Privacy Policy

Data protection principles

This Data protection principles applies exclusively to the internet content and services of SW Zoll-Beratung GmbH and within the scope of the employment relationship.

Thank you for your interest in our company, our products and our services. Our privacy notice aims to let you know what data we collect from you, how we use this data and how you can object to the use of data.

It is basically possible to use our web pages without providing personal data. Certain services and activities provided by our company via our internet site may make it necessary to process personal data. The following privacy notice will provide you with detailed information about this. Please note that our web pages may contain links to other providers that are not covered by this privacy notice.

Who is responsible for collecting and processing data?

SW Zoll-Beratung GmbH

Dr.-Georg-Schäfer-Str. 17

D-93437 Furth im Wald

Telefon: +49(0) 9973 506-77


collects and processes your data as the controller.

Do you have any questions, suggestions or complaints regarding the processing of your personal data? If so, please contact our data protection officer directly:

Gabriele Töllner

Lyoner Straße 15,

60528 Frankfurt a. M.

Telefon: +49 69 24744-1020

What data do we collect and why are we processing your data?
We collect and process your data only for clearly defined purposes. These arise because of technical necessity, contractual requirements or express requests made by the user.

Thus, we require personal data from you in order to fulfill a contract. We use this data for order processing, collection, delivery, order picking, returns processing, movement of goods, payment processing, credit assessments, delivery to the designated address and, where applicable, for processing cancellations and refunds. In short, to carry out our logistics services.

For reasons of technical necessity, certain data is collected and stored when you visit our web pages. This includes e.g. the date and duration of your visit, the web pages visited, data identifying your browser and type of operating system and the web page via which you came to us.

Legal basis for data processing

Do we share your data with third parties?

Contract processing generally requires the deployment of direct-reporting contract processors, such as data center operators, shipping and freight forwarding service providers, and other parties involved in contract performance. External service providers, who are commissioned by us to process data, are carefully selected and placed under a strict contractual obligation e.g. by way of rigorous technical and organizational measures and supplementary checks. Your data will only be transferred if you have provided your express consent or on the basis of a statutory provision.

Personal data will not be transferred to third countries outside the EU or EEA, or to an international organization, unless appropriate safeguards are in place. These include the EU standard contractual clauses as well as an adequacy decision by the EU Commission.

Irrespective of this, transfer may be necessary:

How long is your data stored?

Your data will be deleted as soon as they are no longer required for the purpose for which they were collected (e.g. within the framework of a contractual relationship). Your data must also be deleted if it is not permissible to store them (particularly if the data are inaccurate and correction is not possible). Where legal or practical obstacles prevent deletion, the data are blocked (e.g. special archiving obligations).

Rights of data subjects

Examples of specific data processing operations


When you register to receive our newsletter, you are required to provide us with your email address. In this case, you are allowing us to use your email address for advertising purposes such as to send you information about similar products or other new features.

When you register for the newsletter, we store the IP address provided at that time by your internet service provider (ISP), in an anonymized form, information about the computer system being used and the date and time of registration. This is necessary in order to discover any possible misuse of the email address and therefore provides us with legal protection. You can unsubscribe from the newsletter at any time by clicking the unsubscribe link at the bottom of the newsletter.

We would like to inform you about the processing of your personal data in the context of the use of CleverReach.

Our website uses CleverReach (CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede) for sending newsletters. With CleverReach newsletters can be organized and analyzed. The data we collect from you (name, e-mail) is stored on CleverReach's servers in Germany or Ireland.

With CleverReach, we can analyze the recipient's behavior by analyzing how many recipients viewed the newsletter and how often which link has been clicked. Furthermore, conversion tracking can be used to check whether a predefined action (e.g. purchase) has been performed. Here you can find more information about the analysis by CleverReach:

Your consent is the basis for the processing of your personal data (Art. 6 sec. 1 lit. a GDPR). You have the right to withdraw your consent at any time. To do this, you must unsubscribe from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation. If you do not want data analysis, you must unsubscribe from the newsletter. You can find the link in the Newsletter.

The data you enter will be stored and deleted from our servers as well as from the CleverReach servers after the revocation has been sent. Data that you have entered for other purposes is not affected (e.g. customer account).

For more information, see CleverReach's Privacy Policy at:

Participation in competitions

Personal data is collected in the course of competitions. The precise details, i.e. what data is collected and for what purpose, are available on the web page of the relevant competition.

Information materials

We store your data in order to be able to send you the requested information material. The legal basis for data processing is your consent to the sending of advertising or information material. (Art. 6 (1) a) GDPR)

Contact form & inquiries

Due to statutory requirements, our web pages contain details enabling you to make fast electronic contact with us as well as direct communication with our companies. Where a data subject contacts us by email or via a contact form, the personal data thereby transferred will be stored automatically. This also applies to inquiries by telephone in which case the information provided by you will be stored in order to process your inquiry. This takes place for the purpose of processing or making contact. Sharing this personal data with third parties without your consent is not permitted unless we are under a legal obligation to do so.

Payment processing

Payment data, such as bank account and credit card details, as well as contact and identification information, are collected in connection with shipping contracts and other services, for the purpose of processing payments. To authorize credit card payments, the verification code is used for every payment transaction. This is not stored but is used only for the purpose of processing the payment.

CCTV surveillance

Parts of our business premises that are not accessible to the public, are equipped with CCTV surveillance. This applies particularly to entrances and ramps or areas subject to special protection due to the storage or handling of particularly valuable goods.

The purposes of CCTV surveillance generally include enforcement of house rules; investigation, prevention and prosecution of criminal offenses; to secure evidence where an offense is committed; processing insurance cases and customer complaints. This CCTV surveillance generally takes place in consideration of the company's legitimate interests, such as e.g. enforcement of the house rules or prevention of criminal offenses and the protection of employees, customers, potential customers and other contract partners. Under no circumstances is it intended to monitor conduct or performance. Signposts indicate the areas subject to CCTV surveillance. The legal basis for processing is Art. 6 (1) (f) GDPR in conjunction with Section 4 BDSG.

Online conferences, meetings and events

For the purpose and in execution of online events such as conferences, meetings, talks and trainings, participant data is processed. The processed data includes contact data and identification data in the context of the event invitation but also technical protocol data such as the IP address during the online live event.

In some instances we record online live events. On those occasions we make sure that only speakers and moderators are recorded in sound and vision.

In order to prevent other participants from seeing your name in the meeting during the event, we recommend the use of your initials. Furthermore, we recommend not to share confidential content via the chat function within the messenger and conference software.

In the context of online events, we sometimes use contractually tied service providers for individual processing activities, such as for the provision of technical infrastructure. For example Microsoft Teams, is used as a service provider for messenger and conference software.

Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA; privacy policy:

Data protection regarding job applications and recruitment procedures

We are delighted that you are interested in us as a possible employer. The protection of personal data of job applicants, employees and all our affiliated third parties is very important to us. We collect and process the personal data of job applicants for the recruitment procedure. Processing may also take place electronically. This mainly occurs where an applicant transmits application documents electronically, for example by email or via an online application tool, to the person responsible for processing it.

We collect personal data relating to you that is relevant for the recruitment procedure or which you transmit to us as part of the application process (including for example first name, surname, address, email, position applied for and the details of your personal application). In order to assess your application carefully, we may also need additional information, e.g. about your professional career.

If, during the application process, we ask you about your gender in the form of the desired salutation, this is exclusively due to the fact that we would like to write to you or address you in the correct manner. The indication of your age and/or the input of your date of birth is justified by the fact that for some of our activities a minimum age is legally intended. If you are a citizen of a country outside the EU, a work permit is required for Germany. Therefore we ask you in the application procedure also for your nationality.

When you make an online application, you enter your personal data into an online form or send them by email and upload the accompanying documents. In the case of applications by other channels, we collect the relevant information from your application and store your application documents in our system.

When you apply for a specific job or take part in a recruitment event, you can actively consent to the transmission of your personal data for the purpose of applying for other possible jobs in the same or another group company (national or international). If you do not give your consent or if you withdraw consent, this means that your application cannot be considered further for other jobs. You can withdraw your consent for transmission at any time by post to the address given above or by email to Withdrawal of consent to the transmission of your application means that your application cannot be considered further for other jobs. If your application could be considered by another group company but we do not have your consent, we would always obtain your express consent before sharing your data.

Due to the organizational structure of our company and depending on your chosen application channel, your application may be processed by various offices. In all cases, your personal data will be processed exclusively by the company responsible for the job advertisement and, where applicable, by service providers that are contractually bound and legally obliged to comply with the relevant data protection provisions.

Under the Anti-Terrorism Regulations EC 2580/2001 and EC 881/2002 our company is prohibited from maintaining commercial relations with persons or organizations suspected of terrorist activity. In order to comply with these Regulations, we are obliged to check all job applicants, who are invited to an interview, against a sanctions list of persons and organizations suspected of terrorism. This of course takes place in compliance with all data protection provisions.

When an employment contract comes into effect with an applicant, the data transmitted for the purpose of processing the employment relationship is stored in accordance with the statutory provisions. When no employment contract is concluded with the applicant, the application documents will be deleted automatically three months after notification of refusal has been given, unless other legitimate interests of the party responsible for processing prevent such deletion. Another legitimate interest in this sense is, for example, the duty to provide evidence in proceedings under the Equal Treatment Act (AGG). If you attend our Assessment Center for our sandwich degree courses or take part in our trainee program, we will store your results for a maximum period of 12 months.

In addition, you have the right to request us to delete your data. If you want us to delete your application data, subject to compliance with the statutory retention periods, please contact the address indicated above.

In the context of the employment relationship

A. Objectives and legal bases

  1. Your personal data will be processed by your employer and any mentioned group companies primarily for establishing, implementing and terminating your employment (Art 6 (1) b, Art 88 GDPR in conjunction with § 26 (1) BSSG). For this purpose, it is necessary to collect various types of personal data, such as your contact information and HR master data and data which is required for your payroll or the transfer to the pension insurance fund. If this is necessary for the performance of your employment relationship, you are obliged to provide the necessary information and must otherwise expect that personnel processes will not function or that sanctions under employment law will also be possible. For important areas, e.g. the use of company IT, more specific regulations and legal bases are contained in company agreements. In the context of the implementation of the employment relationship, your personal data is collected and processed in particular for the more concrete purposes listed below - whereby, due to the factual context, such purposes are also named which are also covered exclusively or partially by the legal basis of a consent (they are marked with **):
  2. Occasionally, your personal data may also be collected on the basis of consent given by you voluntarily in writing or in text form (Art. 6 (1) a or Art. 9 (2) a GDPR, § 26 (2), (3) BDSG). This is only the case in very exceptional cases, for example in the context of voluntary personnel development measures, photo publications or additional offers to your advantage, e.g. child care or additional offers within the company pension schemes.
  3. During your time of employment, your personal data will also be processed on the basis of overriding legitimate company interests (Art. 6 (1) f GDPR). This is permissible if the interests of the company outweigh the personal right of the employees concerned in the concrete consideration of interests. This may be the case within the scope of the fulfilment of operational requirements, e.g. within the scope of video surveillance or access control for access to our buildings and the company premises, in order to protect the safety of the operating resources and employees and to preserve the domestic authority. Some of the above-mentioned collection or internal forwarding of personal data within the Group takes place on this legal basis in order for other Group companies to perform central functions for the purpose of efficient performance of Group tasks, such as the collection of data by the central legal department when it comes to safeguarding legal claims.
  4. In the context of your employment with one of us, personal data is also collected by the employer or another company of the DB Group on the basis of other legal bases. This is particularly the case if personal data are collected and processed on the basis of legal obligations, e.g. tax or social security law (Art. 6 (1) c GDPR in connection with the respective legal obligation under European or national law, e.g. in accordance with the Tax Code or Social Security Code). The legal basis for possible measures of internal clarification of the facts of the case is § 26 (1) sentence 2 BDSG; the DB Group also has provisions on this in works agreements.
  5. special categories of data" - that is, health data or data about your ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data for unique identification, health data or data about sex life or sexual orientation - may also be collected in the context of employment. The following applies to them: their collection and processing is subject to strict rules. They may only be collected based on the legal bases referred to in Article 9 (2) GDPR , e.g. on the basis of consent or, if necessary, in order to exercise or comply with rights and obligations under labour law, social security law or social protection.

B. Origin of data

The data is initially collected is based on the information you have provided yourself when establishing your employment, from the personnel questionnaire. Further personal data is collected on the basis of your information, applications and notifications during your employment (e.g. change of marital status, indication of changed contact or account data), as well as in the context of your own activities, e.g. when using work tools such as scheduling systems, or on the basis of information from your superiors or third parties in connection with personnel processes in which your data is processed for a specific purpose (e.g. grouping, qualification, documentation of employee appraisals, payroll accounting, time recording). In addition, certain data is transferred from one personnel data system to other personnel data systems for a specific purpose (for example, data from identity management via interfaces to systems that you use or that HR uses). In addition, we receive personal data from authorities, social insurance carriers and, where applicable, other external third parties.

C. When will your data be deleted?

Your data will always be kept for as long as required for the respective purposes and subsequently deleted, considering the statutory retention periods. Once the purpose of the data collection has been achieved, data access will be restricted (i.e. blocked) for a necessary retention period during processing and subsequently deleted. This is based on differentiated deletion concepts.

D. When is data passed on?

As part of your work, you make your personal data available to other employees as part of cooperation. Your personal data is exchanged between individual departments, Group companies and personnel systems in the DB Group to the extent necessary for the purposes described above. Furthermore, your personal data will be passed on to authorized external recipients to the extent necessary to fulfil the purpose on the basis of legal or contractual requirements, taking into account the principle of data economy. These include external contractors, tax authorities, social insurance carriers, banks, insurance companies, DB Group social institutions and auditors. These may also be recipients in other Member States of the European Union or the European Economic Area (EEA). In rare cases, e.g. in the case of delegation, recipients in countries outside the EU/EEA. In the latter case, this only takes place if the legal requirements are fulfilled and an appropriate level of data protection is ensured for the recipient.

E. Data Overview

An overview of the categories of personal data stored about you, including the procedures, the purpose of processing, recipients and persons with access rights can be found in document 08 ZF015 Annex Data Overview. It is important to us that we make the processing of your data transparent. The extent to which data about you is collected, processed and stored can be seen in the data overview.

Implementation of training

External service providers are regularly used for the implementation of face-to-face training as well as for online training. These external partners receive participant lists and create the participation certificates. In principle, lists of participants are also created for internal training courses to create certificates.
For events that do not take place in the premises of SDAG, the booking of hotels and venues may be necessary. To book the data of the participants will be transmitted in advance.

Data protection for Corona tracking

Companies are obliged to take the necessary measures to ensure the occupational safety and health of employees on the basis of their duty of care and the Occupational Safety and Health Act (ArbSchG) and health protection. This includes the employer's obligation to protect employees from infection by a sick person. This includes not only the company's relationship with its employees, but also its customers.

1. Categories of personal data

In order to contain the pandemic and protect the health of our employees, the following personal or personal data are currently collected by our employees:

2. Purpose and legal basis of the processing

The data is collected for the purpose of the subsequent execution of infection chains in connection with Covid-19, in accordance with the requirements of the Occupational Safety and Health Act and the requirements of the Federal Ministry of Labour and Social Affairs on the Corona pandemic. A legal basis for processing within the meaning of Art. 6 (1) c GDPR and, on the basis of health protection, also § 22 (1) lit.c BDSG is given.

3. Transfer of data to third parties

A transfer to the relevant health office of the above-mentioned data takes place only if there is an official order or other measure, which is based by the authority on the Infection Protection Act. Your data will only be passed on to the competent health authority as a third party in cases of the above-mentioned legal bases.

4. Duration of storage

The data will be retained for the duration of four weeks after your last stay and will subsequently be deleted or destroyed in accordance with data protection regulations.

General information on using our web pages

When using this general data and information, we do not draw any conclusions about the data subject. Such information is in fact required in order to ensure that our online content is correct, to optimize advertising for the internet site, to ensure that our IT systems and the technology for our internet site remain in working order at all times, and to provide prosecution authorities with information in the event of a cyberattack. This anonymized data and information ultimately serve to increase data protection and data security in our company. The anonymized data in the server log files is stored separately from all personal data entered by a data subject.


Cookies are small files that are stored on your PC. These cookies enable our server to recognize your computer and make it easier for you to navigate and use our web pages. We distinguish between cookies that are essential for the technical functions of the web page and cookies that are not essential for the technical functions of the web page. The use of our web pages is generally possible without cookies that do not serve any technical purpose. Please note that if you refuse cookies used for advertising purposes, you will receive advertisements that are less personalized and less suited to your interests. You will, however, still be able to make full use of the web page.

Browser settings to manage cookies

You can set your browser to prevent tracking by cookies (do-not-track, tracking protection list) or to block storage of third-party cookies. In addition, we recommend that you make a regular check of stored cookies. The pages listed below show you how to change your browser settings:

Please note: if you delete all cookies, any opt-out cookies already on your hard drive may also be deleted so you may have to reactivate any previous opt-outs.

Social plug-ins and embedded content

Our pages contain plug-ins from social networks that allow you to recommend our content to other people. We thus offer you the possibility of interacting with social networks and other users.

When you visit our web pages, you may find grayed-out images of the relevant functions instead of the actual plug-ins as these will not have been activated when the web page was loaded. Clicking on the image activates the plug-in and you will be forwarded to the relevant social network. The data flow arising at that moment is the responsibility of the relevant social network. We, as the provider of our pages, have no knowledge of the content of the data processed by the social network or of the processing operation. The legal basis for the use of plug-ins is Article 6 (1) (f) GDPR.

An overview and origin of the social plug-ins that can be activated by the Shariff solution is available here:

Embedded Content

We want to provide you with a wide range of multi-media content. Thus our web pages contain embedded YouTube videos. The legal basis for this is Art. 6 (1) (f) GDPR. When visiting the pages, you will find a link. When you click the link to play the video, you leave our web page and are forwarded to YouTube. At this point, Google as the operator of YouTube, will set cookies and pixel tags for the personalization of advertising and search results. Google is solely responsible for this data processing as the operator of YouTube. We have no knowledge of, or control over, which data is processed. Additional information is available at:

Google Maps
We include Google Maps on our website. If you give your consent, your IP address will be transmitted to Google Inc. 1600 Amphitheater Parkway, Mountain View, CA 94043, USA .
You can find the corresponding privacy statement at
On the website you can make settings for your privacy.

Is data transmission encrypted

Data and emails sent via the internet are normally unencrypted and are therefore not protected against third-party access. In order to protect your data on our web pages, your connection to our server is transport encrypted by default using the Transport Layer Security (TLS) encryption method with at least 256 bit. Since we cannot guarantee the confidentiality of the information sent to us via email, we recommend that you only send confidential information by contact form or post.

Updates to the data privacy notice

We update this privacy notice to reflect modified functionality or changes to the legal situation. We therefore recommend that you review the privacy notice periodically.

Updated: November 26th, 2021