We are pleased about your interest in the Schaeffler Group (Schaeffler AG and affiliated companies) and our products. The protection of your privacy when using our online offer is very important for us. If personal data is processed, we observe the applicable data protection laws.
1. General information about data processing
1.1. Scope and purpose of processing of personal data
In principle, we collect and use your personal data only insofar as it is necessary to provide a functional website, as well as our content and services offered on the website. The processing of your personal data takes place either on the basis of your consent or to the extent as the legal regulations allow this data processing even without consent.
1.2. Legal basis for data processing
Your personal data is processed on the basis of the EU General Data Protection Regulation (GDPR) and the applicable local data protection law, f.e. the German Federal Data Protection Act (BDSG).
1.2.1. Given consent to the processing Art. 6 (1) lit. a GDPR
Insofar as you have given us consent to process personal data for specific purposes, Art. 6 (1) lit. a GDPR serves as the legal basis for the processing of personal data. Consent given can be revoked by you at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.
1.2.2. Pre-contractual and contractual measures Art. 6 (1) lit. b GDPR
Processing of personal data in the context of the performance of a contract to which you are a party or in order to take steps prior to entering a contract at your request is based on Art. 6 (1) lit. b GDPR. The purposes of data processing are governed by the respective contract documents and the subject matter of the contract.
1.2.3. Legal obligation Art. 6 (1) lit. c GDPR
If processing of personal data is necessary to comply with a legal obligation to which we are subject, Art. 6 (1) lit. c GDPR serves as a legal basis.
1.2.4. Legitimate interests Art. 6 (1) lit. f GDPR
If processing is necessary for the purposes of the legitimate interests pursued by Schaeffler or by a third party (e.g., to assert legal claims and defend against legal disputes; to ensure IT security; to prevent criminal acts; for business management measures and for the further development of services and products) and if your interests, fundamental rights and freedoms as data subject do not override the aforementioned interest, Art. 6 (1) lit. f GDPR serves as the legal basis for processing.
1.3. Data erasure and retention period
We process and store your personal data for as long as this is necessary to satisfy the respective purpose. If your data is no longer required to fulfil the purpose of the data processing, it will be deleted, unless this deletion is subject to statutory retention obligations. The data that you have given us, when submitting a marketing consent will be deleted after two months at the latest upon request, otherwise we will delete the history of our marketing communication with you after five years at the latest.
1.4. Access to personal data within the Schaeffler Group and by third parties
Within the Schaeffler Group, those entities gain access to your data who require it as a part of “least privilege” (assignment of user rights to the lowest possible extent) and the “need-to-know” principle (knowledge of data only if necessary).
We may only transfer data to third parties outside the Schaeffler Group if this is necessary, if statutory provision so requires, if you have given your consent or processors commissioned by us have contractually agreed to comply with the requirements of the GDPR and applicable local data protection law.
Under these circumstances, recipients of personal data may include: Responsible internal departments, which are responsible for the processing of your data, and service providers if required.
1.5. Transfer of personal data to a third country or to an international organisation
A transfer of data to countries outside the EU/EEA (so-called third countries) will only take place as it is necessary or required by law, you have given your consent or as part of data processing by a processor. If service providers in third countries are deployed, in addition to written instructions, they are required to comply with data protection standards in Europe by agreeing on the EU standard contractual clauses.
1.6. IT security and links to third party websites
The Schaeffler Group uses technical and organizational security measures to protect your data that we manage against accidental or intentional destruction, manipulation, loss or access by unauthorized persons. These safeguards are constantly being developed in accordance with the respective new technical possibilities
1.7. Obligation to provide personal data
While entering into a contract, you must provide the personal data that is necessary to establish, implement and terminate the contract and to satisfy the resulting duties or that Schaeffler must collect due to legal provisions.
If we provide you with offers and services on this website that you can voluntarily use, there is no duty to provide your data to us, but without your personal data, you may not be able to use or benefit of our offers and services.
1.8. „Profiling“ and automated decision-making
We do not use fully automated decision-making pursuant to Art. 22 GDPR. Schaeffler basically does not use “profiling”. If we use it in individual cases, we will inform you about this separately, if it is required by law and – if necessary - obtain your prior consent.
1.9. Sources of your personal data
We use data that we receive from you through personal contact, registration forms or social media channels.
2. Data processing for the provision of the website and the creation of log files
By default, when you visit our website, our web servers obtain and collect the name of your Internet service provider, your IP address, the website from which you are visiting us, the websites you visit on our website, and the date and duration of the visit. This data is stored in the log files of our systems and is used for problem or error analysis. However, the use of the IP address is limited to the technically necessary extent and is abbreviated and therefore used only anonymously, so that it is not possible to assign the IP address to a user. The data is not merged with personal data.
The temporary storage of the abbreviated IP address by our systems is technically necessary to display the website to your terminal device. Storage in log files is done to ensure the functionality of the website. Data is not being analyzed for marketing purposes in this context.
For these purposes, we have legitimate interest in processing of data according to Art. 6 (1) (f) GDPR.
The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Therefore, there is no possibility for you as a user to object to such processing.
3. Data processing in respect of services offered on the website
On our website various services are offered, for the use of which we request personal data from you.
3.1. Data processing in the context of marketing activities (DOI, Tracking)
We want to provide you with information whichis individually tailored to your interests as much as possible. In order for you to use these services, we will require personal data from you, such as your name, e-mail address, company and/or telephone number, which you can provide to us via a registration form on one of our registration pages, as well as your combined consent.
- In the sending of personalized advertising and information (e.g newsletters, invitations trade fairs and events, products, services, offers and promotions including opinion surveys and company communications) of the Schaeffler Group by e-mail, SMS and/or instant messenger services such as e.g WhatsApp and
- In the tracking of your user behavior in connection with digital Schaeffler offers (when did you receive and read e-mails sent to you by us; which sections, articles, products, and other content on Schaeffler websites and in e-mails did you access and when; which links in our e-mails on Schaeffler websites did you use and when; how did you interact with our services, e.g participation in a webinar.
The collection of your data via the registration form serves to send advertisements and information to you. For this purpose, we may also engage third parties (service providers) with whom a contract for order processing is valid/signed and transfer your data to such third parties. The tracking information of your usage behavior, serves exclusively, to be able to send you information and advertisements tailored to your interests as individually as possible.
If you give your consent and submit the registration form, you will receive a confirmation e-mail from us to your provided e-mail address. The registration will only become effective once you have clicked on the confirmation link within the e-mail.
The legal basis for the processing of your personal data after registration is Art. 6 (1) lit. a GDPR.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. Therefore, the data is stored as long as the registration for the personalized advertising and information service is active. At any time you have the possibility to revoke your consent to the processing of personal data by e-mail to firstname.lastname@example.org or by clicking on the „unsubscribe link” in the received messages, with effect for the future and thereby unsubscribe from the service. In this case, all personal data stored in the course of contacting us as well as information about your usage behavior will be deleted. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
3.2. Use of our contact and request forms
The website has contact and request forms that can be used to contact us electronically.
To use the contact forms, you must fill the mandatory information in the respective input mask marked by an asterisk (e.g. your e-mail address). All other information is optional for you. This personal data will be sent to a department of our company that is responsible for processing and stored in our systems. At the time of sending your message, the date and time of the entry will be saved. We will obtain your consent for processing of the data during the inquiry process.
The data filled in the input mask will be used exclusively to process your inquiry.
The legal basis for the processing of your personal data is Art. 6 (1) (a) GDPR.
The data will be erased as soon as the communication process is completed.
You have the right withdraw your consent to the processing of personal data at any time to by sending an e-mail to email@example.com. In this case, all personal data stored as part of the contact will be deleted with effect for the future. Depending on the time of your withdrawal, we may not be able to answer your request.
Contacting is also possible via chatbots provided by us. The previous statements on data processing apply accordingly. If you use them, the processing of your personal data is based on our legitimate interest in accordance with Art.6 (1) lit. f GDPR.
3.3. Data processing when registering for non-open websites/ website areas
Some of our websites or individual areas of our websites are access-protected. This means that you have to register in advance in order to visit and use the website or the website sections.
To carry out a registration, you have to enter the data marked as mandatory in a corresponding input mask, for example your contact & address data and your user type. The data and time of your entry will be saved.
We use your data to manage your user account and to contact you in terms of an order processing and services. In addition, transaction data can be recorded on the website, which serves to display a history of already visited pages within the portal as a convenience function. The data will be stored by us until you delete your user account.
3.4. Data processing for orders
You can order products, services and non-cash rewards offered on our websites. To place an order, first you must enter your contact and address data in a corresponding input mask (f.e. as part of a registration for the website). The date and time of your entry will be saved. Your personal data will be stored by us and passed on to our third-party service providers, if necessary, for delivery.
The legal basis for the processing of your personal data is Art. 6 (1) lit. b GDPR.
The personal data will be stored by us until the order and shipping process has been completed and there are no longer any statutory retention periods.
You have the possibility to revoke your consent that you have provided to us in the context of an order at any time by sending an e-mail to firstname.lastname@example.org. In this case, all personal data will be deleted with effect for the future, provided that the deletion does not conflict with any statutory retention periods.
3.5. Data processing in connection with Cookies, Web Beacons and Local Storage
Web beacons are small graphic files (also referred to as "counting pixels", "pixel tags" or "clear GIFs") that may be included in our websites, apps, applications and newsletters and are usually used in conjunction with cookies. The above statements on cookies apply accordingly to web beacons; web beacons are not used in particular if you have objected to the use of the relevant cookie.
The legal basis for the use of web beacons is Art. 6 (1) p. 1 lit. f GDPR. Web beacons serve statistical purposes and purposes of personalization in the further development and relevance of the website and represent a legitimate interest of Schaeffler.
3.5.3. Local Storage
We use the functionality of the so-called local storage. Your data (master data, status data and program data) are stored locally in the cache of your browser. If you don’t delete the cache of your browser, this information is retained and can be read out the next time you visit the website. By using a local storage, we enable you to view your data correctly while browsing on our website without slowing down this process unnecessarily and overloading the interfaces.
If you do not wish to use the local storage, you can set this accordingly in the settings of your respective browser at any time. Please note that, in this case, the functionalities of our website will only be available to you to a limited extent or are no longer available.
The legal basis for the use of local storage is Art. 6 (1) p. 1 lit. f GDPR. Schaeffler's legitimate interest in using local storage is to accelerate processes and avoid system overload.
3.6. Data processing in connection with social media networks
The declaration below on the processing of personal data refers purely to the processing by the Schaeffler Group itself. The providers of the listed social media process personal data of registered users, but also of non-registered visitors to their websites by applying their own policies. They are responsible for their own user data processing policies. The user or visitor should inform about the data processing by the social media sites directly from the social media providers.
The respective legal entity within the Schaeffler Group's legal entities is responsible for the collection of data for the above-mentioned social media presence.
We collect and process personal data in the course of the use of our social media sites by the data subjects and may transfer your data to an internal system for processing regarding this purpose.
3.6.1. Processing of your personal data when contacting us
If you provide us with personal data by contacting us, e.g. by e-mail or by a direct message within social media, we process your data pursuant to Art. 6 (1) p. 1 lit. b GDPR for the purpose of fulfilling the contract or for the implementation of pre-contractual measures that are carried out in response to your request or pursuant to Art. 6 (1) p. 1 lit. f GDPR due to our legitimate interest in answering your request. Thereby, we process the data that you provide to us directly via your inquiry. In social media, this is your username and your photo as well as the message you send us. It may also happen that we visit your public profile and store data from it, provided that this is necessary for the above-mentioned purposes.
The processing of the named personal data is carried out according to Art. 6 (1) p. 1 lit. f GDPR on the basis of Schaeffler's legitimate interest in providing users with targeted information about us and our services, as well as the optimized design of our social media presences and effective communication with users. If users are asked by the respective providers of the social media networks for consent to this data processing (e.g. when registering by checking a checkbox or confirming a corresponding button), the legal basis for the processing is Art. 6 (1) p. 1 lit. a GDPR.
3.6.2. Processing of Schaeffler's personal data within social media networks
For all our social media presences, we receive messages about whether users of the social media give a "like" for our posts, finds them interesting, share or recommend or comment (depending on the function of the social media), etc. we may also see a list of our respective followers or subscribers, and on some social media sites (for example XING) a list of visitors to our social media presence. In addition, we can see when you leave reviews about our company, provided that this review is linked to the respective social media presence.
The processing of the named data is carried out according to Art. 6 (1) p. 1 lit. f GDPR on the basis of Schaeffler's legitimate interest in providing users with targeted information about us and our services, as well as the optimized design of our social media presences and effective communication with users. If users are asked by the respective providers of the social media networks for consent to this data processing (e.g. when registering by checking a checkbox or confirming with a corresponding button), the legal basis for the processing is Art. 6 (1) p. 1 lit. a GDPR.
3.6.3. Processing of statistical data within social media networks
We also receive statistical evaluations of the use of our social media sites from all social media providers. Beyond the information mentioned under 3.5.1, however, this only contains anonymized information, such as (depending on the provider) demographic data, an anonymized analysis of the interaction and reach of our social media presences and posts, anonymized information such as languages, interests and end devices used by our users.
The processing of the named data is carried out according to Art. 6 (1) p. 1 lit. f GDPR based on Schaeffler's legitimate interest in providing users with targeted information about us and our services, as well as the optimized design of our social media presences and effective communication with users. If users are asked by the respective providers of the social media networks for consent to this data processing (e.g. when registering by checking a checkbox or confirming a corresponding button), the legal basis for the processing is Art. 6 (1) p. 1 lit. a GDPR.
3.6.4. Processing of data for advertising purposes and creation of usage profiles by the providers of the social media networks
The data mentioned under 3.5.1 and 3.5.2 may also be processed for market research and advertising purposes. This happens, for example, when we place advertisements on the respective social media. However, the data is processed by the respective providers. Please also note that they can create usage profiles from your usage behavior. These usage profiles can in turn be used, for example, to place advertisements within and outside the platforms that correspond to your developed interest profile. Please inform yourself about this with the providers of the social media.
The social media providers do not act according to instructions but process your data on their own responsibility. You can find information about the providers and their contact details on their websites. There you will also find information about the processing of your personal data. We would like to point out that your data may be processed outside of the European Union by the providers of the social media. This may result in a risk for you, for example, it could be more difficult to you to enforce your rights. Please inform yourself in this regard with the providers of the social media.
4. Your rights as data subject
If your personal data is being processed, you are the data subject pursuant to the GDPR and you have the following rights:
4.1. Right of access (Art. 15 GDPR)
Upon request you can obtain confirmation from us as to whether your personal data is being processed by us. If this is the case, you can request us to give you access to the information provided for by law (see Art. 15 (1) GDPR). We will also notify you of appropriate safeguards pursuant to Art. 46 GDPR in the context of data transfer in case your personal data is being transferred to a third country or to an international organization. There are the restrictions according to Art. 34 and 35.
4.2. Right to rectification (Art. 16 GDPR)
You have a right to rectification and/or completion if the processed personal data is inaccurate or incomplete. We have to rectify the data without due delay.
4.3. Right to restriction of processing (Art. 18 GDPR)
Provided that the legal requirements are met (see Art. 18 (1) GDPR), you have the right to restrict processing of your personal data. For consequences of the restrictions please refer to Art. 18 (2) and (3) GDPR.
4.4. Right to erasure (Art. 17 GDPR)
You have the right to demand from us erasure of your personal data without undue delay, and we are obliged to immediately erase this data if any of the reasons pursuant to Art. 17 (1) GDPR applies. The right to erasure does not apply in cases of Art. 17 (3) GDPR. Furthermore, there are restrictions according to Art. 34 and 35 BDSG.
4.5. Right to notification
If you have exercised your right to rectification, erasure, or restriction of processing, we are obliged to notify each recipient to whom the personal data have been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. We have to inform you about those recipients upon your request.
4.6. Right to data portability (Art. 20 GDPR)
You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format. For details, please refer to Art. 20 GDPR.
4.7. Right to object (Art. 21 GDPR)
You have the right to object at any time to the processing of your personal data that is based on Art. 6 (1) (e) or (f) GDPR on grounds relating to your particular situation. Further details can be found in Art. 21 GDPR.
In addition, you have a right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR in connection with § 19 GDPR.
5. Name and contact details of the controller
Schaeffler Finland Oy
6. Contact details of the data protection officer
Data protection officer
Status: Version 2.0, 10.2021