Data Protection Statement

Kimetec GmbH (“Controller” or “Kimetec” or “we” or “us”) as the operator of the website www.kimetec.de (“our Website”) is happy that you visit our Website. Below, we will inform you about processing of personal data when you use our Website.

 

Definitions

Our data protection statement uses terms defined in the EU General Data Protection Regulation (“GDPR”). In order to keep the data protection statement legible and comprehensible, we have explained these terms below:

 

(1) Personal data

According to the GDPR, personal data are any information relating to an identified or identifiable natural person. This means information such as your name, birth date, address, email address, IP address or phone number, as well as your user behaviour. By contrast, information that cannot be directly connected to your actual identity – such as websites generally preferred by all users or the number of users of a page – are not considered personal data.

 

(2) Data subject

Data subjects are all identified or identifiable natural persons whose personal data are processed by the Controller responsible for processing.

 

(3) Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

(4) Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

 

(5) Controller or Controller responsible for processing

The Controller or Controller responsible for processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law.

 

(6) Processor

The processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.

 

(7) Recipient

The recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

 

(8) Third parties

Third parties are a natural or legal person, public authority, agency or body other than the data subject, Controller, processor and persons who, under the direct authority of the Controller or processor, are authorised to process personal data.

 

(9) Consent

Consent is any freely given, specific, informed and unambiguous indication by the data subject of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

Controller for processing [Article 4(7) GDPR]

Kimetec GmbH
Gerlinger Straße 36-38
71254 Ditzingen
Phone: +49 (0) 7156/17602 - 200
Fax: +49 (0) 7156/17602 - 500
Email info@kimetec.de
Internet: http://www.kimetec.de

 

Principles relating to processing of personal data

(1) Scope of processing of personal data

We generally only collect and use personal data of our users if this is required to provide a functional website or our contents and services. Collection and use of your personal data usually takes place only with your consent. However, an exception shall apply in such cases where collection of advance consent is not possible for factual reasons and where processing of the data is nevertheless permitted by the law.

 

(2) Legal basis relating to processing of personal data

The data transmitted by or collected from you are only collected, used, processed, stored and – if required by law or contractually required – passed on to third parties only within the context of the applicable data protection laws (GDPR, Federal Data Protection Act and Telemedia Act).

Article 6 GDPR leads to various legal bases for processing of your personal data that are referred to from case to case in this data protection statement:

  1. Article 6(1)(a) GDPR is the legal basis for processing operations of personal data with consent of the data subject.
  2. Article 6(1)(b) GDPR is the legal basis for processing of personal data that is necessary for the performance of a contract to which the data subject is party. This legal basis shall also refer to such processing operations that are necessary in order to take steps prior to entering into a contract.
  3. If we need to process personal data for compliance with a legal obligation of our company, the legal basis for this shall be Article 6(1)(c) GDPR.
  4. Article 6(1)(d) GDPR serves as the legal basis if vital interests of the data subject or any other natural person require processing of his or her personal data.
  5. If processing of personal data is necessary for the purposes of a legitimate interest pursued by our company or by a third party and the interests, fundamental rights and freedoms of the data subject do not override this first interest of our company or a third party, this processing shall take place on the legal basis of Article 6(1)(f) GDPR.

 

(3) Data erasure and storage period

As soon as the purpose of storage of the respective personal data of the data subject no longer applies, they shall be deleted or blocked. However, storage may take place beyond this point of time if this was stipulated in European or national regulations, laws or other rules that we as Controller responsible for processing are subject to. Blocking or erasure of the data shall also take place if a storage period required by the standards named expires, except if further storage of such data is required for entering into a contract or performance of a contract.

 

General processing activities in connection with the provision of our Website and compilation of log files

The scope and nature of collection and use of your data will differ depending on whether you only visit our Website in order to call up information or whether you use our offers – such as contact form or email contact:

 

(1) Visiting our Website

Purely informational use of our Website generally does not require you to provide us with any personal data. Instead, we collect, use and store information that is transmitted to us by the respective browser used by you during your visit of our Website automatically in the server log files.

 

(2) Collected data – not necessarily personal data

The following data will be collected in the course of this:

  1. Your internet protocol address
  2. Websites from which your system reaches our Website
  3. Websites that are called by your system via our Website
  4. Content of the request (specific page)
  5. User Agent

We cannot assign the above data to specific persons. We will not combine these data with any other data sources, i.e. these data will not be stored together with other personal data such as your name, address, phone number or email address.

 

(3) Legal basis

The legal basis for this temporary storage of data and log files is Article 6(1)(f) GDPR, since our legitimate interests as presented below in this storage override your interests, fundamental rights and freedoms: The internet protocol address is considered personal data. The temporary storage of the internet protocol address by the system is necessary in order to permit transfer of our Website to your browser. For this purpose, the internet protocol address must remain stored for the duration of the session. Storage in log files shall take place in order to ensure the function of our Website. We also use the data for optimisation of our Website and to ensure the safety of our information-technical systems. The data are not evaluated for marketing purposes in this context.

 

(4) Storage period

The data are erased as soon as they are no longer required to achieve the purpose of their collection. If data are recorded for provision of our Website, this is the case when the respective session is ended. To the extent that the data were stored in log files, this is the case at the latest after seven (7) days. Storage beyond this is possible as well, however. In this case, however, your internet protocol address will be deleted or changed so that it can no longer be assigned to your person.

 

(5) Right to object and removal option

Recording of the data for provision of our Website and storage of the data in log files is mandatory for operation of the website. Accordingly, you cannot object to this.

 

Web form and email contact

Our Website contains information in order to permit quick contact/communication.

 

(1) Description and scope of the processing
If you contact us by email or via contact form, the personal data transmitted by you (name, email address, any further voluntary information such as phone number, address) will be stored automatically. At the time of dispatch of the message, your internet protocol address and the date and time will be stored as well.

These data will not be passed on to any third party. The data will solely be used for our communication.

Alternatively you can of course contact us via our email addresses provided. In this case your personal data transmitted to us in this email will be stored for the purpose of processing of your concern or for contacting you. Please note that unencrypted emails sent via internet are not protected against unauthorized access by third parties while they are transmitted to us.

 

(2) Legal basis for the processing

The legal basis for processing of the data if and to the extent that you have given your consent is Article 6(1)(a) GDPR.

The legal basis for processing of the data transmitted in the scope of transmission of an email is also Article 6(1)(f) GDPR. If the email contact is targeted at entering into a contract, Article 6(1)(b) GDPR shall be an additional legal basis for processing.

 

(3) Purpose of data processing

Processing of the personal data from contact form or an email sent to us serves solely to process your contact. This is also where the legitimate interest of processing of the data lies if these are processed based on Article 6(1)(f) GDPR. Any other processing of the personal data during the dispatch of your message serves our interest to prevent misuse of our contact form and to ensure the safety of our information-technical system.

 

(4) Storage period

The personal data are erased as soon as the deletion is requested by you or as soon as you withdraw your consent or as soon as they are not longer required to achieve the purpose of their collection. This is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances show that the corresponding matter has been finally completed.

The additional data stored during dispatch of your message will be erased after a period of seven (7) days at the latest.

 

(5) Right to object and removal option

You have the option at any time to withdraw your consent to processing of the personal data. If you contact us by email or by our contact form, you may object to storage of your personal data at any time. In this case, however, the conversation cannot be continued. All personal data that were stored in the scope of contact by email or by contact form will be erased within a period of seven (7) days after receipt of the objection by us.

Exempt hereof is the deletion of personal data that is retained due to legal obligations, especially during a relevant safekeeping period.

 

Use of cookies

(1) Description and scope of the processing

We use so-called “cookies” on our Website in order to better align our offer with your wishes and in order to collect statistical data on use of our website.

“Cookies” are small text files that your browser generates automatically, that are stored locally in the storage of your web browser on the end device used by you (e.g. laptop, tablet, smartphone, etc.) and permit analysis of your use of our Website.

 

(2) Legal basis for the processing

The personal data processed by cookies are necessary for the purposes of our legitimate interests according to Article 6(1)(1)(f) GDPR.

 

(3) Purpose of data processing

Use of cookies serves to make use of our offer more comfortable for you and to optimise user friendliness as well as for statistical purposes.

 

(4) Storage period/ Right to object and removal options

The data are erased as soon as they are no longer required to achieve the purpose of their collection.

Most browsers accept cookies automatically. You may, however, configure your browser so that no cookies will be stored on your computer or that you will always be informed before a new cookie is set up. Complete deactivation of cookies may, however, render you unable to use all functions of our Website. You can erase cookies once set again at any time on your own by calling up the corresponding menu item in your web browser or deleting the cookies from your hard disc. For details on this, see the help menu of your web browser.

 

Google Analytics

(1) Scope of processing of personal data

We use “Google Analytics”, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, i.e. text files that are stored on your computer and that permit analysis of your use of the website.

The information produced by the cookie regarding your use of our Website (including your IP address) is usually transferred to a server of Google in the USA and stored there. However, we have activated IP anonymisation. Note that Google Analytics has been expanded by the code “gat._anonymizeIp();” on the website, in order to ensure anonymised recording of IP addresses (IP masking). On this website, your IP address will be abbreviated first by Google within Member States of the European Union or in other contracting states of the Agreement on the European Economic Area.

Only in exceptions will your full IP address be transferred to a server of Google in the USA and abbreviated there.

On behalf of us, Google will use this information to evaluate your use of our Website, in order to compile reports on the website activities and to render further services connected to website use and internet use for us. For this purpose, Kimetec entered into a data processing agreement with Google.

The IP address submitted by your browser in the scope of Google Analytics will not be combined with any other data of Google. Google will also transfer this information to third parties if this is required by law or to the extent that third parties process these data on behalf of Google.

 

(2) Legal basis relating to processing of personal data

The legal basis for processing of the personal data of the users is Article 6(1)(f) GDPR.

 

(3) Purpose of data processing

Processing of the personal data of the users enables us to analyse the surfing behaviour of our users. Evaluation of the data acquired enables us to compile information on use of the individual components of our Website. This helps us to continually improve our Website and its user friendliness. These purposes also reflect our legitimate interest in processing the data in accordance with Article 6(1)(f) GDPR. Anonymisation of the internet protocol address appropriately considers the interest of the users in protection of their personal data.

 

(4) Storage period

The data will be erased as soon as they are no longer needed for our recording purposes.

 

(5) Right to object and removal option

You may erase cookies once set again at any time on your own by calling up the corresponding menu item in your web browser or deleting the cookies from your hard disc. For details on this, see the help menu of your web browser.

You may also prevent saving of the cookies by making the corresponding settings in your browser software; however, note that you may be unable to fully use all functions of our Website in such a case. Moreover, you can prevent the cookie from recording data it generates and which pertains to your use of the website (including the IP address) at Google as well as the processing of this data by Google, by downloading and installing the available browser plugin under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

For more details on this, see http://tools.google.com/dlpage/gaoptout?hl=de or http://www.google.com/intl/de/analytics/privacyoverview.html (general information on Google Analytics and data protection).

 

Integration third party offers

To offer you various services on our Website, such as direct links to videos, we have to pass your data on to third parties. This is what we will inform you about below:

 

(1) Google Maps

We use the services of Google Maps on our Website. This will enable us to provide interactive maps directly on our Website and to provide you the comfortable use of the maps function.

 

(a) Description and scope of the processing

If you visit our Website, Google will receive the information that you have called the corresponding sub-page of our Website. The data named in IV of this data protection statement will also be transferred. This is done independently of whether you have an account with Google and are logged in there.

 

(b) Legal basis for the processing

The legal basis for the processing of the personal data of the users is Article 6(1)(f) GDPR.

 

(c) Purpose of data processing

We transfer your data to enable you to use the services of Google Maps. When you use the services the transfer of your data is also in your interest according to Article 6(1)(f) GDPR.

Google, however, stores these data as usage profiles and uses them for the purpose of advertising, market research and/or demand-oriented design of its website. Such evaluation shall specifically take place (also for users who are not logged in) in order to display demand-oriented advertisement and in order to inform other users of social network of your activities on our Website. You have a right to object to the generation of these profiles. In order to exercise this right, you have to contact Google [see (f) below].

 

(d) Storage period

We don’t have any information when and if data that are stored by Google are erased.

 

(e) Right to object and removal option

You have a right to object to the generation of these user profiles by Google [see (c) above]. In order to exercise this right, you have to contact Google [see (f)].

 

(f) Further information

Further information on the purpose and scope of data collection and processing by Google is available in their data protection statement. This also contains further information on your rights and setting options for protecting your privacy: https://www.google.de/intl/de/policies/privacy. Google processes your personal data in the U.S., too and adheres to the EU-US-Privacy-Shield, https://www.privacyshield.go/EU-US-Framework.

 

 

(2) YouTube

We integrated YouTube videos to the Website, which are stored on http://www.YouTube.com and can be played directly from the Website.

 

(a) Description and scope of the processing

If you activate a video; YouTube receives the information that you have called the corresponding sub-page of our Website. The data named in IV of this data protection statement will also be transferred. This is done independently of whether you have an account with YouTube and are logged in there. If you are logged in on Google, these data will be associated with your account directly. If you do not wish assignment to your profile with YouTube, you need to log out before you activate the video.

 

(b) Legal basis for the processing

The legal basis for the processing of the personal data of the users is Article 6(1)(f) GDPR.

 

(c) Purpose of data processing

To enable you to access these videos, YouTube has to know your internet protocol address when you activate the video.

YouTube, however, stores these data as usage profiles and uses them for the purpose of advertising, market research and/or demand-oriented design of its website. Such evaluation shall specifically take place (also for users who are not logged in) in order to display demand-oriented advertisement and in order to inform other users of social network of your activities on our Website. You have a right to object to the generation of these profiles. In order to exercise this right, you have to contact YouTube [see (f) below].

 

(d) Storage period

We don’t have any information when and if data that are stored by YouTube are erased.

 

(e) Right to object and removal option

You have a right to object to the generation of these user profiles by YouTube/Google [see (c) above]. In order to exercise this right, you have to contact YouTube [see (f)].

 

(f) Further information

Further information on the purpose and scope of data collection and processing by YouTube is available in the data protection statement. This also contains further information on your rights and setting options for protecting your privacy: https://www.google.de/intl/de/policies/privacy. Google processes your personal data in the U.S., too and adheres to the EU-US-Privacy-Shield, https://www.privacyshield.go/EU-US-Framework.

 

(3) Facebook

We use Facebook buttons to link to our Facebook-profile. Thereby, personal data are not passed on to third parties.

 

Your rights as data subject

If we process your personal data, you are a data subject within the meaning of the GDPR and you have the following rights towards us as the Controller:

 

(1) Right of access

You may obtain from us confirmation as to whether or not personal data concerning you are being processed by us.

In case of such processing, you may demand that we further provide access to the following information:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipient to whom the personal data concerning you have been disclosed or will be disclosed;
  4. the envisaged period for which the personal data concerning you will be stored or, if specific information on this cannot be provided, the criteria used to determine that period;
  5. the existence of a right to request from the Controller rectification or erasure of personal data or a right to restriction of processing of personal data concerning you or to object to such processing;
  6. the right to lodge a complaint with a supervisory authority;
  7. all available information as to the source of the data, where the personal data are not collected from you as the data subject.

You have the right to be informed on whether the personal data concerning you are transferred to a third country or to an international organisation. In this context, you may demand to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

 

(2) Right to rectification

You have a right to rectification and/or completion towards us as the Controller, provided that the personal data processed by us concerning you are inaccurate or incomplete. We must perform the rectification without undue delay.

 

(3) Right to restriction of processing

You have the right to obtain restriction of processing of the personal data concerning you where one of the following conditions applies:

(a) if you contest the accuracy of the personal data concerning you for a period enabling the Controller to verify the accuracy of the personal data;
(b) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(c) we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
(d) if you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds asserted by us override your grounds.
Where processing of the personal data concerning you has been restricted, such data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing was restricted according to the above conditions, you will be informed by us before the restriction of processing is lifted.

 

(4) Right to erasure

 

(a) Erasure obligation

We have the obligation to erase the personal data concerning you without undue delay if one of the following grounds applies:

  1. The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  2. You withdraw consent on which the processing is based according to Article 6(1)(a), or Article 9(2)(a) GDPR, and where there is no other legal ground for the processing.
  3. You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
  4. The personal data concerning you have been unlawfully processed.
  5. The personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject.
  6. The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

 

(b) Information to third parties

Where we have made the personal data concerning you public and if we are obliged pursuant to Article 17(1) GDPR to erase the personal data, we, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers which are processing your personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

 

(c) Derogations

The right to erasure shall not exist if processing is necessary

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  3. for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) as well as Article 9(3) GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defence of legal claims.

 

(5) Right to provision of information

If you have asserted a right to rectification, erasure or restriction of processing towards us, we are obligated to communicate this rectification or erasure of data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to provision of information about such recipients by us.

 

(6) Right to data portability

You shall have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. In addition to this, you have the right to transmit those data to another controller without hindrance from us as the Controller to which the personal data have been provided, where

  1. processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and
    the processing is carried out by automated means.
  2. In exercising this right, you further have the right to have the personal data concerning you transmitted directly from us as one Controller to another controller, where technically feasible. Freedoms and rights of others must not be adversely affected by this.

That right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us as the Controller.

 

(7) Right to object

You shall have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.

We shall no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

You have the option to exercise your right to object in the context of the use of information society services – notwithstanding Directive 2002/58/EC – by automated means using technical specifications.

If you want to exercise your right to object, simply send an email to datenschutz@kimetec.de.

 

(8) Right to withdraw the declaration of consent under data protection law

You shall have the right to withdraw your consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

If you want to exercise your withdrawal right, simply send an email to datenschutz@kimetec.de.

 

(9) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which your complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

Please direct any requests in connection with rights of data subjects to datenschutz@kimetec.de.

Please note that we may demand that you prove that you are actually the person to the personal data of which access is demanded if requests for access are not made in writing, in order to protect the persons concerning whom data are stored.

Please also consider that we cannot store or derive any personal data concerning visitors to our Website if you have not transmitted your personal data freely before, e.g. via contact form.

Reservation of changes

We reserve the right to adjust this data protection statement in order to adjust it to the respective applicable provisions at all times, as well as our offers on the website.

 

May 2018