Privacy

The following notes give a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. Detailed information on the subject of data protection can be found in our privacy policy below.

Data processing on this website is carried out by the website operator. You can find their contact details in the imprint of this website.

The controller responsible for data processing on this website is:

Schindler Galabau, Owner: Maurice Schindler
Burgstraße 124a
29227 Celle
Phone: 0176 45290745
Email: info@schindler-galabau.de

Under German law, a data protection officer must only be appointed in certain cases (e.g. where statutory BDSG thresholds are exceeded). Where no such obligation applies to us, no data protection officer has been appointed. Please contact us directly using the contact details given in section 2 for any privacy-related requests.

Unless a more specific storage period is stated in this privacy policy, your personal data will remain with us until the purpose for processing no longer applies. If you assert a legitimate request for erasure or withdraw consent, the data will be deleted unless we have other lawful grounds for further storage (e.g. commercial or tax retention periods; in that case deletion takes place after those periods end).

Where this privacy policy refers to a legal basis under Art. 6 (1) GDPR, processing may be based on the performance of a contract or pre-contractual measures (lit. b), on your consent (lit. a) and/or on our legitimate interests (lit. f), in particular the secure and efficient provision of this website.

This website is operated on servers located in the European Union / European Economic Area. We have concluded a data processing agreement with our hosting provider pursuant to Art. 28 GDPR. Please add your provider’s name, address and a link to its privacy information (e.g. via LEGAL_HOSTING_NOTICE_EN in your .env).

The hosting provider automatically collects and stores information in server log files that your browser transmits. This typically includes:

• browser type and version
• operating system used
• referrer URL (previously visited page)
• hostname of the accessing computer
• time of the server request
• IP address
• amount of data transferred

Processing is based on our legitimate interests in the stable and secure provision of our online service (Art. 6 (1) (f) GDPR) as well as for technical error analysis and abuse prevention. Server log data are stored separately from other data relating to you and are deleted or anonymised after no more than 14 days unless required as evidence.

This site uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content. You can recognise an encrypted connection when the browser address bar changes from “http://” to “https://” and a lock icon appears in the address bar. When SSL/TLS is active, third parties cannot read data you send to us.

Our website may use cookies. Cookies do not harm your device and do not contain viruses. They help make our offer more user-friendly and secure.

We use technically necessary cookies or similar technologies required for operating the website (e.g. session, security). The legal basis is Art. 6 (1) (f) GDPR and, where applicable, Section 25 (2) No. 2 TTDSG (storage of strictly necessary information).

In particular, a session cookie named “schindler-galabau-session” may be used to maintain the technical session between your browser and our server (including security features and form protection). The exact behaviour depends on your browser and our application configuration.

We store your choices about optional services (e.g. Google Maps) in your browser’s local storage under the key “msc_consent_v1” so we can restore your settings on your next visit. If you gave consent, the legal basis is Art. 6 (1) (a) GDPR in conjunction with Section 25 TTDSG.

You may withdraw consent at any time with future effect and adjust storage by reopening the cookie settings via the “Cookie settings” link in the footer or by clearing site data in your browser.

If you contact us by phone, email or WhatsApp, your enquiry and any personal data arising from it (name, message content, phone number if applicable, metadata) will be processed to handle your request. We will not share this data without your consent.

Processing is based on Art. 6 (1) (b) GDPR where your request relates to contractual performance or pre-contractual steps. In other cases processing is based on our legitimate interest in handling enquiries directed to us (Art. 6 (1) (f) GDPR) or, where obtained, on your consent (Art. 6 (1) (a) GDPR).

We delete data in this context as soon as storage is no longer necessary, or restrict processing if statutory retention obligations apply (e.g. commercial or tax law).

If you contact us via WhatsApp, the service is provided by WhatsApp Ireland Ltd. and/or its parent company Meta Platforms, Inc. In particular communication metadata, phone numbers and message contents may be processed; details are set out in the privacy policy of WhatsApp/Meta.

The legal basis is Art. 6 (1) (b) GDPR (pre-contractual/contractual communication) or Art. 6 (1) (a) GDPR where you voluntarily use the service. Information on international transfers and your rights: Meta – privacy policy (external)

We embed Google Maps to show our locations. Provider: Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. The embed is only loaded after you have consented in our cookie/consent banner (Art. 6 (1) (a) GDPR in conjunction with Section 25 TTDSG).

Using Google Maps may transfer your IP address and location data to Google and process them on servers outside the EU (e.g. the USA). Google may apply EU standard contractual clauses and/or other safeguards under Art. 46 GDPR. Further information: Google – privacy policy

We currently do not use further tracking, analytics or remarketing tools beyond the services described here. Should this change, we will update this privacy policy in advance and, where necessary, obtain consent.

You have the right at any time to:

• obtain information about the origin, recipients and purpose of your stored personal data free of charge (Art. 15 GDPR);
• request rectification of inaccurate data (Art. 16 GDPR);
• request erasure of your data stored with us (Art. 17 GDPR);
• request restriction of processing (Art. 18 GDPR);
• object to processing where we rely on legitimate interests (Art. 21 GDPR);
• withdraw consent with future effect where processing is based on consent (Art. 7 (3) GDPR);
• data portability where the conditions are met (Art. 20 GDPR).

You also have the right to lodge a complaint with a supervisory authority about our processing of your personal data.

The supervisory authority responsible for us in data protection matters is: Die Landesbeauftragte für den Datenschutz Niedersachsen. Contact details: https://www.lfd.niedersachsen.de/startseite/

We use the widely established SSL/TLS procedure in conjunction with the highest level of encryption supported by your browser. We also implement appropriate technical and organisational measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties.

We may update this privacy policy so that it always complies with current legal requirements or to reflect changes to our services. The version published here at the time of your visit applies.