Art. 12 DSGVO Transparent information

We are aware of the importance of the personal data you entrust to us. We consider it one of our most important tasks to ensure the confidentiality of your data.

In accordance with the Basic Data Protection Regulation (DSGVO), we would like to fulfil our duty to inform you when we collect personal data and to inform you transparently about the type, scope and purpose of the personal data we collect and to inform you about the rights to which you are entitled.  

1. Contact details of the data controller
The data controller within the meaning of the General Data Protection Regulation, is:
Schöffel Sportbekleidung GmbH
Ludwig-Schöffel-Strasse 15
86830 Schwabmünchen
E-mail address: 

The appointed data protection officer is
Mr. Stephan Hartinger
Coseco GmbH
Telephone: +49 8232 80988-70

2. What sources are used to collect personal data?
We process personal data that we receive directly from our customers during our business relationship. In addition, we process personal data received from other companies, e.g. for the purpose of executing orders, fulfilling contracts or on the basis of consent given by you, in particular through personal, telephone or written contacts, initiated by you or by one of our employees, other personal data arise, e.g. information on contact channel, date, occasion and result; (electronic) copies of correspondence as well as information on participation in direct marketing measures. 

Personal data relevant to us may include:
2.1 Customer contact information
Within the framework of the business initiation phase and during the business relationship, we collect the following data: (Personal master data: e.g.: First name, last name, gender, date of birth; Address data: e.g.: Street, postcode/city, billing address, delivery address, company address; communication data: e.g.: E-mail, telephone numbers, fax number; Contract master data: e. g.: Professional position, department, company, representative number, customer number). We collect this data in order to provide you with the best possible service and to fulfil the individual business relationship.  

2.2 Acquisition of new customers
In order to carry out customer acquisition, we process personal data that we have permissibly obtained from publicly accessible sources (e.g. trade and association registers, press, media, Internet) and are permitted to process. We collect this data in order to build up the core business of Schöffel Sportbekleidung GmbH in a sustainable manner. 

2.3 Trade fairs/events
In the context of a trade fair/event we collect data (e.g.: Salutation, title, surname, first name, company, street, postcode, town, e-mail, industry information if applicable), which we use for the purpose agreed individually with you. 

2.4 Business customers
Within the scope of business relations with commercial customers, we collect data (e.g. creditworthiness documents business: income/surplus statements, balance sheets, business management evaluation, type and duration of self-employment; planning and control data: e.g.: Support - ticket - data (password reset), call notes, visit reports, email token for double opt in, conversion page, days since registration; Time tracking data: e.g..: Date / time marketing consent, date / time privacy consent).

2.5 Marketing
In the context of marketing activities, such as newsletter marketing, events, etc., we collect data for the purpose of implementing the individual activities. The data according to 2.1. -2.4 


3. What is your data processed for (purposes) and on what legal basis?
We process the aforementioned personal data in accordance with the provisions of the EU General Data Protection Regulation (DSGVO) and the Federal Data Protection Act (BDSG):

When processing personal data for which we obtain the consent of the data subject, Art. 6 (1) lit. a DSGVO serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) DSGVO serves as the legal basis.  This provision also covers processing operations that are necessary for the performance of pre-contractual measures.

Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) (c) DSGVO serves as the legal basis.

For direct marketing (e.g.: competitions, newsletters, etc.), only the personal data required for the respective purpose is collected. This is personal data that has been provided to us by the person concerned in order to participate in the relevant purpose. 

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Article 6 (1) (f) DSGVO serves as the legal basis for the processing. The legitimate interest of our company lies in the performance of our business activities.


4. Disclosure of data to third parties
Within our company, only those persons and offices receive your personal data that require it to fulfil our contractual and legal obligations.

We transfer data to third parties if we need it to fulfil a contractual obligation.

Furthermore, we transmit data to third parties if there is a legal obligation to do so. This is the case if state institutions (e.g. authorities and offices) request information in writing, a court order exists, or a legal basis permits the transfer.

In addition, if necessary, we may transfer data within our Schöffel Group to the relevant specialist department. These may be the following companies: 

  • Schöffel PRO GmbH, Albert-Einstein- Str. 1, 86830 Schwabmünchen.
  • Schöffel-Lowa Sportartikel GmbH & Co KG, Ludwig-Schöffel-Str. 15, 86830 Schwabmünchen
  • Schöffel Austria GmbH, Grabenweg 68, 6020 Innsbruck, Austria
  • Schöffel Schweiz AG, Hauptstr. 17, 9053 Teufen, Switzerland


5. Transfer of data to third countries
We transfer personal data to service providers outside the European Economic Area to the following countries:
-        USA
The level of data protection is guaranteed as follows:
-        We have concluded an order processing agreement with Salesforce for the transfer of data. In addition, Salesforce is legally bound via the standard contractual clauses, data-processing-addendum.pdf ( Please refer to the privacy policy of Salesforce Inc. for further information, see privacy policy / data protection provisions on the homepage under point: F. 10.


6. Storage period of data/deletion periods
We process and store your personal data as long as it is necessary for the fulfilment of our contractual obligations and for all other purposes mentioned under point 3 or as provided for by the retention periods stipulated by the legislator.

If the data is no longer required for the fulfilment of contractual or legal obligations, it will be blocked for further processing or deleted on a regular basis and in accordance with the statutory provisions.


7. Data protection rights of the data subject
If you have any questions about your personal data, you can contact us in writing at any time.

You have the following rights under the GDPR:
The right to information (sub-article Art. 15 DSGVO).
The right to rectification (Art. 16 DSGVO)
The right to deletion (Art. 17 DSGVO)
The right to restriction (Art. 18 DSGVO)
The right to data portability (Art. 20 GDPR)
The right to object (Art. 21 DSGVO)
The right to lodge a complaint with the data protection supervisory authority (Art. 77 DSGVO in conjunction with § 19 BDSG)
The right to withdraw consent under data protection law (Art. 7 para. 3 DSGVO)


8. Legal or contractual provisions on the provision of personal data and possible consequences of failure to provide such data
We hereby point out that the provision of personal data is required by law in certain cases (e.g. tax regulations) or may result from a contractual provision (e.g. information on/of the contractual partner). For example, it may be necessary for the conclusion of a contract that the person concerned/the contractual partner must provide his/her personal data so that his/her request (e.g. order) can be processed by us at all. An obligation to provide personal data arises primarily when a contract is concluded. If no personal data is provided in this case, the contract with the person concerned cannot be concluded. Before providing personal data by the data subject, the data subject may contact our data protection officer or the controller. The data protection officer or the controller will then inform the data subject whether the provision of the required personal data is prescribed by law or contract or is necessary for the conclusion of the contract and whether an obligation arises from the concerns of the data subject to provide the personal data or what the consequences are for the data subject of not providing the requested data.


9. Legal existence of automated decision-making (including profiling). 
As a responsible company, we do not use automated decision-making or profiling in our business relationships.