Data Privacy Policy
 
We are delighted that you have shown an interest in our company. Data privacy is something we value particularly highly at Katimex Cielker GmbH. The webpages of Katimex Cielker GmbH can generally be used without having to enter personal data. However, if a data subject would like to use specific services offered by our company via our website, the processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain permission from the data subject. The processing of personal data, such as the name, address, email address and telephone number of a data subject, always takes place in accordance with the General Data Protection Regulation and the applicable country-specific data protection provisions. With this data privacy policy, our company would like to inform the public about the type, extent and purpose of the personal data that is collected, used and processed by us. In addition, data subjects will be informed about their rights via this data privacy policy. As the controller responsible for the processing, Katimex Cielker GmbH has implemented numerous technical and organisational measures to ensure the most comprehensive protection possible for the personal data processed via this website. Nevertheless, internet-based data transmissions may generally have security flaws, with the result that absolute protection cannot be guaranteed. For this reason, every data subject is also free to send us personal data via alternative methods, such as by telephone.

1. Definitions

The data privacy policy of Katimex Cielker GmbH is based on terms that were used by the European issuers of directives and guidelines when issuing the General Data Protection Regulation (GDPR). Our data privacy policy is intended to be easy-to-read and understandable for the public, our customers and our business partners. In order to guarantee this, we would like to explain the terms used beforehand. In this data privacy statement, we use the following terms, inter alia:

• Personal data Personal data is all information that relates to an identified or identifiable natural person (hereinafter referred to as "data subject"). A natural person is considered identifiable if they can be identified, directly or indirectly, particularly by being associated with an identifier such as a name, an identifier code, location data, an online identifier, or one or more specific features that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person. • Data subject A data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

• Processing Processing is any process carried out with or without the aid of automated procedures, or any such sequence of processes in connection with personal data, such as collection, logging, organisation, sorting, storage, adjustment, modification, reading, retrieval, use, disclosure via transmission, distribution or any other form of provision, comparison or correlation, limitation, erasure or destruction.

• Restriction of processing Restriction of processing refers to the marking of stored personal data with the objective of restricting its future processing.

• Profiling Profiling is any type of automated processing of personal data that entails using this personal data to evaluate certain personal aspects that relate to a natural person, in particular in order to analyse or predict aspects related to the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, place of residence or changes of location of this natural person.

• Pseudonymisation Pseudonymisation is the processing of personal data in such a manner that personal data can no longer be allocated to a specific data subject without including additional information, provided that this additional information is stored separately and is subject to technical and organisational measures guaranteeing that the personal data cannot be allocated to an identified or identifiable natural person.

• Controller or controller responsible for the processing A controller or controller responsible for the processing is a natural or legal person, authority, institution or other body that makes decisions, solely or together with others, about the purposes and means of processing personal data. If the purposes and means of this processing are set by Union law or the law of the member state, the controller or the specific criteria it applies can be set in accordance with Union law or the law of the member state.

• Processor A processor is a natural or legal person, authority, institution or other body that processes the personal data on behalf of the controller.

• Recipient A recipient is a natural or legal person, authority, institution or other body to whom personal data is disclosed, regardless of whether it is third-party data or not. Authorities that receive personal data as part of a specific examination assignment in accordance with Union law or thelaw of the member state, however, are not considered recipients.

• Third party A third party is a natural or legal person, authority, institution or other body apart from the data subject, controller, processor and the persons who are authorised to process the personal data under the direct authority of the controller or the processor.

• Consent Consent is any informed and unmistakeable declaration of will submitted by the data subject voluntarily in a particular case, in the form of a declaration or another clear confirmatory action with which the data subject signifies that he/she agrees to the processing of his/her personal data.

2. Name and address of the controller responsible for the processing

The controller within the meaning of the General Data Protection Regulation, other applicable data protection laws in the member states of the European Union, and other provisions of a data protection nature, is:

Katimex Cielker GmbH
Bahnhofstr. 50
54584 Jünkerath
Email: info@katimex.de
Tel: +49 6597 9277-0

3. Name and address of the data protection officer

Roman Nowack
Certified data protection officer (IHK)
Certified data protection auditor (TÜV)
EU-CON BeraterForum GmbH
Waldfeuchter Str. 266
52525 Heinsberg
Tel: +49 (0) 2452 - 99 33 12
Email: r.nowack@eu-con.net

Any data subject can contact our data protection officer directly at any time should they have questions or suggestions about data privacy.

4.Contact details of the competent supervisory authority for data protection:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz
Hintere Bleiche 34
55116 Mainz
Tel: +49 6131 2082449
poststelle@datenschutz.rlp.de


5. Cookies

The webpages of Katimex Cielker GmbH use cookies. Cookies are text files that are placed and stored on a computer system via a web browser. Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a clear identifier of the cookie. It consists of a sequence of characters, via which websites and servers can be matched with the specific web browser in which the cookie is stored. This enables the visited websites and servers to differentiate between the individual browser of the data subject and other web browsers that contain other cookies. A certain web browser can be recognised and identified via its unique cookie ID. By using cookies, Katimex Cielker GmbH can provide the users of this website with user-friendly services that would not be possible without the placing of cookies. By means of a cookie, the information and offers on our website can be optimised for the user. As already mentioned, cookies enable us to recognise the users of our website. The purpose of this recognition is to make the use of our website easier. Users of a website that uses cookies do not, for example, have to re-enter their login details with every visit, because this is done by the website and the cookies stored on the computer systems of the users. Another example is the shopping cart cookie in the online shop. The online shop notes the items that a customer has placed in the virtual shopping cart via a cookie. The data subject can permanently prevent the placing of cookies via our website at any time by setting the web browser used accordingly, and therefore permanently object to the placing of cookies. In addition, already placed cookies can be deleted at any time via a web browser or other software programmes. This is possible in all common web browsers. In some circumstances, if the data subject deactivates the placing of cookies in the web browser used, it may not be possible to use all functions of our website to their full extent.


6. Logging of general data and information

Whenever a data subject or an automated system accesses the website of Katimex Cielker GmbH, it logs a wide range of general data and information. This general data and information are stored in the log files of the server. The following may be logged:

(1) Browser types and versions used
(2) The operating system used by the accessing system
(3) The website from which an accessing system reaches our website (so-called referrer)
(4) The sub-sites that are controlled via an accessing system on our website
(5) The date and time of access to the website
(6) An internet protocol address (IP address)
(7) The internet service provider of the accessing system
(8) Other similar data and information that serves to prevent danger in the case of attacks against our information technology systems

When using this general data and information, Katimex Cielker GmbH does not draw any conclusions about the data subject. Instead, this information is required for the following purposes:

(1) To deliver the content of our website correctly
(2) To optimise the content of our website and its marketing
(3) To guarantee the enduring functionality of our information technology systems and the technology of our website
(4) To provide criminal prosecution authorities with the information necessary for prosecution in the event of a cyberattack.

This anonymously collected data and information is therefore statistically analysed by Katimex Cielker GmbH, with the objective of increasing data privacy and data security within our company, in order to ultimately provide an optimal level of protection for the personal data processed by us. The anonymous data of the server log files is stored separately from all personal data provided by the data subject.


7. Contact form

a. Type and extent of the data processing
The Katimex Cielker GmbH website provides the following contact form. As part of the query dispatch process via the contact form, this data privacy policy is referred to in order to obtain consent. When using the contact form, the following personal data will be processed:
• Email address
• Company (voluntary)
• Message
• First name and surname (voluntary)
• Street, postal code and place (voluntary)
• Telephone number (voluntary)
• Reason for the query (voluntary)
• Source (voluntary)

The entry of the email address is for the purpose of allocating and responding to queries. When using the contact form, no personal data will be passed on to third parties.

b. Legal basis
The data processing described above (see § 4 and § 5[a]) for the purpose of establishing contact takes place in accordance with Art. 6(1)(a) GDPR via the declaration of will submitted voluntarily as follows:

"By entering my data and pressing the 'send' button, I declare my consent to my email address and the entered message being used to respond to my contact request. Any data I submit voluntarily about myself is solely for the purpose of personalising the answer and better allocating the query. I can withdraw my consent to collect the personal data entered during the registration process at any time. Further information about data privacy is available in the data privacy policy."

c. Storage duration
As soon as the query has been processed and the respective matter has been conclusively clarified, the personal data processed via the contact form will be erased by Katimex Cielker GmbH. Further storage may take place in individual circumstances, if this is required by law.

d. Forwarding of data
Katimex Cielker GmbH only forwards data to third parties if:
• You have granted explicit consent in accordance with Art. 6(1)(1)(a) GDPR
• There is a legal obligation to forward the data in accordance with Art. 6(1)(1)(c) GDPR
• This is legally permitted and necessary in accordance with Art. 6(1)(1)(b) GDPR for the performance of a contract
• The forwarding in accordance with Art. 6(1)(1)(f) GDPR is necessary for the establishment, exercise or defence of legal claims, and there is no reason to assume that the data subject has an overriding, valuable interest in not forwarding its data.


8. Routine erasure and blocking of personal data

The controller responsible for the processing will only process and store personal data for the time frame necessary to achieve the purpose of the storage, or if this is required by the European issuers of guidelines and directives or other legislators in laws and provisions to which the controller responsible for the processing is subject. Should the purpose of the storage cease to apply or should a retention period set by the European issuers of guidelines and directives, or another responsible legislator, expire, the personal data will be routinely blocked or erased in accordance with the statutory provisions.


9. Rights of the data subject

• Right to confirmation
Every data subject has the right, granted by the European issuers of guidelines and directives, to request that the controller responsible for the processing confirm whether personal data about him/her is processed. If a data subject would like to exercise this confirmation right, he/she can contact our data protection officer, or another member of staff of the controller responsible for the processing, at any time for this purpose.

• Right to access
Every data subject affected by the processing of personal data has the right, granted by the European issuers of guidelines and directives, to request free information at any time about its stored personal data from the controller responsible for the processing, as well as a copy of this information. Furthermore, the European issuers of guidelines and directives have allowed the data subject to be provided with the following information:

- The purposes of the processing
- The categories of personal data that is processed
- The recipients or categories of recipients to whom the personal data has been disclosed or is yet to be disclosed, particularly in the case of recipients in third countries or at international organisations
- If possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for setting this duration
- The existence of a right to correction or erasure of his/her personal data, or a right to the restriction of this processing by the controller, or a right to object to this processing
- The existence of a right to lodge a complaint with a supervisory authority
- If the personal data is not collected from the data subject: all available information about the origin of the data
- The existence of an automated decision-making process including profiling in accordance with Art. 22(1) and (4) GDPR, and – at least in these cases – meaningful information about the logic involved, as well as the scope and intended effects of such processing for the data subject

In addition, the data subject has a right to obtain information about whether personal data has been sent to a third country or an international organisation. If this is the case, the data subject also has the right to obtain information about the suitable guarantees in connection with the transmission.

If a data subject would like to exercise this right to information, he/she can contact our data protection officer, or another member of staff of the controller responsible for the processing, at any time for this purpose.

• Right to rectification
Every data subject affected by the processing of personal data has the right, granted by the European issuers of guidelines and directives, to request the immediate rectification of its incorrect personal data. In addition, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement, in consideration of the purposes of the processing. If a data subject would like to exercise this right to rectification, he/she can contact our data protection officer, or another member of staff of the controller responsible for the processing, at any time for this purpose.

• Right to erasure (right to be forgotten)
Every data subject affected by the processing of personal data has the right, granted by the European issuers of guidelines and directives, to request that the controller erase its personal data immediately, provided that one of the following reasons applies and that the processing is not necessary:

- The personal data has been collected for such purposes or other circumstances for which it is no longer necessary.
- The data subject revokes its consent on which the processing in accordance with Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR is based, and there is no other legal basis for the processing.
- The data subject objects to the processing in accordance with Art. 21(1) GDPR, and there are no overriding legitimate reasons for the processing, or the data subject objects to the processing in accordance with Art. 21(2) GDPR.
- The personal data has been unlawfully processed.
- The erasure of the personal data is necessary for the fulfilment of a legal obligation in accordance with Union law or the law of the member state to which the controller is subject.
- The personal data has been collected in relation to information society services offered in accordance with Art. 8(1) GDPR.

If one of the above reasons applies and a data subject would like to arrange the erasure of personal data that is stored by Katimex Cielker GmbH, he/she can contact our data protection officer, or another member of staff of the controller responsible for the processing, at any time for this purpose.

The data protection officer or another member of staff will arrange for the erasure request to be fulfilled immediately.

If the personal data is made publicly available by Katimex Cielker GmbH, and our company is obliged to erase the personal data as the controller in accordance with Art. 17(1) GDPR, we will take appropriate measures, including technical measures, in consideration of the available technology and the implementation costs, to inform other controllers responsible for the data processing who process the published personal data that the data subject has requested that this other controller responsible for the data processing erase all links to this personal data, or copies or reproductions of this personal data, provided that the processing is not necessary. The data protection officer or another member of staff will arrange the necessary actions on a case-by-case basis.

• Right to restriction of processing
Any person subject to the processing of personal data has the right, granted by the European issuers of guidelines and directives, to request from the controller the restriction of the processing if one of the following applies:

- The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful and the data subject opposes the erasure of the personal data, and requests the restriction of the use of the personal data instead.
- The controller no longer requires the personal data for the purposes of the processing, but the data subject requires it for the establishment, exercise or defence of legal claims.
- The data subject has objected to processing pursuant to Art. 21(1) GDPR and it has not yet been verified whether the legitimate grounds of the controller override those of the data subject.

If one of the above applies and a data subject would like to request the restriction of the processing of personal data that is stored by Katimex Cielker GmbH, he/she can contact our data protection officer, or another member of staff of the controller responsible for the processing, atany time for this purpose.
The data protection officer or another member of staff will arrange the restriction of the processing.

• Right to data portability
Every data subject affected by the processing of personal data has the right, granted by the European issuers of guidelines and directives, to receive the personal data, which the data subject has provided to a controller, in a structured, commonly-used and machine-readable format. He/she also has the right to transmit this data to another controller without hindrance from the controller to which the personal data has been provided, if the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, or a contract pursuant to Art. 6(1)(b) GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority assigned to the controller.

In addition, when exercising its right to data portability in accordance with Art. 20(1) GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another where technically feasible and provided that the rights and freedoms of others are not adversely affected.

For the assertion of the right to data portability, the data subject can contact the appointed data protection officer or another member of staff at any time.

• Right to object
Every data subject affected by the processing of personal data has the right, granted by the European issuers of guidelines and directives, to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him/her based on Art. 6(1)(e) or (f) GDPR. This also applies to profiling based on these provisions.

In the event of an objection, Katimex Cielker GmbH will no longer process the personal data unless we can demonstrate compelling worthy grounds for the processing which override the interests, rights and freedoms of the data subject, or unless it is for the establishment, exercise or defence of legal claims.

If Katimex Cielker GmbH processes personal data in order to carry out direct marketing, the data subject has the right to object at any time (with future effect) to the processing of personal data for the purposes of such marketing. This also applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, Katimex Cielker GmbH will no longer process this personal data for these purposes.

In addition, the data subject has the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him/her which Katimex Cielker GmbH carries out for scientific or historical research purposes or for statistical purposes in accordance with Art. 89(1) GDPR, unless such processing is necessary to carry out a task in the public interest.

In order to exercise the right to object, the data subject can contact the data protection officer or another member of staff directly. The data subject is also free, in connection with the use of the information society services and irrespective of Directive 2002/58/EC, to exercise its right to object by automated means in which technical specifications are used.

• Automated individual decision-making, including profiling

Every data subject affected by the processing of personal data has the right, granted by the European issuers of guidelines and directives, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her, provided that the decision:

(1) is not necessary for the conclusion or performance of a contract between the data subject and the data controller;
(2) is authorised by the legal provisions of the Union or the member states to which the controller is subject, and these legal provisions contain suitable measures to safeguard the rights and freedoms, and legitimate interests, of the data subject; or
(3) takes place with the explicit consent of the data subject.

If the decision

(1) is necessary for the conclusion or performance of a contract between the data subject and the controller, or
(2) takes place with the explicit consent of the data subject,

Katimex Cielker GmbH will implement suitable measures to safeguard the rights and freedoms, and legitimate interests, of the data subject, including at least the right to obtain human intervention on the part of the controller, to express his/her own point of view, and to contest the decision.

If the data subject would like to assert rights related to automated decisions, he/she can directly contact the data protection officer, or another member of staff of the controller responsible for the processing, at any time for this purpose.

• Right to revoke consent granted under data protection law
Every data subject affected by the processing of personal data has the right, granted by the European issuers of guidelines and directives, at any time to revoke consent to the processing of personal data. If the data subject would like to assert his/her right to revoke consent, he/she can contact the data protection officer, or another member of staff of the controller responsible for the processing, at any time for this purpose


10. Data privacy during applications and the application process

The controller responsible for the processing collects and processes the personal data of applicants for the purpose of handling the application process. The processing may take place electronically. This is the case particularly if an applicant sends corresponding application documentselectronically, e.g. via email or in an online form on the website, to the controller responsible for the processing. If the controller responsible for the processing enters into an employment contract with an applicant, the transmitted data will be stored for the purpose of handling the employment relationship, in consideration of the statutory provisions. If no employment contract is concluded with the applicant by the controller responsible for the processing, the application documents will be immediately erased automatically, 1 week after the announcement of therejection decision at the latest, provided that an erasure does not contradict any other legitimate interests of the controller responsible for the processing. A burden of proof in proceedings in accordance with the Allgemeines Gleichbehandlungsgesetz (AGG [General Act on Equal Treatment]), for instance, is another legitimate interest in this sense.

11. Data pricavy regulations for the use of Facebook

The controller responsible for the processing has integrated components of the company Facebook on this website. Facebook is a social network. A social network is a social meeting point operated online: an online community that generally enables the users to communicate with one another and interact in a virtual space. A social network can serve as a platform to exchange opinions and experiences or enable the internet community to provide personal or business-related information. Facebook enables the users of the social network to create private profiles, upload photos, and network via friendship requests, inter alia.
The company that operates Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA and Canada, the controller responsible for the processing of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

In every instance of access to one the individual pages of this website which is operated by the controller responsible for the processing and in which a Facebook component (Facebook plugin) has been integrated, the web browser on the information technology system of the data subject will be automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component. An overall overview of all Facebook plugins can be viewed at developers.facebook.com/docs/plugins/. As part of this technical process, Facebook will be informed about which specific subpages of our website are visited by the data subject.

If the data subject is logged into Facebook at the same time, Facebook will recognise which specific subpages of our website are visited by the data subject every time he/she accesses our website, and for the entire duration of the respective stay on our website. This information will be collected by the Facebook component and allocated to the respective Facebook account of the data subject by Facebook. If the data subject clicks on one of the Facebook buttons integrated into our website, such as the "Like" button, or if the data subject enters a comment, Facebook will allocate this information to the personal Facebook user account of the data subject and store this personal data.

In each case, Facebook will receive a notification via the Facebook component that the data subject has visited our website, if the data subject is logged into Facebook at the same time he/she accesses our website; this takes place regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not wish for such a transmission of this information to Facebook, he/she can prevent the transmission by logging out of his/her Facebook account before accessing our website.

The data guidelines published by Facebook are available at de-de.facebook.com/about/privacy/ and provide information about the collection, processing and use of personal data by Facebook. They also explain what configuration options Facebook offers to protect the privacy of data subjects. There are also various applications available which eliminate data transmission to Facebook. Such applications can be used by the data subject to prevent the transmission of data to Facebook.

12. Data privacy regulations for the use of Google AdWords

The controller responsible for the processing has integrated Google AdWords into this website. Google AdWords is an internet advertising service that allows advertisers to activate adverts in the Google search engine results and in the Google advertising network. Google AdWords enables advertisers to set certain key words beforehand, and these are used to display an advertisement in the Google search engine results – only when the user accesses a search result which is relevant to the key words with the search engine. In the Google advertising network, the advertisements are distributed on subject-relevant websites via an automated algorithm and in consideration of the previously set key words.

The company that operates the services of Google AdWords is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The purpose of Google AdWords is the advertisement of our website by inserting interest-relevant advertisements on the websites of third-party companiesand in the search engine results of the Google search engine, and the insertion of third-party advertisements on our website.

If a data subject accesses our website via a Google advert, a so-called conversion cookie will be placed in the information technology system of the data subject by Google. The section above explains what cookies are. A conversion cookie becomes invalid after thirty days and does notserve to identify the data subject. The conversion cookie is used, provided that the cookie has not yet expired, to understand whether certain subpages, for example the shopping cart of an online shop system, have been accessed on our website. With the conversion cookie, we and Google can understand whether a data subject who accesses our website via an AdWords advert generates revenue: in other words, has completed or aborted a purchase of goods.

The data and information collected by the use of the conversion cookie will be used by Google to create visitor statistics for our website. These visitor statistics will in turn be used by us to determine the overall number of visitors who are directed to us via AdWords advertisements: in other words, to determine the success or failure of the respective AdWords advertisements and optimise our AdWords advertisements for the future. Neither our company nor other advertising customers of Google AdWords receive information from Google with which the data subject could be identified. Personal information, such as the websites visited by the data subject, will be stored via the conversion cookie. Upon each visit to our website, personal data, including the IP address of the internet connection used by the data subject, will be sent to Google in the United States of America accordingly. This personal data will be stored by Google in the United States of America. In some circumstances, Google will pass on this personal data collected via the technical process to third parties.

The data subject can prevent the placing of cookies via our website, as already illustrated above, at any time by setting the web browser used accordingly, and therefore permanently object to the placing of cookies. Such a setting of the web browser used would also prevent Google from placing a conversion cookie in the information technology system of the data subject. In addition, a cookie already placed by Google AdWords can be deleted at any time via the web browser or other software programmes.

Furthermore, the data subject is able to object to the interest-based advertisement by Google. In order to do this, the data subject must access the following link: www.google.de/settings/ads, from each of the web browsers it uses, and carry out the desired settings.

Further information and the applicable data privacy regulations of Google can be viewed at www.google.de/intl/de/policies/privacy/.


13. Data privacy regulations for the use of Instagram

The controller responsible for the processing has integrated components of the Instagram service into this website. Instagram is a service that qualifies as an audio-visual platform that enables users to share photos and videos, and spread such data in other social networks.

The company that operates the services of Instagram is Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA, USA. In every instance of access to one of the individual pages of this website which is operated by the controller responsible for the processing and in which anInstagram component (Insta button) has been integrated, the web browser on the information technology system of the data subject will be automatically prompted by the respective Instagram component to download a representation of the corresponding Instagram component. As part of this technical process, Instagram will be informed about which specific subpages of our website are visited by the data subject.

If the data subject is logged into Instagram at the same time, Instagram will recognise which specific subpages of our website are visited by the data subject every time he/she accesses our website, and for the entire duration of the respective stay on our website. This information willbe collected by the Instagram component and allocated to the respective Instagram account of the data subject by Instagram. If the data subject clicks on one of the Instagram buttons integrated into our website, the data and information thereby transmitted will be allocated to the personal Instagram user account of the data subject, and stored and processed by Instagram.

Instagram will receive a notification via the Instagram component that the data subject has visited our website every time the data subject is logged into Instagram at the same time he/she accesses our website; this takes place regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not wish for such a transmission of this information to Instagram, he/she can prevent the transmission by logging out of his/her Instagram account before accessing our website. Further information about the applicable data privacy regulations of Instagram can be viewed at help.instagram.com/155833707900388 and www.instagram.com/about/legal/privacy/.

14. Data privacy regulations for the use of XING

The controller responsible for the processing has integrated components of Xing into this website. Xing is an internet-based social network that enables users to connect with existing business contacts and establish new business contacts. Individual users can create a personal profile for themselves on Xing. Companies can, for example, create company profiles and publish job vacancies on Xing. The company operating Xing is XING AG, Dammtorstraίe 30, 20354 Hamburg, Deutschland.

In every instance of access to one the individual pages of this website which is operated by the controller responsible for the processing and in which a Xing component (Xing plugin) has been integrated, the web browser on the information technology system of the data subject will be automatically prompted by the respective Xing component to download a representation of the corresponding Xing component. Further information about the Xing plugin can be found at dev.xing.com/plugins. As part of this technical process, Xing will be informed about which specific subpages of our website are visited by the data subject. If the data subject is logged into Xing at the same time, Xing will recognise which specific subpages of our website are visited by the data subject every time he/she accesses our website, and for the entire duration of the respective stay on our website. This information will be collected by the Xing component and allocated to the respective Xing account of the data subject by Xing. If the data subject clicks on one of the Xing buttons integrated into our website, such as the "Share" button, Xing will allocate this information to the personal Xing user account of the data subject and store this personal data. Xing will receive a notification via the Xing component that the data subject has visited our website every time the data subject is logged into Xing at the same time he/she accesses our website; this takes place regardless of whether the data subject clicks on the Xing component or not. If the data subject does not wish for such a transmission of this information to Xing, he/she can prevent the transmission by logging out of his/her Xing account before accessing our website.

The data privacy regulations published by Xing are available at www.xing.com/privacy and provide information about the collection, processing and use of personal data by Xing. Xing has also published the data privacy notice for the Xing Share button at www.xing.com/app/share.

15. Data privacy regulations for the use of YouTube

The controller responsible for the processing has integrated components of YouTube into this website. YouTube is an internet video portal that enables video publishers to post video clips for free, and other users can view, review and comment on them for free. YouTube allows the publication of all types of videos, from complete films and television broadcasts to music videos, trailers and videos created by users themselves, which are all available via the internet portal.

The company operating YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary company of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

In every instance of access to one the individual pages of this website which is operated by the controller responsible for the processing and in which a YouTube component (YouTube video) has been integrated, the web browser on the information technology system of the data subject will be automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component. Further information about YouTube can be found at www.youtube.com/yt/about/de/. As part of this technical process, YouTube and Google will be informed aboutwhich specific subpages of our website are visited by the data subject. If the data subject is logged into YouTube at the same time, YouTube will recognise which specific subpages of our website are visited by the data subject when he/she accesses the subpage containing a YouTube video.This information will be collected by YouTube and Google and matched with the respective YouTube account of the data subject.

YouTube and Google will receive a notification via the YouTube component that the data subject has visited our website every time the data subject is logged into YouTube at the same time he/she accesses our website; this takes place regardless of whether the data subject clicks on a YouTube video or not. If the data subject does not wish for such a transmission of this information to YouTube and Google, he/she can prevent the transmission by logging out of his/her YouTube account before accessing our website. The data privacy regulations published by YouTube are available at www.google.de/intl/de/policies/privacy/ and provide information about the collection, processing and use of personal data by YouTube and Google.

16. Legal basis of processing

Art. 6(1)(a) GDPR serves our company as a legal basis for the processing, in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract of which the data subject is a contracting party, as is thecase, forexample, in processing which is required for the supply of goods or other services or services in kind, the processing is based on Art. 6(1)(b) GDPR. The same applies for processing that is necessary for the performance of precontractual measures, e.g. in cases of queries aboutour products and services. If our company is subject to a legal obligation via which the processing of personal data is necessary, such as the fulfilment of tax obligations, the processing is based on Art. 6(1)(c) GDPR. In rare cases, the processing of personal data may be necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor is injured on our premises and his/her name, age, health insurance details and other vital information must then be passed on to a doctor, hospital or other third party. The processing would then be based on Art. 6(1)(d) GDPR. Lastly, processing may be based on Art. 6(1)(f) GDPR. Processing is based on this legal basis if it is not covered by any of the previously mentioned legal bases and if the processing is necessary to protect a legitimate interest of our company or a third party, provided that it is not overridden by the interests, fundamental rights and fundamental freedoms of the data subject. We are permitted to carry out such processing specifically because it has been mentioned by the European legislators. In this respect, they were of the opinion that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47(2) GDPR).

17. Legitimate interests in the processing that are pursued by the controller or a third party

If the processing of personal data is based on Art. 6(1)(f) GDPR, our legitimate interest is the performance of our business activity in all forms.

18. Duration for which the personal data is stored

The criterion for how long personal data is stored is the respective statutory retention period. After the expiry of this period, the respective data is routinely deleted, provided that it is no longer necessary for the performance or initiation of a contract.

19. Statutory or contractual provisions on the provision of personal data; necessity for the conclusion of a contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide information

We would like to inform you that the provision of personal data is partially prescribed by law (e.g. tax provisions) or could be included in contractual regulations (e.g. details of the contractual partner). Sometimes it may be necessary, when entering into a contract, that a data subject provide us with personal information that must subsequently be processed by us. The data subject is obliged to provide us with personal data, for example, if our company concludes a contract with him/her. Failure to provide personal data could result in an inability to conclude the contract with the data subject. Before the data subject provides personal data, the data subject can contact our data protection officer. Our data protection officer will then inform the data subject, depending on the individual case, whether the provision of personal data is statutorily or contractually prescribed, or necessary to conclude the contract, whether there is an obligation to provide the personal data, and the consequences of not providing the personal data.

20. Existence of an automated decision-making process

As a responsible company, we do not use automated decision-making processes or profiling. Points 1 to 19 of this data privacy policy were written by the data privacy policy generator of DGD Deutsche Gesellschaft fόr Datenschutz GmbH, which operates as an external data protection officerfor Bremen, in cooperation with RC GmbH, which recycles used computers, and law firm WILDE BEUGER SOLMECKE | Rechtsanwδlte.

21. Use of web analysis tool MATOMO

This website uses open-source website analysis software Matomo: http://de.matomo.org. Matomo uses so-called cookies: text files that are stored on your computer and that enable an analysis of the use of the website. For this purpose, the usage information (including your shortened IP address) is sent to the server and stored for usage analysis purposes. Your IP address will be promptly anonymised during this process, so that you, as the user, remain anonymous to us. The information about your use of the site generated by the cookies will not be passed on to third parties. The server on which the statistical data is stored is operated by a German service provider and is physically located in Germany. You can prevent the installation of cookies by setting your browser software accordingly..

22. Objecting to the use of web analysis tool MATOMO

If you do not agree to the storage and analysis of your data when you visit our website, you can subsequently object to the storage and use at any time at the click of a mouse. In this case, a so-called opt-out cookie will be placed in your browser. This will result in Matomo being unable to collect any session data. If you delete your cookies, this will result in the opt-out cookie being deleted as well, and it will have to be reactivated by you. You subsequently have the option to deactivate the use of Matomo.

Use of Google Analytics:

This website uses Google Analytics, a web analysis service of Google Inc. ("Google"). Google Analytics uses so-called "cookies": text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of the website will generally be sent to a Google server in the USA, where it will be stored. In the event of an activation of IP anonymisation on this website, however, your IP address will be shortened beforehand by Google within member states of the European Union or other signatory states of the Agreement on the European Economic Area. Only in exceptional circumstances will the full IP address be sent to a Google server in the USA, where it will be stored. On behalf of the operator of this website, Google will use this information to analyse your use of the website, compile reports about the website activities, and provide the website operator with other services associated with use of the website and the internet. The IP address sent from your browser as part of Google Analytics will not be combined with other data by Google. You can prevent the storage of cookies at any time by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. You can also prevent the data collected by the cookie and related to your use of the website (incl. your IP address) from being sent to Google and being processed by Google by downloading and installing the browser plugin available via the followinglink: (http://tools.google.com/dlpage/gaoptout?hl=de). You can find further information at http://tools.google.com/dlpage/gaoptout?hl=de and http://www.google.com/intl/de/analytics/privacyoverview.html (general information about Google Analytics and data privacy). We would like to point out that, on this website, Google Analytics has been extended by the code "gat._anonymizeIp();", in order to guarantee the anonymised logging of IP addresses (as well as IP masking).

Last update: May 2018
 


© 2018 Katimex Cielker GmbH