Privacy Policy

1. Controller

Hans Schröder Maschinenbau GmbH
Feuchten 2
82405 Wessobrunn-Forst
Germany

Phone: +49 8809 9220-0
Email: info@schroedergroup.eu

2. Data Protection Officer

Dietmar Vogt
Email: datenschutz@schroedergroup.eu
Phone: +49 8809 9220-63

3. Overview of Data Processing

SchroederLogin is the central authentication service for the web applications of the Schroeder Group. The following personal data is processed:

3.1 Registration and Login

The following data is processed during registration and use of SchroederLogin:

• Email address — for identification and communication
• Username — for display in the applications
• Password — stored in encrypted form (not in plain text)

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

3.2 Passkeys / WebAuthn

When using passkey login, the public keys and login identifiers provided by the authenticator are stored. Private keys remain on your device and are not transmitted to us.

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

3.3 Two-Factor Authentication (2FA)

When two-factor authentication is enabled, the following is stored:

• Authenticator secrets — for generating and verifying one-time codes
• Recovery codes — as encrypted recovery codes

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in account security).

3.4 Login Tokens and Consents

When logging in to connected applications, login tokens are created that enable secure access. Your consents to the requested permissions of the respective application are stored. You can revoke granted consents at any time under "Manage → Consents".

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

3.5 Email Sending

We send emails for the following purposes:

• Confirmation of email address during registration
• Password reset
• Change of email address

Emails are sent via the mail server mail.informeon.de (STARTTLS, port 587).

Legal basis: Art. 6(1)(b) GDPR (performance of contract).

3.6 Cookies

SchroederLogin uses only technically necessary cookies:

• Session/authentication cookies — to maintain your login
• Security token — to protect against security attacks (cross-site request forgery)
• Language cookie — to store your language preference

No tracking, analytics or advertising cookies are used.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in technical functionality).

4. Server Log Files

The web server automatically collects and stores information in server log files that your browser transmits automatically:

• IP address of the requesting device
• Date and time of the request
• Requested URL and HTTP method
• HTTP status code
• Amount of data transferred
• Browser type and version (user agent)

This data is processed to ensure the operation of the service and to detect attacks, and is deleted after 30 days.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in operational security).

5. Your Rights

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR) — You can request information about your stored data.
• Right to rectification (Art. 16 GDPR) — You can request the correction of inaccurate data.
• Right to erasure (Art. 17 GDPR) — You can request the deletion of your data. You can delete your account and all associated data under "Manage → Personal data".
• Right to restriction of processing (Art. 18 GDPR) — You can request the restriction of processing.
• Right to data portability (Art. 20 GDPR) — You can request your data in a machine-readable format. A download function is available under "Manage → Personal data".
• Right to object (Art. 21 GDPR) — You can object to the processing of your data.

6. Right to Lodge a Complaint with a Supervisory Authority

If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. The competent authority for us is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
www.lda.bayern.de

7. Changes to this Privacy Policy

This privacy policy is current as of February 2026. Due to the ongoing development of our web application or changes in legal or regulatory requirements, it may become necessary to amend this privacy policy.