Privacy SHB GmbH

Legal

Privacy policy

Information on the processing of personal data under the GDPR.

1. Privacy at a glance

General information

The following information provides an overview of what happens to your personal data when you visit this website.

Personal data means any information relating to an identified or identifiable natural person.

You will find detailed information on data protection in the following sections of this privacy policy.

Data collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by SHB GmbH. You will find our contact details in the section “Controller”.

How do we collect your data?

On the one hand, your data is collected when you provide it to us, for example by using a contact form or sending us an email enquiry.

Other data is collected automatically when you visit the website by our IT systems or our hosting provider. This includes in particular technical data such as browser type, operating system, pages accessed, time of access and technical access data.

What do we use your data for?

We use your data solely to provide a secure and functional website and to handle your enquiries.

We do not use your data for advertising purposes, user tracking or marketing disclosure.

2. Controller

The controller responsible for processing data on this website is:

SHB GmbH
Roßfelder Straße 64
74564 Crailsheim
Germany

Phone: +49 (0) 7951 9424-0
Fax: +49 (0) 7951 9424-14
Email: info@shb-gmbh.com

Represented by:
Kim-Nadine Stolle
Jens-Olaf Stolle

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.

3. Hosting and technical provision of the website

Hosting on a dedicated server with IONOS

This website is operated on a dedicated server hosted by IONOS.

The provider is:

IONOS SE
Elgendorfer Straße 57
56410 Montabaur
Germany

When you visit our website, technical access data is processed by the server or hosting provider. This may include in particular:

  • requested web page or file
  • date and time of access
  • browser type and version
  • operating system used
  • device type used
  • referrer URL
  • IP address or anonymised IP address
  • technical status messages
  • amount of data transferred

For web hosting products, IONOS describes processing including referrer, requested page or file, browser type, operating system, device type, time of access and an anonymised IP address. According to IONOS, such visitor data is stored for 8 weeks.

Processing is based on Article 6(1)(f) GDPR. Our legitimate interests are the secure, stable and technically reliable provision of this website as well as detecting and defending against attacks, misuse or technical disruptions.

We have concluded a data processing agreement with IONOS pursuant to Article 28 GDPR.

4. Technical implementation of the website

This website was built with Astro and is delivered as a static or predominantly static site.

As matters currently stand, this website:

  • does not use analytics tools,
  • does not use tracking tools,
  • does not set marketing cookies,
  • does not load external fonts from Google Fonts or comparable services,
  • does not embed social media plugins,
  • does not use embedded third-party content such as YouTube, Google Maps or external tracking scripts.

Should external services, analytics tools, embedded media or comparable features be added in future, this privacy policy will be updated accordingly.

5. Cookies and similar technologies

As matters currently stand, this website does not use cookies or similar technologies to recognise visitors.

In particular, there is no tracking, profiling or analysis of user behaviour.

A cookie banner is therefore not currently required, provided no cookies or comparable technologies requiring consent are actually used.

6. Contact form and enquiries by email

If you contact us via the contact form or by email, we process the personal data you provide.

This may include in particular:

  • name
  • company
  • email address
  • telephone number
  • content of your enquiry
  • time of the enquiry
  • technical metadata of the submission

Processing is solely for handling your enquiry and related communication.

The legal basis is Article 6(1)(b) GDPR if your enquiry relates to entering into or performing a contract.

In all other cases, processing is based on Article 6(1)(f) GDPR. Our legitimate interest is the proper handling of incoming enquiries.

Retention of contact enquiries

Personal data from general contact enquiries is stored only as long as necessary to process the enquiry.

Unless an order, offer, business relationship or statutory retention obligation arises from the enquiry, data will be deleted no later than 30 days after final processing.

Where statutory retention obligations apply or the enquiry becomes part of a business process, the respective statutory retention periods apply.

7. Email communication

If you communicate with us by email, the data you transmit will be processed to handle your enquiry.

Please note that email communication may generally have security vulnerabilities. Complete confidentiality during transmission cannot be guaranteed.

For confidential information, we recommend agreeing a suitable transmission channel in advance.

8. SSL/TLS encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL/TLS encryption.

You can recognise an encrypted connection when the browser address bar begins with https:// and a padlock icon is shown.

When SSL/TLS encryption is enabled, data you send to us cannot readily be read by third parties during transmission.

9. Legal bases for processing

We process personal data on the following legal bases:

Article 6(1)(b) GDPR

Processing for the performance of a contract or pre-contractual measures.

Article 6(1)(f) GDPR

Processing for legitimate interests, in particular secure provision of the website, handling enquiries and technical protection of our systems.

Article 6(1)(c) GDPR

Processing to comply with legal obligations where statutory retention, documentation or proof requirements apply.

10. Recipients of personal data

Personal data is disclosed to third parties only where necessary to process your enquiry, provide the website technically, fulfil a contract or comply with legal obligations.

Our hosting provider IONOS SE is involved in particular as a technical service provider.

Personal data is not disclosed for advertising purposes.

11. Transfers to third countries

As matters currently stand, personal data is not transferred to countries outside the European Union or the European Economic Area in the ordinary operation of this website.

Should services be integrated in future where a transfer to a third country is possible, this privacy policy will be supplemented accordingly.

12. Storage period

We store personal data only as long as necessary for the respective processing purposes.

Technical server and access data is stored only as long as necessary for operation, error analysis and defence against attacks.

Contact enquiries are generally deleted no later than 30 days after final processing unless statutory retention obligations apply or there are legitimate interests in longer storage.

13. Your rights

Under applicable law you have the following rights at any time:

  • right of access to your stored personal data
  • right to rectification of inaccurate data
  • right to erasure of your data
  • right to restriction of processing
  • right to data portability
  • right to object to processing
  • right to withdraw consent with effect for the future

If you wish to exercise any of these rights, you may contact us at any time.

Email: info@shb-gmbh.com

14. Right to object to processing based on legitimate interests

Where processing of your personal data is based on Article 6(1)(f) GDPR, you have the right to object at any time on grounds relating to your particular situation.

If you object, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for processing or processing is necessary for establishing, exercising or defending legal claims.

15. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe processing of your personal data infringes the GDPR.

For companies based in Baden-Württemberg, the competent authority is:

The State Commissioner for Data Protection and Freedom of Information Baden-Württemberg
Lautenschlagerstraße 20
70173 Stuttgart
Germany

16. Currency and changes to this privacy policy

This privacy policy is currently valid as of: May 2026.

We reserve the right to adapt this privacy policy if there are technical changes to the website, legal requirements or changes to our internal processes.