The controller within the meaning of the General data Protection Regulation (GDPR) and other national data protection laws of the member states and other data protection regulations is:
SCHWIND eye-tech-solutions GmbH
Mainparkstrasse 6-10
D-63801 Kleinostheim
Telefon: +49 (0) 6027 508 0
Email: info@eye-tech.net
Website: https://www.eye-tech-solutions.com/
The data protection officer of the controller is:
You can contact the data protection officer of the controller at:
Data protection officer
SCHWIND eye-tech-solutions GmbH
Mainparkstrasse 6-10
D-63801 Kleinostheim
Email: datenschutzbeauftragter@eye-tech.net
Telephone: +49 (0) 6027 508 249
We generally only process the personal data of our users insofar as necessary for the provision of a functioning website as well as our contents and services. The personal data of our users is routinely only processed with the user’s consent. Situations where it is genuinely impossible to obtain consent prior to processing the data and such processing is permitted by law form an exception to this rule.
In the event of us obtaining consent from the data subject for the processing of personal data, Art. 6 (1) lit. a GDPR serves as the legal basis. Art. 6 (1) lit. b GDPR serves as the legal basis for the processing of personal data which is required for the fulfilment of a contract to which the data subject is a contracting party. This also applies to processing activities required for the performance of pre-contractual measures. Art. 6 (1) lit. c GDPR serves as the legal basis for the processing of personal data which is required for the fulfilment of a legal obligation to which our company is subject. Art. 6 (1) lit. d GDPR serves as the legal basis in the event of vital interests of the data subject or another natural person making it necessary to process personal data.
If data needs to be processed to maintain a legitimate interest of our company or third party and this interest is not outweighed by the interests, basic rights and basic freedoms of the data subject, Art. 6 (1) lit. f GDPR serves as the legal basis for the processing.
The personal data of the data subject is erased or blocked as soon as the purpose for its storage ceases to exist. The data may be stored for longer periods if stipulated by European or national legislation in EU regulations and directives, laws or other regulations to which the controller is subject. The data is also blocked or erased upon expiry of a storage period stipulated in one of the above standards, unless the storage of the data remains necessary for the conclusion or fulfilment of a contract.
Each time our website is accessed, our system automatically collects data and information from the accessing computer system.
The following data is collected in this case:
The data is also stored in the log files of our system. This does not apply to the user’s IP address or other data that makes it possible to allocate the data to one specific user. This data is not stored together with other personal user data.
Art. 6 (1) lit.f GDPR is the legal basis for the temporary storage of data.
The temporary storage of the IP address by the system is necessary to make it possible to transmit the website to the user’s computer. The user’s IP address has to be stored for the duration of the session for this purpose.
These purposes also constitute our legitimate interest in processing of the data in accordance with Art. 6 (1) lit. f GDPR.
The data is erased as soon as it is no longer required for fulfilling the purpose for which it was collected. If the data is collected for the provision of the website, this is the case once each session has ended.
The collection of the data is crucial for the provision of the website and the storage of the data in log files for the operation of the website. The user therefore does not have any option to object.
Our website uses cookies. Cookies are text files that are stored in the browser and/or by the browser on the user’s computer. A cookie may be stored on the user’s computer when the user accesses a website. This cookie contains a distinctive character sequence that makes it possible to clearly identify the browser when the website is accessed again.
You can largely decide which technologies we may employ. Some of them are technically necessary to ensure that our website functions properly. Others will only be used by us with your consent. Click here to read all the necessary information:
You can change the settings at any time there, e.g. withdraw your consent with future effect.
You can subscribe to a free of charge newsletter on our website. When you subscribe to the newsletter, the data from the input mask is transferred to us:
The following additional data is collected during the subscription process:
Your consent for the processing of the data is obtained and reference made to this Privacy Policy during the subscription process.
The data is not transferred to third parties in connection with the processing of the data for the sending of newsletters. The data is used exclusively for sending the newsletters.
Art. 6 (1) lit. a GDPR is the legal basis for the processing of the data upon the user subscribing to the newsletter if the user has given consent.
The user’s email address is collected in order to send the newsletter.
The other personal data is collected during the subscription process in order to prevent misuse of the services or email address used.
The data is erased as soon as it is no longer required for fulfilling the purpose for which it was collected. The user’s email address is therefore stored for as long as the user subscribes to the newsletter.
The other personal data collected during the subscription process is generally erased after seven days.
The affected user can unsubscribe from the newsletter at any time. An unsubscribe link is included in every newsletter.
This also makes it possible to withdraw consent to the storage of the personal data collected during the subscription process.
Users can register on our website. To do so, they need to provide personal data. The data is entered in an input mask, transferred to us and stored during this process. The data is not transferred to third parties. The following data is collected during the registration process:
The following data is also collected when registering:
Consent to the processing of this data is obtained from the user during the registration process.
Art. 6 (1) lit. a GDPR is the legal basis for the processing of the data if the user has given consent.
The user has to register for accessing certain contents and services on our website. The contents of the SCHWIND portal are aimed exclusively at our SCHWIND users and sales partners.
The data is erased as soon as it is no longer required for fulfilling the purpose for which it was collected.
This is the case for the data collected during the registration process if the registration is withdrawn or amended on our website.
As a user, you can cancel your registration at any time. You can request for your personal data stored to be modified at any time.
You can manage your data yourself within the portal in the "My Account" area. If you wish to delete your account, please inform us by e-mail.
Our website contains a contact form that can be used for making contact via this electronic medium. If a user uses this option, the data entered in the input mask is transferred to, and stored by, us. This data comprises:
The following data is also collected when sending the message:
Your consent for the processing of the data is obtained and reference made to this Privacy Policy when sending the message.
Alternatively, you can contact us using the email address provided. In this case, the user’s personal data transmitted in the email is stored.
The data is not transferred to third parties in this case. The data is used exclusively for processing the conversation.
Art. 6 (1) lit. a GDPR is the legal basis for the processing of the data if the user has given consent.
Art. 6 (1) lit. f GDPR is the legal basis for the processing of the data which is transferred during email transmission. If contact is made via email in order to conclude a contract, the additional legal basis for the processing is Art. 6 (1) lit. b GDPR.
The personal data entered in the input mask is processed exclusively for processing the contact. If contact is made via email, this also constitutes the required legitimate interest in processing the data.
The other personal data processed during the message sending process serves to prevent misuse of the contact form and ensure the security of our IT systems.
The data is erased as soon as it is no longer required for fulfilling the purpose for which it was collected. For the personal data from the input mask of the contact form and the personal data sent via email, this is the case when the respective conversation with the user has been concluded. The conversation has been concluded when the circumstances show that the matter in question has been clarified in full and final.
The additional personal data collected during the message sending process is erased no later than after seven days.
The user may withdraw their consent to the processing of the personal data at any time. If the user contacts us via email, the user may object to the storage of their personal data at any time. In this case, the conversation cannot be continued.
Please inform us in writing, by post or e-mail if you wish to object to the storage of your personal data.
All personal data stored during the contacting process is deleted in this case.
You can search for sales partners for our products on our website. When using the sales partner search, we as the manufacturer receive a copy of your inquiry to the sales partner, so that we can support the sales partner in finding the best technical solution for you in a timely manner. The legal basis for the storage of data is Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the storage of data for the optimized provision of our services, in particular in the storage of data for the optimized provision of our services, especially in the configuration and planning of our products and the recording of market demand trends. . If we conclude a contract with a manufacturer's guarantee, the additional legal basis is Art. 6 para. 1 lit. b GDPR.
The data is transmitted to the selected sales partner. The legal basis for this is Art.6 para. 1 lit. b GDPR, as the search for distribution partners is aimed at the conclusion of a contract.
If the distribution partner is in a non-secure third country, the data will be transferred with the consent of the applicant pursuant to Art. 49 para. 1 lit. a GDPR after the applicant has been informed about the risks of data transfer due to the lack of comparable data protection levels in the recipient country and the lack of guarantees for data security by the data transfer authorities involved. Furthermore, when searching for a distribution partner in a non-safe third country, the transfer is necessary for the fulfilment of the search request, so that Art. 49 para. 1 lit. b GDPR also serves as the legal basis.
The data of the inquirer will be deleted as soon as the inquiry of the user has been finally clarified, without the conclusion of a contract with the user. If a manufacturer's warranty contract is concluded, the data will be deleted when the data is no longer required for the execution of the contract. Mandatory statutory provisions - in particular retention periods within the framework of possible business correspondence or for tax reasons - remain unaffected by this.
On our website we offer the free download of product and advertising brochures for our laser systems. For this purpose, we collect the cash on delivery, the email address and the country of the interested party in a form before the download. The offer is directed exclusively at commercial customers for the purpose of initiating a contractual relationship as well as for advertising information of our products. After entering the data, the interested party receives a download link by email, with which he can then download the documents.
The legal basis of data processing in the initiation of a contractual relationship is Art. 6 para. 1 lit. b GDPR. For general advertising purposes, Art. 6 para. 1 lit. f GDPR is the legal basis. Our legitimate interest results from the security of preventing misuse of our advertising material and enabling the download of brochures in the applicable language.
We store and use the data for advertising purposes until we receive an objection. If data is stored for contract fulfilment or contract initiation, it is deleted when the data is no longer required for these purposes. The statutory retention periods remain unaffected by this.
Within the scope of the physician inquiry, direct communication with the requested physician takes place via your email program after your selection of the responsible physician. To do this, select the country or place where you are looking for a doctor. Another filter criterion is the specific treatment method. After selection, we will communicate directly without receiving any personal data as part of your communication with the selected physician.
Click here to read all the necessary information on web analysis:
You can modify the settings at any time there, e.g. you can withdraw your consent with future effect and/or object to the use of the web analysis tool by deactivating it.
The provider of this website uses the services of etracker GmbH, Hamburg, Germany (www.etracker.com) to analyse usage data. We do not use cookies for web analysis by default. If we use analysis and optimisation cookies, we will obtain your explicit consent separately in advance. If this is the case and you agree, cookies are used to enable a statistical range analysis of this website, a measurement of the success of our online marketing measures and test procedures, e.g. to test and optimise different versions of our online offer or its components. Cookies are small text files that are stored by the Internet browser on the user's device. etracker cookies do not contain any information that could identify a user.
The data generated by etracker on behalf of the provider of this website is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject to the strict German and European data protection laws and standards. In this regard, etracker was independently checked, certified and awarded with the ePrivacyseal data protection seal of approval.
The data processing is based on Art. 6 Section 1 lit f (legitimate interest) of the General Data Protection Regulation (GDPR). Our legitimate interest is the optimisation of our online offer and our website. As the privacy of our visitors is very important to us, the data that may possibly allow a reference to an individual person, such as IP address, registration or device IDs, will be anonymised or pseudonymised as soon as possible. etracker does not use the data for any other purpose, combine it with other data or pass it on to third parties.
You can object to the outlined data processing at any time by clicking on the slider. The objection has no disadvantageous consequences. If no slider is displayed, the data collection is already prevented by other blocking means.
Further information on data protection with etracker can be found here.
If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").
Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.
Google Analytics 4 has IP address anonymization enabled by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your website visit, your user behavior is recorded in the form of "events". Events can be:
Also recorded:
Purposes of processing
On behalf of the operator of this website, Google will use this information to evaluate your [pseudonymous] use of the website and to compile reports on website activity. The reports provided by Google Analytics serve to analyse the performance of our website and the success of our marketing campaigns.
Recipients
Recipients of the data are/may be:
It cannot be ruled out that US authorities may access the data stored by Google.
Third country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.
Duration of storage
The data sent by us and linked to cookies are automatically deleted after 2 [OR: 14] months. The deletion of data whose retention period has been reached occurs automatically once a month.
Legal basis
The legal basis for this data processing is your consent pursuant to Art.6 para.1 p.1 lit. a GDPR.
You can revoke your consent at any time with effect for the future by accessing the cookie settings [LINK TO CONSENT TOOL SETTINGS HERE] and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.
You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by
a. not giving your consent to the setting of the cookie or
b. downloading and installing the browser add-on to disable Google Analytics HEREhttps://marketingplatform.google.com/about/analytics/terms/en/.
For more information on Google Analytics' terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and at https://policies.google.com/?hl=en.
If your personal data is being processed, you are the data subject within the meaning of the GDPR and you have the following rights against the controller:
You can request confirmation from the controller if your personal data is being processed by us.
If such processing is taking place, you can request the following information from the controller:
You have the right to request information if your personal data is transferred to a third country or international organisation. In this context, you may request to be informed about the suitable guarantees in accordance with Art. 46 GDPR in connection with the transfer.
This right to information may be restricted insofar as it would be likely to prevent the implementation of research and statistical purposes, or if it would significantly impair the latter, and the restriction is necessary for fulfilling the research or statistical purposes.
You have the right to rectification and/or completion against the controller if your personal data that is being processed is incorrect or incomplete. The controller must rectify the data immediately.
This right to rectification may be restricted insofar as it would be likely to prevent the implementation of research and statistical purposes, or if it would significantly impair the latter, and the restriction is necessary for fulfilling the research or statistical purposes.
You may request for the processing of your personal data to be restricted in the following circumstances:
If the processing of your personal data has been restricted, this data may, with the exception of its storage, only be processed with your consent or for the assertion, enforcement or defence of legal claims or for the protection of the rights of another natural person or legal entity or for reasons of important public interests of the European Union or one of its member states.
If the restriction of the processing has been restricted according to the above conditions, you will be informed by the controller before rescinding the restriction.
Your right to restriction of processing may be restricted insofar as it would be likely to prevent the implementation of research and statistical purposes, or if it would significantly impair the latter, and the restriction is necessary for fulfilling the research or statistical purposes.
You may request for the controller to erase your personal data immediately. In this case, the controller must erase this data immediately if one of the following reasons applies:
If the controller has published your personal data and is obliged to erase it in accordance with Art. 17 (1) GDPR, the controller shall, whilst taking into consideration the available technology and implementation costs, take reasonable measures, including technical measures, to inform all persons responsible for the processing of the personal data of the fact that you, the data subject, have requested the erasure of all links to, or all copies or duplicates of, this personal data.
The right to erasure does not exist if the processing is required
If you have asserted your right to rectification, erasure or restriction of processing against the controller, the latter must inform all recipients to which your personal data has been disclosed of the rectification or erasure of this data or restriction of its processing, unless this proves to be impossible or would incur unreasonable expenses.
You have the right against the controller to be informed about these recipients.
You have the right to be given your personal data that you provided to the controller in a structured, standard and machine-readable format. You further have the right to transfer this data to another controller without the controller who was entrusted with the personal data attempting to stop you, if
When executing this right, you further have the right to effect that your personal data is transferred directly from one controller to another, insofar as this is technically possible. This must not impair the freedoms and rights of other persons.
The right to data portability does not apply to the processing of personal data required for the fulfilment of a task that is in the interest of the public or a task that is performed in execution of public powers that have been transferred to the controller.
You have the right to object at any time against the processing of your personal data in accordance with Art. 6 (1) lit. e or f GDPR for reasons arising from your particular situation. This also applies to any profiling based on these provisions.
The controller shall no loner process your personal data, unless the controller can provide evidence of mandatory, protectable reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves the assertion, enforcement or defence of legal claims.
If your personal data is processed for direct advertising purposes, you have the right to object to the processing of your personal data for the purpose of such advertising at any time. This also applies to any profiling linked to such direct advertising.
If you object to the processing for direct advertising purposes, your personal data will no longer be processed for such purposes.
You may exercise your right to object using automated processes which use technical specifications in connection with the use of services of the information provider, regardless of Directive 2002/58/EC.
You further have the right to object to the processing of your personal data for scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR for reasons arising from your specific situation.
Your right to object may be restricted insofar as it would be likely to prevent the implementation of research and statistical purposes, or if it would significantly impair the latter, and the restriction is necessary for fulfilling the research or statistical purposes.
You have the right to withdraw your consent in accordance with data protection law at any time. The withdrawal of your consent shall not affect the legitimacy of the processing based on the consent given until the time of withdrawal.
You have the right not to be subjected to a decision solely based on automated processing, including profiling, which has a legal effect against you or has other similar severe consequences for you. This does not apply if the decision
However, such decisions must not be based on specific categories of personal data in accordance with Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g GDPR apply and reasonable measures for the protection of rights and freedoms as well as your legitimate interests have been implemented.
With regard to the cases mentioned in paragraphs (1) and (3), the controller shall implement reasonable measures to maintain the rights and freedoms as well as your legitimate interests, which includes, at a minimum, the right to effect intervention by a person of the controller, the right to state your own opinion, and the right to appeal against the decision.
Notwithstanding any other legal remedy under administrative law or before a court, you have the right to complain to a supervisory authority, particularly in the member states of your domicile, place of work or place of alleged violation if you are of the opinion that the processing of your personal data violates the GDPR.
The supervisory authority where you submit your complaint will inform the complainant about the status and results of the complaint, including the option of legal remedy before a court in accordance with Art. 78 GDPR.
Our website uses plugins from Google's YouTube site. This website is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. If you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to associate your surfing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. The use of YouTube is in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. For more information on how we handle user data, please see YouTube's privacy policy: https://www.google.de/intl/de/policies/privacy.
Opt-Out: https://adssettings.google.com/authenticated.
This page uses the map service Google Maps via an API. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland. To use the functions of Google Maps it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. The use of Google Maps is in the interest of an appealing representation of our online offers and at an easy findability of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. You can find more information on the handling of user data in Google's data protection declaration: https://www.google.de/intl/de/policies/privacy/.
Opt-Out: https://adssettings.google.com/authenticated.
To ensure that fonts used on this website are uniform, this website uses so-called Google Fonts provided by Google. When you access a page on our website, your browser will load the required fonts into your browser cache to correctly display text and fonts.
To do this, the browser you use will have to establish a connection with Google’s servers. As a result, Google will learn that your IP address was used to access this website. The use of Google Fonts is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in a uniform presentation of the font on the operator’s website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.
If your browser should not support Google Fonts, a standard font installed on your computer will be used.
For more information on Google Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
To conduct, record and host webinars and virtual meetings, we use services from LogMeIn, Inc. a service provider headquartered in the US with subsidiaries in the US and UK. LogMeIn already participates in the EU-U.S. and Swiss Privacy Shield Frameworks and is compliant with current applicable EU data protection rules. Frequently asked questions about LogMeIn's data security are answered at https://www.logmeininc.com/gdpr/gdpr-faq
We have a data processing agreement with LogMeIn that requires LogMeIn to protect our customers' information and not share it with third parties. A sample of this agreement can be viewed at the following link: https://logmeincdn.azureedge.net/legal/20191226/DPA/LMI-Customer-Data-Processing-Addendum-2019-v2-SAMPLE.pdf
SCHWIND eye-tech-solutions GmbH collects and processes personal data for the online booking of meeting appointments.
For this purpose, we use the "Microsoft Bookings" service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The connection to the service is only established when you access the online booking function via a button on our website. Further information on the handling of user data can be found in Microsoft's privacy policy.
We would like to point out that you are not obliged to use Microsoft Bookings to make an appointment. If you do not wish to use the service, please use one of the other contact options offered to make an appointment.
The legal basis for data transmission, storage and processing is your consent (Article 6(1)(a) GDPR).
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
You have the option of withdrawing your consent to data processing or objecting to the use of the data at any time. In this case, the intended contact with the user is no longer possible or communication that has already begun can no longer be continued.
We use "Microsoft Forms" to make appointments, conduct surveys and polls in Forms and/or webinars. "Microsoft Forms" is a service of the Microsoft Corporation. The processing is carried out on behalf of Schwind by
Microsoft Ireland Operations Limited
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18
D18 P521
Ireland
Various types of data are processed when you use "Microsoft Forms". The scope of the data also depends on whether you want to make an appointment or take part in a vote, survey or webinar in Forms.
The following personal data is processed when you use "Microsoft Forms" to participate in a vote, survey or webinar:
When using "Microsoft Forms" to make appointments, the following personal data is processed
Microsoft Forms:
The use of Microsoft Forms for making appointments is voluntary. Insofar as consent is given by making an appointment, the legal basis is Art. 6 para. 1 sentence 1 lit. a GDPR. Consent given can be revoked at any time with effect for the future. Withdrawing or not granting consent does not result in any disadvantages.
If the use of Microsoft Forms is necessary for the agreement of appointments for the initiation and/or fulfillment of contracts, the processing of personal data is carried out in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.
If no contractual relationship exists, the use of Microsoft Forms for the arrangement of appointments may be based on our legitimate economic interest in efficient, economical and user-friendly services in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
The data of users from the European Union is processed in data centers within the European Economic Area (EEA). Nevertheless, it may be necessary for the provision of the service and in the context of support that data is processed at the headquarters of Microsoft Inc. in the USA. Remaining third country transfers are carried out in compliance with the GDPR by Microsoft Enterprise Service Privacy based on a Data Processing Addendum (DPA) and Standard Contractual Clauses (SCC) with Microsoft Enterprise Service Privacy as well as additional safeguards from MS. These are technical and organizational measures for the protection of personal data. In particular, personal data is only transmitted in encrypted form via Forms. In addition, Microsoft has contractually undertaken to defend itself against requests for disclosure from US authorities in court as far as possible. Therefore, an adequate level of protection can generally be assumed for the processing of personal data by Microsoft.
In order to fully comply with the strict legal data protection requirements, we have concluded an order processing agreement with Microsoft as part of the "Online Service Terms" (OST). In this respect, Microsoft is merely a processor.
This data protection notice only informs you about the processing of your personal data by Schwind.
According to information provided by Microsoft, Microsoft processes data for the following activities as part of "business activities", in each case related to the provision of products and services to the customer: (1) billing and account management; (2) compensation (e.g. calculation of employee commissions and partner incentives); (3) internal reporting and business modeling (e.g. forecasting, revenue, capacity planning, product strategy); (4) combating fraud, cybercrime or cyberattacks that may affect Microsoft or Microsoft products; (5) improving core functionality in terms of accessibility, data protection or energy efficiency; and (6) financial reporting and compliance with legal obligations (subject to the restrictions on disclosure of processed data described below).
In processing for these business activities, Microsoft applies the principles of data minimization and does not use or process Customer Data, Professional Services Data or Personal Data for: (a) user profiling; (b) advertising or similar commercial purposes; or (c) any other purposes, except as set forth in this section. For the processing of data for the aforementioned business purposes, Microsoft determines both the means and the purposes of the data processing. Microsoft regards itself as the sole controller for such data processing.
If you require information about the processing of your personal data and encryption by Microsoft, you can view this under the following links:
https://privacy.microsoft.com/de-de/privacystatement
https://learn.microsoft.com/de-de/purview/encryption?view=o365-worrldwide
Within our online offer, we make no representations or warranties of any kind based on our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. GDPR) content or service offerings of third parties to incorporate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content").
This always presupposes that the third party providers of this content perceive the IP address of the users, since without the IP address they could not send the content to their browser. The IP address is therefore required for the display of this content. We make every effort to use only those contents whose respective providers use the IP address only for the delivery of the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may include technical information about the browser and operating system, referring websites, visiting time and other information about the use of our online offer, as well as be linked to such information from other sources.
If our website contains links to other Internet pages of the SCHWIND eye-tech-solutions group of companies (e.g. to the website for experts) or to Internet pages of third party companies or offers apps for download, this data protection declaration does not apply. Please refer to the other websites or apps for information on the data protection regulations applicable there.
We process the applicant data only for the purpose and in the context of the application procedure in accordance with the legal requirements. The processing of the applicant data takes place in order to fulfil our (pre)contractual obligations in the context of the application procedure within the meaning of Art. 6 para. 1 lit. b. GDPR Art. 6 para. 1 lit. f. GDPR if data processing becomes necessary for us, e.g. within the framework of legal procedures (in Germany § 26 BDSG additionally applies).
The application procedure requires that applicants provide us with their data. If we offer an online form, the necessary applicant data are marked otherwise result from the job descriptions and generally include personal data, postal and contact addresses and the documents belonging to the application, such as cover letter, curriculum vitae and certificates. In addition, applicants may voluntarily provide us with additional information.
By submitting the application to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the type and scope set out in this data protection declaration.
Insofar as special categories of personal data within the meaning of Art. 9 para. 1 GDPR are voluntarily communicated within the scope of the application procedure, they are additionally processed in accordance with Art. 9 para. 2 letter b GDPR (e.g. health data, e.g. severely disabled status or ethnic origin). If special categories of personal data within the meaning of Art. 9 para. 1 GDPR are requested from applicants during the application procedure, they are additionally processed in accordance with Art. 9 para. 2 lit. a GDPR (e.g. health data, if these are required for the exercise of the profession).
If made available, applicants can send us their applications via an online form on our website. The data is encrypted and transmitted to us according to the state of the art.
Applicants can also send us their applications by email. Please note, however, that emails are generally not sent in encrypted form and that the applicants themselves must ensure that they are encrypted. We cannot therefore accept any responsibility for the transmission of the application between the sender and receipt on our server and therefore recommend that you use an online form or the postal dispatch. Instead of using the online application form and email, applicants can still send us their application by post.
If the application is successful, the data provided by the applicants can be further processed by us for the purpose of employment. Otherwise, if the application for a job offer is not successful, the applicants' data will be deleted. Applicants' data will also be deleted if an application is withdrawn, which the applicants are entitled to do at any time.
The deletion will take place after a period of six months, subject to a justified revocation by the applicant, so that we can answer any follow-up questions to the application and meet our obligations under the Equal Treatment Act. Invoices for any reimbursement of travel expenses are archived in accordance with tax regulations.
As part of the application, we offer applicants the opportunity to be included in our "talent pool" for a period of two years on the basis of consent within the meaning of Art. 6 para. 1 lit. a. and Art. 7 GDPR.
The application documents in the talent pool will only be processed in the context of future job advertisements and the search for employees and will be destroyed at the latest on expiry of the deadline. Applicants are informed that their consent to inclusion in the talent pool is voluntary, has no influence on the current application procedure and they can revoke this consent at any time for the future and declare their objection within the meaning of Art. 21 GDPR.
We maintain publicly available profiles in social networks. The individual social networks we use can be found below.
Social networks such as Facebook, Twitter etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g. like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.
Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.
Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 (1) (a) GDPR).
If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g. Facebook).
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
The data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.
We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g. in their privacy policy, see below).
We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook’s statement the collected data will also be transferred to the USA and to other third-party countries.
We have signed an agreement with Facebook on shared responsibility for the processing of data (Controller Addendum). This agreement determines which data processing operations we or Facebook are responsible for when you visit our Facebook Fanpage. This agreement can be viewed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.
You can customise your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
Details can be found in the Facebook privacy policy: https://www.facebook.com/about/privacy/.
We use the short message service Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.
You can customise your Twitter privacy settings in your user account. Click on the following link and log in: https://twitter.com/personalization.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.
For details, see the Twitter Privacy Policy: https://twitter.com/privacy.
We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.
For details on how they handle your personal information, see the Instagram Privacy Policy: https://help.instagram.com/519522125107875.
We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on their handling of your personal data can be found in the XING Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung.
We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa und https://www.linkedin.com/legal/l/eu-sccs.
For details on how they handle your personal information, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.
We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found in the YouTube privacy policy: https://policies.google.com/privacy?hl=en.
Last update of the privacy policy: July 2024