the case for the e-mail address made available to us when the personal user profile on our website is deleted or changed. We do not receive any other personal data about the user. The user can delete his/her user profile at any time. The user can change the data saved about him/her at any time. To do so, please see the "Contact Us" section of the website.
2. Ordering products
On this website, the offered products can be ordered. The ordering process is completed via the ordering systems implemented by us internally. Processing of personal data takes place in such a way that the personal data (e-mail address) of the user triggering the order is saved. Other personal data are not processed; only the customer's company data saved by us are used.
The legal basis for processing of personal data is Art. 6 (1)(b) GDPR.
The personal data of the user placing the order are saved with the order information in our ordering systems and are deleted as soon as the legal retention periods have elapsed.
3. Use of our contact and request forms
The website has contact and request forms that can be used to contact us electronically.
To use the contact forms, you must fill mandatory information in the respective input mask marked by an asterisk (e.g. your e-mail address). All other information is optional for you. This personal data will be sent to a department of our company that is responsible for processing and stored in our systems. At the time of sending your message, the date and time of the entry will be saved. We will obtain your consent for processing of the data during the inquiry process.
The data filled in the input mask will be used exclusively to process your inquiry.
The legal basis for the processing of your personal data is Art. 6 (1)(a) GDPR.
The data will be erased as soon as the communication process is completed.
You have the right withdraw your consent to the processing of personal data at any time to by sending an e-mail to firstname.lastname@example.org. In this case, all personal data stored as part of the contact will be deleted with effect for the future. Depending on the time of your withdrawal, we may not be able to answer your request.
4. Use of the Schaeffler info service offers
On the website we offer the possibility to register for Schaeffler info service offers free of charge.
When you register for Schaeffler info service offers and give your corresponding consent, you will receive advertising and information (e.g. newsletter, invitations to trade fairs and events, information about products, services, offers and promotions including opinion polls and company news) of the Schaeffler Group, for example, by e-mail, telephone, SMS and/or instant messenger services, such as WhatsApp, to the contacts provided by you when registering for the info service offers via an input mask. In order to use the info services, you need to provide your e-mail address and other information marked as mandatory in the input mask, such as: name, company and telephone number. This data is being collected to send you the advertising and information. For this purpose, we may also engage third parties (service providers) with whom we have a data processing agreement, and transfer your data to any of these third parties. After submitting the registration form, you will receive from us a confirmation e-mail to the e-mail address you provided. The registration will only take effect if you confirm it by clicking on the link in the e-mail.
The legal basis for the processing of your personal data after registration is Art. 6 (1)(a) GDPR.
The data will be erased as soon as it is no longer necessary for the purposes of its collection. Therefore, the data will be stored as long as the registration for the info service is active. You have the right to withdraw your consent to the processing of the personal data at any time by sending an e-mail to email@example.com or by clicking the “unsubscribe” link in received messages, with effect for the future, thereby deregistering from the info service. In this case, all personal data stored for communication will be erased. The withdrawal of consent does not affect the lawfulness of processing based on this consent before its withdrawal.
5. Creation of a user profile for individualised advertising and information
We want to provide you with as individual offers as possible. We would like to use the information about your user behaviour that you provide and generate automatically when you visit our website in order to create advertising tailored to you and your interests. For this purpose, we request your separate consent to the creation of a personalized user profile.
In the user profile, we store the personal data you have provided us while registering for the “Schaeffler Info Service” together with data about your movement on this website and/or in the information and advertising communication we have sent to you. Movement data is information about your user behaviour, e.g. which columns, articles and content you access on this website or in our newsletter, and at which time, including receipt and read confirmations of e-mails and newsletters.
We analyze this usage profile exclusively to send you individually customized information and advertising, provided that we have obtained your separate consent to the use of data for information and advertising purposes due to your registration for the “Schaeffler Info-Service”. For this purpose, we may also engage third parties (service providers) with whom we have a data processing agreement, and transfer your data to any of such third parties.
The legal basis for processing of your personal data after registration is Art. 6(1)(a) GDPR.
The data will be erased as soon as it is no longer necessary in relation to the purposes of its collection. Therefore, data is being stored as long as your consent to data tracking is active. You have the right to withdraw your consent to the processing of personal data at any time by sending an e-mail to firstname.lastname@example.org or by clicking the “unsubscribe” link in received messages, with effect for the future, thereby deregistering from data tracking. In this case, all personal data stored for communication will be deleted. Withdrawing the consent does not affect the lawfulness of the processing based on this consent before its withdrawal.
6. Performance Dashboard
We use on our Website a "Performance Dashboard". The visitor behavior on the website, i.e. page views and frequency of use of pages and functions, such as website search stating the time of the visit session, the local website visits and the Schaeffler Customer ID is tracked and stored by us. It is not possible to deduce your identity as a user.
Through the analysis of your visit, your usage behavior and your ordering behavior on our website, we continuously optimize the contents and offers of our website as well as the offered products in order to provide you the best possible user experience. We receive the anonymous data from you from Google Analytics (more information on this can be found in the Cookie Directive).
The legal basis for the processing of personal data using cookies is Art. 6(1)(f) GDPR.
V. Your rights as data subject
If your personal data is being processed, you are the data subject pursuant to the GDPR and you have the following rights:
1. Right of access (Art. 15 GDPR)
Upon request you can obtain from us confirmation from us as to whether or not your personal data is being processed by us. If this is the case, you can request us to give you access to the information provided for by law (see Art. 15 (1) GDPR). We will also notify you of appropriate safeguards pursuant to Art. 46 GDPR in the context of data transfer, in case your personal data is being transferred to a third country or to an international organisation.
2. Right to rectification (Art. 16 GDPR)
You have a right to rectification and/or completion if the processed personal data is inaccurate or incomplete. We have to rectify the data without due delay.
3. Right to restriction of processing (Art. 18 GDPR)
Provided that the legal requirements are met (see Art. 18 (1) GDPR), you have the right to restrict processing of your personal data. For consequences of the restrictions please refer to Art. 18(2) and (3) GDPR .
4. Right to erasure (Art. 17 GDPR)
You have the right to demand from us erasure of your personal data without undue delay, and we are obliged to immediately erase this data if any of the reasons pursuant to Art. 17 (1) GDPR applies. The right to erasure does not apply in cases of Art. 17 (3) GDPR.
5. Right to notification
If you have exercised your right to rectification, erasure, or restriction of processing, we are obliged to notify each recipient to whom the personal data have been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. We have to inform you about those recipients upon your request.
6. Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format. For details please refer to Art. 20 GDPR.
7. Right to object (Art. 21 GDPR)
You have the right to object at any time to the processing of your personal data that is based on Art. 6 (1)(e) or (f) GDPR on grounds relating to your particular situation. Further details can be found in Art. 21 GDPR.
In addition, you have a right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR.
VI. Name and contact details of the controller
Schaeffler Finland Oy
Telefon: +358 207 36 6204
Fax: +358 207 36 6205
VII. Contact details of the data protection officer
Data protection officer
Telephone: +49 9132 82-1476
Fax: +49 9132 82-5901
Status: Version 1.0 Schaeffler E-Commerce OEM Finland, version 02 16.10.2019