A warm welcome to the Kerb-Konus-Vertriebs-GmbH
Thank you for visiting our website and for your interest in our company and our products. As we are concerned to ensure that your private sphere is not compromised in any way when you use our website, please make a note of the following information:
This Privacy Notice provides information about the nature, scope and purpose of the processing of personal data (hereinafter abbreviated to “data”) in connection with our online services and the affiliated webpages, functions and content as well as external online services such as our social media profiles. (hereinafter jointly referred to as “online services”). Regarding the terms used, e.g. “processing” or the “Controller”, please refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
Types of Processed Data
- contact information (e.g. names addresses, email, phone numbers)
- content data (e.g. text entries)
- usage data (e.g. visited webpages, interest in content, access times)
- meta/communication data (e.g. device information, IP addresses).
Purpose of the Processing
- provision of the online offer, its functions and contents.
- replying to contact requests and communication with users.
- security measures.
- coverage measurement/marketing
“Personal data” is any information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is considered identifiable if they can be identified either directly or indirectly, in particular through the assignation of an identifier such as a name, an identification number, location data, online ID (e.g. cookies), or one or several other characteristics which form the expression of a person’s physical, physiological, genetic, psychological, economic, cultural or social identity.
“Processing” is any activity performed with or without help of automated processes or each such sequence of activities related to personal data. The term is a broad one, and comprises practically every situation in which data is handled.
The word “Controller” is used to designate a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Applicable Legal Basis
In accordance with Art. 13 GDPR, we hereby inform you about the legal basis of our data processing activities. If the legal basis is not mentioned in the Privacy Notice, the following applies: The legal basis for obtaining consent is Art. 6 Par. 1 (a) and Art. 7 GDPR; the legal basis for the processing of data to provide our services and implement contractual measures as well as replying to requests is Art. 6 Par. 1 (b) GDPR; the legal basis for the processing of data to comply with our legal obligations is Art. 6 Par. 1 (c) GDPR; and the legal basis for the processing of data to protect our legitimate interests is Art. 6 Par. 1 (f) GDPR. If processing is necessary to protect the vital interests of the data subject or another natural person, Art. 6 Par. 1 (d) GDPR serves as legal basis.
Cooperation with Processors and Third Parties
If we disclose or transfer or make available any data to other persons and companies (processors or third parties) during processing, this will only occur based on statutory permission (e.g. if a transfer of data to third parties such as payment service providers is required for the performance of a contract in accordance with Art. 6 Par. 1 (b) GDPR), your consent, a legal obligation that requires it or our legitimate interests (e.g. if an agent, webhosting provider, etc. is used). If we commission third parties with the processing of data based on a so-called “contract data processing agreement”, this will occur on the basis of Art. 28 GDPR.
Transfer to Third Countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or data is processed due to the use of third-party services or disclosure and/or transfer of data to third parties, this only occurs to fulfil our (pre)contractual commitments, based on your consent, due to a legal obligation or based on our legitimate interests. Subject to any legal or contractual permissions, we only process data or have data processed in a third country if the special preconditions of Art. 44 et seq. GDPR apply. I. e. the processing is based on special guarantees such as the officially recognised assessment that the level of data protection corresponds to that of the EU (e. g. “Privacy Shield” in the US) or in compliance with officially recognised special contractual commitments (referred to as “standard contractual clauses”).
In addition, we process
- contract data (e.g. contractual object, duration, customer category).
- payment information (e.g. bank data, payment history)
from our customers, interested parties, and business partners for the purpose of the provision of contractually-agreed services, service and customer care, marketing, advertising and market research.
Collection of Access Data and Log Files
We will collect data on each access to the server where the service is hosted (referred to as server log files) based on our legitimate interests as defined by Art. 6 Par. 1 (f) GDPR. Access data includes the name of the visited web page, file, date and time of access, the transferred volume of data, notification of successful access, browser type including version, the user’s operating system, referrer URL (previously visited web page), IP address and the requesting provider.
Log file information shall be saved for a maximum duration of 1 year for security reasons (e.g. clarification of acts of misuse or fraud) and shall be deleted afterwards. Data which has to be retained for longer periods for the purpose of providing proof are exempted from erasure until the incident has definitely been clarified.
Provision of Contractually-Agreed Services
We process inventory data (e.g. names and addresses as well as our users’ contact information), contractual data (e.g. services used, names of contact persons, payment information) to comply with our contractual commitments and to provide our services in accordance with Art. 6 Par. 1 (b) GDPR. The entries which are marked as mandatory in online forms are required to conclude the contract.
As part of the use of our online services, we save the IP address and the time of each user action. The saving of data is based on our own and also the users’ legitimate interests in the protection against misuse and other unauthorised use. This data is generally not transmitted to any third party except where this is required for the pursuit of our claims, or there is a legal obligation according to Art. 6 Par. 1 (c) GDPR.
We process usage data (e.g. visited pages of our website, interest in our products) and content data (e.g. entries in the contact form or user profile) for marketing purposes within a user profile to display e.g. product information for the user based on previously used services.
Erasure of the data takes place upon the expiry of legal guarantee obligations and similar obligations. The necessity of the storage of the data is to be inspected every three years; in the case of legal archiving obligations, erasure takes place after these have expired. Entries in possible customer accounts remain there until they are deleted.
Administration, Accounting, Office Organisation, Contact Management
We process data within the scope of administrative tasks and organisation of our Sales and Accounting departments, and as part of our compliance with legal obligations, such as archiving. In doing so, we process the same data which we process as part of the provision of our contractually-agreed services. The legal bases for this processing are Art. 6 Par. 1 (c) GDPR, Art. 6 Par. 1 (f) GDPR. Customers, interested parties, business partners and website visitors are affected by this processing. The purpose of and our interest in processing is based on administration, accounting, office organisation, and the archiving of data, i.e. tasks which serve the maintenance of our business operations, the performance of our duties, and the provision of our services. The deletion of data as regards contractually-agreed services and contractual communication corresponds to that information named as part of these processing activities.
In doing so, we disclose or transfer data to the tax authority, consultants, e.g. tax consultants or auditors, as well as additional fees offices and payment service providers.
In addition, we also save information concerning suppliers, organisers, and other business partners on the basis of our business interests, e.g. for the purpose of getting in touch at a later date. Fundamentally, we save this predominantly company-related data permanently.
Data Protection Information for Application Procedures
We process applicant data in accordance with legal provisions, and only for the purposes and within the context of the application procedure. The processing of applicant data takes place for the fulfilment of our (pre)contractual obligations within application procedures as defined in Art. 6 Par. 1 (b) GDPR and Art. 6. Par. 1 (f) GDPR insofar as data processing is necessary for us, e.g. as part of legal proceedings (in Germany, Section 26 BDSG [German Federal Data Protection Act] also applies).
The nature of the application procedure requires applicants to share their applicant data with us. Insofar as we offer an online form, the necessary applicant data is labelled as such, otherwise it is produced from the job descriptions and fundamentally includes personal details, postal and contact addresses, and the documents which form part of the application, such as cover letter, CV and references. In addition, applicants can voluntarily provide us with additional information.
In transferring the application over to us, the applicant declares themselves in agreement with the processing of their data for the purposes of the application procedure, corresponding to the nature and scope presented in this Privacy Notice.
Insofar as special categories of personal data are shared with us as part of the application procedure as defined in Art. 9 Par. 1 GDPR, their processing will additionally take place according to Art. 9 Par. 2 (b) GDPR (e.g. health data, such as severe disability status or ethnic background). Insofar as special categories of personal data are requested of applicants as part of the application procedure as defined in Art. 9 Par. 1 GDPR, their processing will additionally take place according to Art. 9 Par. 2 (a) GDPR (e.g. health data, if this is required for carrying out the job).
As long as the option is available, applicants can send us their applications by means of an online form on our website. The data will be transferred over to us in encrypted form, in accordance with the state of the art.
Furthermore, applicants can send us their applications via email. However, in doing so, we would like to point out that emails are fundamentally not sent in encrypted form, and that the applicant must provide for its encryption themselves. For this reason, we cannot accept any responsibility for the transmission path of the application between the sender and its receipt at our server, and thus rather recommend the use of an online form, or of the sending of the application by post. After all, the applicant still has the opportunity of sending us their application by post, rather than via the online form or email.
In the case of a successful application, we may further process the information made available to us by the applicant for employment-related purposes. Otherwise, should the application for a job offer not be successful, the applicant’s data will be deleted. Likewise, the applicant’s data will also be deleted if the application is withdrawn, something which the applicant is entitled to do at any time.
Subject to a justified withdrawal from the applicant, deletion will take place after a period of six months, so that we can answer any possible follow-up questions to the application and can meet our obligations to provide proof as regards the Law on Equal Treatment. Invoices for possible travel expenses will be archived in accordance with the corresponding legal requirements for taxes.
If you contact us (e.g. via contact form, email, telephone, or via social media), the user information shall be processed for the purpose of handling the contact request and its development in accordance with Art. 6 Par. 1 (b) GDPR. User information can be saved in a customer relationship management system (“CRM system”) or a comparable request organisation system.
We will delete the requests if they are no longer required. We check the necessity of this information every two years; furthermore legal archiving obligations apply.
Google is certified according to the Privacy Shield Agreement and thus guarantees compliance with the European Data Protection Legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)
Google shall use this information on our behalf to analyse the usage of our online services by the users, compile reports on the activities within these online services and to provide further services to us which are connected to the usage of these online services and internet usage. In this connection, pseudonymous usage profiles of users may be created.
We use Google Analytics only with activated IP anonymisation. This means that the user’s IP address is abbreviated by Google within European Union member states or other states which are part of the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
The IP address which is transmitted by the user’s browser will not be combined with other data from Google. Users have the option to prevent the saving of cookies by a corresponding setting in the browser software; in addition, users can prevent the transmission of the data which is generated by the cookie and refer to the usage of the online services to Google and the processing of these data by Google by downloading and installing the browser plug-in which is available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de
You can find out more information about how Google uses data in this context, as well as your options as regards settings and objections, in Google’s data privacy notice (https://policies.google.com/technologies/ads), as well as in the settings for the way in which advertising is presented by Google (https://adssettings.google.com/authenticated).
After 14 months, the personal data of the user is deleted or anonymised.
Online Presence in Social Media
We maintain an online presence in social networks and platforms in order to communicate with customers, interested parties and users who are active there, and to be able to inform them about our services. Regarding the use of these networks and platforms, the relevant operator’s terms and conditions, as well as their data processing regulations, apply.
Unless otherwise indicated in our Privacy Notice, we process the data of users if they communicate with us via social networks and platforms, e.g. write contributions in our online presence or send us messages.
Rights of the Data Subjects
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and information on these data as well as further information and a copy of the data in accordance with Art. 15 GDPR.
According to Art. 16 GDPR, you have the right to request the completion or the rectification of inaccurate personal data concerning you.
According to Art. 17 GDPR, you have the right to erasure of personal data without undue delay. Alternatively, you have the right to obtain a restriction of processing of the data according to Art. 18 GDPR.
According to Art. 20 GDPR, you have the right to receive the personal data concerning you which you have provided to us and to have them transmitted to other controllers.
Furthermore, you have the right to lodge a complaint with the competent supervisory authority in accordance with to Art. 77 GDPR.
Right of Withdrawal
You have the right to withdraw your consent with future effect in accordance with Art. 7 Par. 3 GDPR
Right to Object
You have the right to object to the future processing of the personal data concerning you at any time according to Art. 21 GDPR. The right to object refers to processing for direct marketing purposes in particular.
Cookies and the Right to Object to Direct Marketing
“Cookies” is the term given to small files which are saved on the computers of the users. Varying information can be saved within cookies. A cookie’s primary aim is to save information surrounding a user (or the device on which the cookie is saved), either during or after a visit within an online offer. Temporary cookies, or “session cookies” or “transient cookies”, is the name given to those cookies which are deleted after a user leaves an online offer and closes their browser. The contents of a shopping basket in an online shop, or a log-in status, are examples of information which can be stored in such a cookie. “Permanent” or “persistent” cookies is the name given to those cookies which remain saved even after the browser has been closed. In this way, for example, a log-in status can be saved if the user visits it again after several days. Equally, the interests of the user can be saved, which are used for coverage measurement or marketing purposes. “Third party cookies” is the name given to cookies which are offered by providers other than the Controller who operates the online offer (otherwise, when cookies are offered exclusively by the Controller, reference is made to “first party cookies”).
We may make use of temporary and permanent cookies, and explain this usage within the framework of our Privacy Notice.
If users do not wish to have cookies stored on their computer, we ask them to disable the relevant option in the system settings of their browser. Stored cookies can be deleted in the system settings of the browser. The disabling of cookies may lead to restrictions regarding the functionality of the online services.
Erasure of Data
The data which are processed by us are erased or their processing is restricted in compliance with Art. 17 and 18 GDPR. If the data is not erased due to it being required for other purposes which are permitted by law, its processing will be restricted. I. e. the data is blocked and not processed for any other purposes. This applies e.g. to data which has to be preserved due to commercial law or tax law.
Kerb-Konus employs all technical and organisational security measures necessary to protect your personal data against accidental or deliberate manipulation, loss, destruction, or against access by unauthorised parties.
Changes to our Privacy Notice
In order to guarantee that our Privacy Notice is always in line with the current legal provisions, we reserve the right to make amendments at any time. This also applies in the case that the Privacy Notice needs to be amended due to new or revised services, for example new service provisions. In this case, the new Privacy Notice will then apply on your next visit to our online offer.
We will inform you if we need your cooperation (e.g. consent) to implement the modifications or if any other individual notification becomes necessary.
Should you have any additional questions, you are welcome to get in touch with our Data Protection Officer:
- Data Protection Officer -
Postfach [PO Box] 16 63