(EN)
Privacy statement

Privacy statement

This data protection information applies for data processing by:

Controller: 

Franz KALDEWEI GmbH & Co. KG, 
Beckumer Straße 33-35, 
59229 Ahlen
Email: info[at]kaldewei.de

The company data protection officer of Franz KALDEWEI GmbH & Co. KG can be contacted at the address above, f.a.o. Ms Simone Rosenthal, or via rosenthal[at]isico-datenschutz.de.

 

1. The collection and storage of personal data and the nature and purpose of processing

The protection of personal data and its confidential handling are of major concern to Franz KALDEWEI GmbH & Co. KG. We therefore want to be transparent about what data we record, and how these data are processed and stored.

 

a) Accessing the website/connection data

Each time our website is used, we process connection data that your browser transmits automatically to enable you to use the website. This connection data comprises the http header information, including the user agent, and contains the following in particular:

• IP address of the requesting computer,
• date and time of access,
• name and URL of the retrieved file,
• website from which access is made (referrer URL),
• browser used, and your computer’s operating system where applicable, as well as the name of your access provider.

The data processing of this connection data is essential in order to enable the establishment of a smooth connection to the website, to guarantee convenient use of our website, analyse system security and stability, and for other administrative purposes. The connection data – limited to the most necessary content – is also stored temporarily in internal log files in order to, for example in the case of repeated access or access with criminal intent that threaten the stability and security of our website, find and address the cause. 

 
The legal basis for this processing is Art. 6 Para. 1 lit. b GDPR where the website is accessed as part of initiating or executing a contract, and otherwise Art. 6 Para. 1 Clause 1 lit. f GDPR based on our legitimate interest in enabling the website to be accessed and the permanent functionality and security of our systems.
When you visit our website, we also use cookies and similar technologies. See points 3 to 6 of this privacy policy for more detailed explanations.

 

b) Newsletters

You have the opportunity to subscribe to our newsletters, and so receive regular information about our product and campaigns/events.
For subscription to our newsletter, we use the ‘double opt-in’ process, which means that we will not send you newsletters via email until you have confirmed that you are the owner of the email address provided by clicking on a link in our notification email. One you have confirmed your email address, we will store your data until you unsubscribe from the newsletter. Your data are saved for the purpose of sending you the newsletter and further promotional material that is relevant to you, and as evidence of your subscription. 
The legal basis for processing is your consent pursuant to Art. 6 Para. 1 Clause 1 lit. a GDPR. You can withdraw consent for this at any time with effect for the future by unsubscribing to the newsletter. An unsubscribe link is included in every newsletter. 
So that we can send you personalised information as effectively as possible, in addition to your email address, we may also save other information, depending on the form of newsletter subscription, such as country of origin and background to your activity.
Optionally, we may ask you for further information such as your first name and surname, form of address, title, language, company name, address, telephone number, areas of interest and details of your company (e.g. display area size). If you have provided your express consent pursuant to Art. 6 Para. 1 Clause 1 lit. a GDPR, we will use your data to further personalise our newsletter and to send you other promotional materials where you expressly request this. We will also compare your data with our existing customer data.
We use standard market newsletter tracking methods such as email opened, links clicked on, etc. so that we can serve you with target audience-specific information and optimise our content for you. We want to provide our customers with content that is as relevant as possible and so better understand what our readers are truly interested in. If you do not want your usage behaviour to be analysed, you cannot use the newsletter service.
You may unsubscribe at any time, for example via a link at the end of each newsletter. Alternatively, you can of course simply send a message to the contact details that appear in the newsletter (e.g. via email or letter).
 

c) Contact

If you send us data under the headings Product, Contact, Service, Inspiration or Career (e.g. when ordering informational material), we ask you to provide your name, address or email address and other personal data. We save these data in order to comply with your request.
Not all details are mandatory. Mandatory information is marked with a *.
Data processing for the purpose of contacting us will take place on the basis of your voluntary consent pursuant to Art. 6 Para. 1 Clause 1 lit. a GDPR.
The personal data we collect for use of the contact form will be automatically deleted once your request has been processed (within a maximum of 60 days), unless you have consented to further processing for the purpose of sending you newsletters/promotional materials.
 

d) Applications

You can apply to us for available jobs via our applicant management system. The purpose of the data collection is the selection of applicants for the possible establishment of an employment relationship. In order to receive and process your application, we process the following data in particular: 

•    Full name 
•    Address and further contact details 
•    Date of birth 
•    Application documents (e.g. certificates, CV) 
•    Earliest possible start date and proposed salary 

The legal basis for processing your application documents is Art. 6 Para. 1 Clause 1 lit. b and Art. 88 Para. 1 GDPR in conjunction with Section 26 Para. 1 Clause 1 of the German Data Protection Act (BDSG).
We save your personal data upon receipt of your application. Where we accept your application and an employment relationship is formed, we will save your application data for as long as necessary for the employment relationship and where statutory regulations set out an obligation of retention. 
Where we reject your application, we will store your application data for no longer than six months after submission of your application, unless you provide consent for a longer storage period. You can withdraw this consent at any time with effect for the future.
 

e) Surveys, competitions and campaigns

Should you take part in one of our surveys, we use your data for market and opinion research. In principle, we evaluate the data anonymously for internal purposes. In principle, we evaluate the data anonymously for internal purposes. In the case of anonymous surveys, the GDPR does not apply and in the case of exceptional personal evaluations, the legal basis is the aforementioned consent pursuant to Art. 6 Para. 1 Clause 1 lit. a GDPR.
In the context of competitions and campaigns, such as give-away campaigns for example, we use your data for the purpose of conducting the competition and notifying you of your win or to conduct the campaign. Detailed information can be found in the terms and conditions of participation for the respective competition. The legal basis for the processing is the competition agreement pursuant to Art. 6 Para. 1 Clause 1 lit. b GDPR.
We base the sending of the offer for participation in the competition on your consent pursuant to Art. 6 Para. 1 lit. a GDPR, where you have provided it, and otherwise on Art. 6 Para. 1 lit. f GDPR in connection with Section 7 Para. 3 UWG, based on our vital interest in offering competitions and strengthening customer loyalty.
 

f) Registration

You have the opportunity to register for our login area, and so utilise our website’s full range of functions. The data you are obliged to provide (company, category, name, address, email address) are marked with a * as mandatory fields. Without these data, registration is not possible. The legal basis for processing is Art. 6 Para. 1 Clause 1 lit. b GDPR. For all other data, the legal basis is our vital interest pursuant to Art. 6 Para. 1 lit. f GDPR in order to enable you to individualise, adapt and modify your account, or your consent pursuant to Art. 6 Para. 1 lit. a GDPR where you have granted it.

 

2. Transmission of data

Your personal data will not be transmitted to third parties for purposes other than those listed below.
We will pass on your personal data to third parties only if:

•    You have given your explicit permission in accordance with Art. 6 Para. 1 Clause 1 lit. a GDPR,
•    Disclosure is required in accordance with Art. 6 Para. 1 Clause 1 lit. f GDPR for the establishment, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest in the non-disclosure of your data that is worthy of protection,
•    There is a statutory obligation for such transfer pursuant to Art. 6 Para. 1 Clause 1 lit. c GDPR, in particular where this is required for prosecution or legal enforcement due to official enquiries, court rulings and legal proceedings, or
•    It is lawfully permissible and required for the processing of contractual relationships with you in accordance with Art. 6 Para. 1 Clause 1 lit. b GDPR.
 
A proportion of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, these may include, in particular, marketing agencies, consulting firms, data centres which store our website and databases, and IT service providers which maintain our systems. Data may also be the transferred within our group of companies. Where we pass data onto our service providers, they may use the data exclusively for the fulfilment of their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have appropriate technical and organisational measures in place to protect the rights of the data subjects and are regularly monitored by us.

 

a) Email marketing service provider 

We use the provider port-neo AG (Engesserstrasse 4a, 79108 Freiburg) to carry out our email marketing. This requires that we pass on your master data (name, address, email address and, if applicable, company, reference group, telephone number, website) as well as your registration data (IP address, permission, date of entry) to this provider. 
The legal basis for this is Art. 6 Para. 1 Clause 1 lit. f GDPR, based on our legitimate interest in the efficient execution of product advertising and customer communication, the provision of information and work materials, lead generation and lead qualification. Further information can be found in the privacy policy of port-neo AG.

 

b) Website marketing service provider

We use the services of the provider Louis Internet GmbH (Moritz-Rülf-Straße 1, 32756 Detmold) to provide our website and its associated functions. This means that it may sometimes be necessary to pass on your master and usage data to this provider. 
The legal basis for this is Art. 6 Para. 1 Clause 1 lit. f GDPR, based on our legitimate interest in the provision of an appealing and useful website to represent our company, product advertising and customer information. Further information on data protection can be found in the privacy policy of LOUIS Internet GmbH.

c) Advertising materials service provider, mail order

We use the service provider PROWERB Werbe- und Versandservice GmbH (Huissener Strasse 7-9, 47533 Kleve) to despatch advertising materials such as catalogues. In order to be able to send you catalogues etc., it is necessary to transmit your master and usage data to this service provider. 
The legal basis for this is Art. 6 Para. 1 Clause 1 lit. f GDPR, based on our legitimate interest in the efficient despatch of attractive advertising materials such as catalogues and colour charts. Please see the Prowerb privacy policy for further details.
 

d) Localisation of website visitors

We use the GeoIP service provided by MaxMind Inc (14 Spring Street, Waltham, MA 02451, USA) to direct website users to a suitable country version of our website. The transfer of your IP address to this provider will be required for this purpose. Since this involves the transfer of data to the USA, we have concluded a data processing agreement and standard contractual clauses with MaxMind to guarantee an adequate level of data protection. 
The legal basis for this is Art. 6 Para. 1 Clause 1 lit. f GDPR, based on our legitimate interest in being able to show our customers the website that is relevant to them.
See the MaxMind Inc. privacy policy for further details.
 

e) Webinars

To enable website users to participate in webinars, we work with the service provider ieQ-systems GmbH & Co. KG (Fridtjof-Nansen-Weg 8, 48155 Münster). When you register for a webinar, you provide your details, i.e. First name/surname, company and email address, to this service provider so that they can send you information about this event. 
We process your data based on the legitimate interest in providing webinars to users of the website pursuant to Art. 6 Para. 1 Clause 1 lit. f GDPR. Without this processing, participation in a webinar is not possible.
You can find further information regarding the protection of your data in the context of a webinar online here: www.logmeininc.com/de/gdpr/gdpr-compliance.

 

f) Microsoft Teams

We may use the Microsoft Teams service offered by Microsoft Ireland Operations Limited, South County Business Park, Leopardstown, Dublin 18, Republic of Ireland for communication. This allows text messages to be exchanged in chats and audio and video calls to be made. You can contact our staff via a link in the email signature and write to or call them directly in Teams.

The following data may be processed during communication via Microsoft Teams:

•    Information on your person: possibly including display name, first name, last name, telephone number, email address, password (encrypted for authentication), profile image;
•    When using the chat: text messages;
•    When using audio: Recording data of the microphone;
•    When using video: Recording data of the video camera:
•    When using screen sharing: Recording data of the desktop:
•    When using the telephone: incoming and outgoing telephone numbers, country name, start and end time, possible further connection data, such as the device IP address;
•    Metadata: IP address, possibly telephone number, type of device and software, time of last activity on Teams, number of chat messages, number of calls made, duration of audio, video and screen sharing.

Microsoft also saves and uses the metadata in order to allow an aggregated analysis and reporting on the use of Teams.
All data traffic during the use of Microsoft Teams is encrypted (generally TLS 1.2 with Perfect Forward Secrecy (PFS), MTLS for text messages and SRTP for audiovisual content) and the encrypted data storage is generally on servers in the European Economic Area (EEA).

The legal basis for data processing in connection with the fulfilment of a contract or the implementation of pre-contractual measures is Art. 6 Para. 1 Clause 1 lit. b GDPR. Otherwise the legal basis for this is Art. 6 Para. 1 Clause 1 lit. f GDPR, based on our legitimate interest in providing a secure and functional communication channel.

We have concluded a data processing agreement with Microsoft. Where data is transferred to the USA in exceptional cases, Microsoft Ireland Operations Limited has concluded standard contractual clauses with Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, and taken additional measures. You can find more information in the Microsoft privacy policy at privacy.microsoft.com/de-de/privacystatement.

 

g) Complaint Management Tool DISS-CO

To enable you to report violations of rules and laws at Franz KALDEWEI GmbH & Co. KG and to handle reported cases in a legally secure and effective manner, we use the DISS-CO whistleblowing and complaint management tool.

As part of the use of the complaint tool, the following types of personal data may be processed for the following purposes:

We may process the personal data of the whistleblowers (e.g., first and last name, function/title, salutation) and contact information (email address, telephone number, address) to provide access to DISS-CO and to offer the service. We process information about the whistleblowers and accused persons, as well as other individuals named in the report, entered by the whistleblowers into the whistleblowing system, such as basic data like name, function/title, or contact information like email address or address, and other personal data related to the employment relationship, as well as information identified in the reports and subsequent procedures during processing, clarification/investigation, including details about the claims and allegations raised and supporting evidence, date and time of calls, for the purpose of investigating the reports, and associated with the purpose of preventing and detecting violations of applicable law or rule breaches, assessing the validity of the claims and allegations raised in the reports, and, if necessary, taking action against the reported violation and/or implementing follow-up measures such as internal investigations, inquiries, law enforcement actions, as necessary to achieve the purpose. We process special categories of personal data within the meaning of Art. 9 GDPR, such as information about criminal behavior or data on unlawful or inappropriate behavior, only if such data is entered into the whistleblowing system by the whistleblowers.

The processing of the aforementioned personal data is based on the legal obligation under Art. 6 para. 1 lit. c GDPR in conjunction with §§ 10, 13 Whistleblower Protection Act (hereinafter: HinSchG) and, if applicable, concerning the data of the whistleblowers, based on the consent according to Art. 6 para. 1 lit. a GDPR, if they have given their consent. The processing of the above-mentioned data also takes place on the basis of the public interest according to Art. 6 para. 1 lit. c, Art. 9 para. 2 lit. g GDPR, § 10 HinSchG, if the report involves the processing of special categories of data according to Art. 9 para. 1 GDPR.

We store your data until the purposes of processing have been achieved and no statutory retention periods oppose this. The respective data is stored depending on the specific investigation result, initially until the investigation is completed. After the completion of the respective procedure, the documentation of the respective reports is stored for a further three years in accordance with the requirements of the HinSchG (§ 11 para. 5 HinSchG). Longer retention due to legal obligations is possible and provided for in § 11 para. 5 sentence 2 HinSchG. The initiation of further legal steps could require further retention (e.g., initiation of criminal proceedings or disciplinary actions). If there are no statutory retention periods, we will delete your data three years after the completion of the respective procedure or investigation.

 

3. Cookies and similar technologies

This website uses cookies and similar technologies (collectively knows as ‘Tools’) which are provided either by ourselves or by third parties.
A cookie is a small text file which the browser saves on your device. Cookies re not used to run programs or to upload viruses onto your computer. Similar technologies include, in particular, web storage (local/session storage), fingerprints, tags or pixels. Most browsers accept cookies and similar technologies as standard. However, you can generally change your browser settings so that cookies or similar technologies are blocked, or are saved only with prior consent. If you block cookies or similar technologies, it is possible that not all our services will function properly for you.
The tools we use are listed and explained by category below (points 4 to 6). We also set out in which instances we obtain your consent for the use of tools, and how you can revoke this consent. We explain how we obtain your consent below under 4 a) Usercentrics.

You can withdraw your consent to data processing by cookies and similar technologies at any time by deselecting the relevant tools or tool categories in the Usercentrics settings.

TO DATA PROTECTION SETTINGS

4. Essential tools

We use certain tools to enable the basic functions of our website (‘essential tools’). These include, for example, tools for preparing and displaying website content, for managing and integrating tools, for providing payment processing services, for detecting and preventing fraud, and for guaranteeing the security of our website. Without these tools, we would not be able to provide our service. Necessary tools are therefore used without consent. 
The legal basis for essential tools is their necessity for fulfilment of our vital interests as per Art. 6 Para. 1 Clause 1 lit. f GDPR in the provision of the respective basic functions and the operation of the website. In the cases in which the provision of the respective website functions is necessary to fulfil a contract or to implement pre-contractual measures, the legal basis for data processing is Art. 6 Para. 1 Clause 1 lit. b GDPR. Access to and saving of information on the end device is absolutely essential in these cases and occurs on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany as per Section 25 Para. 2 TTDSG.
To save whether you have already seen the notification about our newsletter, we set the necessary ’newsletterRegistrationLayerAlreadySeen’ cookie for 1 year. It does not contain any personal data.

 

a) Usercentrics – obtaining your consent

To obtain and manage your consent, we use the Usercentrics tool provided by Usercentrics GmbH, Rosental 4, 80331 Munich (‘Usercentrics’). This generates a banner which informs you of data processing on our website, and gives you the option to agree to all, individual or no data processing through optional tools. This banner appears on the first visit to our website, when you go back to your settings choices to change them or to revoke consent, or if you click on ‘Go to settings’ in the message field of a tool that has not been loaded due to lack of consent. The banner also appears on further visits to our website if the settings saved by Usercentrics have been deleted in the local storage.
During your visit to our website, your consents or revocation, your IP address, information about your browser, your device and the time of your visit are transmitted to Usercentrics. Usercentrics also saves necessary information in the local storage (‘ucSettings’, ‘ucConsents’, ‘usercentrics“’) to save your consent and revocation orders. If you delete your information in the local storage, we will ask for your consent again when you access the site at a later date.
This data processing by Usercentrics is necessary to provide you with the legally required consent management, and fulfil our documentation obligations. The legal basis for the use of Usercentrics is Art. 6 Para. 1 Clause 1 lit. c GDPR to comply with the legal requirements with respect to cookie consent management.

 

b) Google ReCAPTCHA

Our website uses the Google reCAPTCHA service, which for users from the European Economic Area and Switzerland is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively known as ’Google’). reCAPTCHA prevents automated software (called bots) from carrying out improper activities on the website, i.e. it checks whether the entries made are actually from a human being. To do this, reCAPTCHA uses JavaScript and saves cookies and information in the local storage on your end device. The following data is processed in particular:

•    Referrer (address of the site on which the Captcha is used), 
•    IP address, 
•    cookies used by Google, 
•    entry behaviour of the user (e.g. answering the reCAPTCHA question, speed of entries in the form fields, order in which the user selects the entry fields), 
•    browser type, 
•    browser plug-ins, 
•    browser size and resolution, 
•    date, 
•    language setting, 
•    presentation instructions (CSS) and scripts (Javascript).
 

Google also reads cookies from other Google services such as Gmail, Search and Analytics. If you do not wish to be linked with your Google account in this way, you must log out of Google before visiting our contact page.
The specified data are sent to Google in encrypted form. Google’s analysis determines the form in which the captcha is displayed on the page. The use of reCAPTCHA is subjected to statistical analysis. Google states that it does not use your data for personalised advertising. 
The legal basis is the necessity for the fulfilment of a contract or the implementation of pre-contractual measures pursuant to Art. 6 Para. 1 Clause 1 lit. b GDPR, for example in the context of registering a user account, the use of a contact form or subscription to a newsletter. Google reCAPTCHA serves to safeguard IT security, guarantee the stability of our website and prevent misuse.
In some cases, the data may also be processed on servers in the USA. In the event that personal data is transferred to the USA or other third countries, this is done on the basis of Art. 49 Para. 1 Clause 1 lit. b GDPR to enable the fulfilment of a contract with you or the implementation of pre-contractual measures.
You can find more information on this 
•    in the Google Privacy Policy: https://policies.google.com/privacy.
•    in Google’s terms of use: https://policies.google.com/terms.
 

c) Design@Web

We use the Design@Web tool to provide a bathroom planning tool for the purpose of advising customers.
The tool allows you to save and print out the plans you have prepared, provided you have registered with an account. In addition, necessary cookies with a storage period of one week are set to temporarily save the planning status (before saving/printing the planning) in order to be able to return to the started planning for a limited period of time. If you have consented to the use of Google Analytics, a usage analysis is also carried out when you use Design@Web.
For registration, at least your email address, salutation, first name and surname, country and profession are collected. This information is marked as a mandatory with a *. The account is activated following successful double opt-in. If you also subscribe to the newsletter when registering, we refer you to the ‘Newsletter’ section under 1. b).
The legal basis is the necessity for the fulfilment of a contract or the implementation of pre-contractual measures pursuant to Art. 6 Para. 1 Clause 1 lit. b GDPR.

 

5. Functional tools

We additionally use tools to improve the user experience on our website and so that we can offer you more functions (‘functional tools’). While these are not strictly necessary for the basic functionality of the website, they can deliver considerable benefits for users, in particular in terms of user-friendliness and the provision of additional communication, display or payment channels.
The legal basis for the functional tools – unless specified otherwise – is your consent pursuant to Art. 6 Para. 1 Clause 1 lit. a GDPR, which you provide via the consent banner or in the respective tool itself by allowing its use via an overlay. Access to and saving of information on the end device then occurs on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany as per Section 25 Para. 1 TTDSG. You may revoke your consent to use the tools at any time. To do this, click on ‘Privacy settings’ at the bottom of the page, which will display the cookie banner again and allow you to select or deactivate individual tools.
In the event that personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 Para. 1 Clause 1 lit. a GDPR). The cookie banner and this privacy policy (“Data transfer to third countries”) inform you of the associated risks.

 

a) Google Fonts

Our website uses the Google Fonts service, which for users from the European Economic Area and Switzerland is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively known as “Google”).
When you access a website, your browser loads the necessary fonts so that texts are displayed correctly and attractively. To do this, your browser needs to establish a connection to the Google servers. The server with which a connection is established may be located in the USA. This tells Google that you accessed our website from your IP address. According to Google, such access is separate from other Google services that require user authentication. There is no merger with other data. No cookies are saved.
Google Fonts serves a uniform and appealing presentation of our online presence through maintenance-free and efficient use of fonts, also taking into account any licensing restrictions for their local integration. The server with which a connection is established may be located in the USA. 
The legal basis for processing is your consent pursuant to Art. 6 Para. 1 lit. a GDPR. Access to and saving of information in the end device then occurs on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany as per Section 25 Para. 1 TTDSG. The transfer of your data to the USA and other third countries is based on your explicit consent pursuant to Art. 49 Para. 1 lit. a GDPR. 
You can find further information:
•    in the FAQs: https://developers.google.com/fonts/faq;
•    in the Google Privacy Policy: https://policies.google.com/privacy.

 

b) Google Tag Manager

Our website uses the Google Tag Manager service, which for users from the European Economic Area and Switzerland is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively known as ’Google’).
Google Tag Manager is used solely to manage website tools by integrating ‘website tags’. A tag is an element stored in the source code of our website to execute a tool, for example through scripts. Where these are optional tools, these are integrated by Google Tag Manager only with your consent. Google Tag Manager does not use cookies.
The legal basis for this is Art. 6 Para. 1 lit. GDPR, based on our legitimate interest in being able to integrate and manage multiple tags simply. 
For the purposes of ensuring stability and functionality, Google collects information on which tags are integrated by our website when using the Google Tag Manager, but in principle no personal data, in particular no data on user behaviour, the IP address or the pages visited.
We have concluded a data processing agreement with Google. In the event that personal data is transferred to the USA, we have agreed standard contractual clauses with Google.
You can find more details about this in the Google Tag Manager information: https://support.google.com/tagmanager/answer/9323295
 

c) YouTube

On our website we use videos from YouTube LLC, 901 Cherry Ave., 94066 San Bruno, CA, USA (‘YouTube’), a company owned by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’). We have integrated YouTube videos into our online offering; these are stored on YouTube and can be played directly from our website. In this, YouTube ma save information such as cookies, local storage and session storage on your end device and execute JavaScript, which accesses information on your end device. 
YouTube can place the following cookies:

•    “PREF” (8 months): Saves settings such as autoplay and video size.
The following information is saved in the local storage:
•    “yt-remote-device-id”: Saves the device ID;
•    “yt-player-headers-readable”: Saves the option of reading the player header information;
•    “yt.innertube::requests”: Saves the user’s queries;
•    “yt.innertube::nextId”: Saves the ID of the next video;
•    “yt-remote-connected-devices”: Saves the connected end devices;
•    “yt-player-bandwidth”: Saves the bandwidth of the connection;
•    “yt-player-volume”: Saves the volume of the video;
•    “yt-player-quality”: Saves the resolution/quality of the video;
•    “yt-player-performance-cap”: Saves a potential cap on the resolution due to the bandwidth of the connection.
•    “yt-html5-player-modules::subtitlesModuleData::module-enabled”: Saves whether subtitles are activated.
The following information is saved in the session storage:
•    “yt-remote-session-app”: Saves the type of end device;
•    “yt-remote-cast-installed”: Saves whether YouTube streaming is installed;
•    “yt-remote-session-name”: Saves the type of end device;
•    “yt-remote-cast-available”: Saves whether YouTube streaming is available;
•    “yt-remote-fast-check-period”: Saves the check of the connection bandwidth;
•    “yt-player-volume”: Saves the volume of the video;
•    “yt-player-caption-language-preferences”: Saves the language of the subtitles.

The legal basis for processing is your consent pursuant to Art. 6 Para. 1 lit. a GDPR. Access to and saving of information in the end device then occurs on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany as per Section 25 Para. 1 TTDSG. The transfer of your data to the USA and other third-party countries is based on your explicit consent pursuant to Art. 49 Para. 1 lit. a GDPR. 
When you visit the website, YouTube and Google receive the information that you have accessed the corresponding subpage of our website. This happens irrespective of whether you are logged into YouTube or Google. YouTube and Google use this data for the purposes of advertising, market research and the needs-based design of their websites. If you access YouTube on our website when you are logged into your YouTube or Google profile, YouTube and Google may also link this event with the respective profiles. If you do not wish this link to be created, you must log out of Google before visiting our website.
In addition to revoking your consent, you also have the option to deactivate personalised advertising in Google's advertising settings. In this case, Google will display only non-customised advertising: https://adssettings.google.com/.
You can find further information in Google's privacy policy, which also applies to YouTube: https://policies.google.com/privacy?hl=de&gl=de.

 

d) Google Maps

Our website uses the Google Maps mapping service, which for users from the European Economic Area and Switzerland is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively known as ’Google’). 
In order for the Google map material we use to be integrated and displayed in your web browser, your web browser must connect to a Google server, which may also be located in the United States, when visiting a subpage that has integrated maps from Google maps. Google Maps also uses JavaScript, which accesses information on your end device, to enable the functionality of the map service. 
The legal basis for processing is your consent pursuant to Art. 6 Para. 1 lit. a GDPR. Access to and saving of information in the end device then occurs on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany as per Section 25 Para. 1 TTDSG. The transfer of your data to the USA and other third-party countries is based on your explicit consent pursuant to Art. 49 Para. 1 lit. a GDPR. 
This gives Google the information that the subpage of our website on which maps from Google maps are integrated has been accessed from the IP address of your device. If you access the Google Maps service on our site while logged in to your Google profile, Google may also link this event to your Google profile. If you do not wish to be linked with your Google profile, you must log out of Google before visiting our subpage on which maps from Google Maps are integrated. Google stores your data and uses them for the purposes of advertising, market research and personalised presentation of Google Maps.
You can find more information on this:

•    in the Privacy Policy for Google and Google Maps: https://www.google.com/intl/de/policies/privacy/index.html
•    in the additional terms of use for Google Maps:  https://www.google.com/intl/de/help/terms_maps.html.
 

e) P&I Loga - Bewerber3

We use the application management system P&I LogaHR - Bewerber3 from P&I Personal & Informatik AG, Kreuzberger Ring 56, 65205 Wiesbaden, Germany, which is integrated on our website under ‘vacancies’. Bewerber3 enables our vacancies to be displayed, searched and applied for. Bewerber3 also carries out aggregated usage analysis using the Matomo tool. Bewerber3 further facilitates the maintenance and management of applications and job vacancies in the context of the overall recruitment process, including email correspondence and the scheduling of interviews. The specialist departments and the works council are also involved in this process.
On the application form, the mandatory information is marked with a *.
Bewerber3 processes the following data: technical information (operating system; browser type, version and language; device type, make, model and resolution), IP address, referrer URL (previously visited page), pages accessed (date, time, URL, title, time spent), application data from the form on the website (master data (min. first name, surname, street, postcode, city, country, telephone, email address), framework data, where applicable data regarding school-leaving qualifications and languages as well as attachments (covering letter, CV, references, photo), further application-related data communicated during the recruitment process.
The legal basis for processing is your consent pursuant to Art. 6 Para. 1 lit. a GDPR. 
Bewerber3 uses cookies to save the current session. The data is processed in a data centre in Germany. We have concluded an order processing contract for P&I LogaHR with P&I Personal & Informatik AG. For further information on the processing of application data, please refer to our paragraph "Applications" under 1. d).

 

6. Analysis tools

To improve our website, we use optional tools to recognise return visitors and to statistically record and analyse the general usage behaviour based on access data (“analysis tools”). We also use analysis services to analyse the use of our various marketing channels. The usage information gathered is processed and allows us to trace the usage habits of our visitors. This helps us to adapt and optimise the design of our website and to make the use experience more pleasant. 
The legal basis for the analysis tools is your consent pursuant to Art. 6 Para. 1 lit. a GDPR. Access to and saving of information in the end device then occurs on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany as per Section 25 Para. 1 TTDSG. To withdraw your consent, see “Withdrawal of consent or change to your selection”. 
In the event that personal data is transferred to third countries (e.g. the USA), your consent also expressly extends to the transfer of data (Art. 49 Para. 1 lit. a GDPR). Please see Section 9 (“Data transfer to third countries”) for the risks associated with this.

 

a) Google Analytics

This website uses Google Analytics, a web analysis service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (‘Google’).
Google Analytics uses cookies and similar technologies to analyse and improve our website based on your user behaviour. However, your IP address is truncated before the usage statistics are evaluated, so that no conclusions can be drawn regarding your identity. For this purpose, Google Analytics has been extended on our website with the ‘anonymizeIP’ code to ensure the anonymous collection of IP addresses.
Google will process the information obtained by the cookies in order to evaluate your use of the website, to compile reports on the website activities for the website operators and to provide further services associated with the use of the website and the internet. GA Audience also performs target audience remarketing in the context of the activated advertising function. The data arising in this context may be transferred by Google to a server in the USA for evaluation and stored there.
In particular, Google Analytics uses the following cookies for the specified purpose with the respective storage duration: 
•    “_ga” for 2 years and “_gid” for 24 hours (both to identify and differentiate website visitors by means of a user ID); 
•    “_gat” for 1 minute (to reduce requests to the Google servers); “IDE” for 13 months (third-party cookie identify and differentiate website visitors by means of a user ID, to record the interaction with advertising and in the context of playing personalised advertising).
The legal basis for processing is your consent pursuant to Art. 6 Para. 1 lit. a GDPR. Access to and saving of information in the end device then occurs on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany as per Section 25 Para. 1 TTDSG.
We have concluded a data processing agreement with Google for the use of Google Analytics. In the event that personal data is transferred to the USA, we have agreed standard contractual clauses with Google pursuant to Art. 46 Para. 2 lit. c GDPR. In addition, we ask for your explicit consent pursuant to Art. 49 Para. 1 lit. a GDPR regarding the transfer of your data to third countries. 
You can find further information about this in the Google Analytics privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

 

7. Marketing tools

In addition, we use tools for the statistical collection and analysis of general usage behaviour based on usage data, in particular to optimise and improve our website, as well as for advertising purposes (‘marketing tools’). Some of the usage data generated when using our website is used for interest-based advertising and to evaluate our marketing channels. Analysing and evaluating this usage data enables us to show you personalised advertising that actually corresponds to your interests and needs on our website and on the websites of other providers. In doing so, we also analyse your usage behaviour in order to recognise you on other sites and to address you personally based on your use of our site (known as retargeting). We also analyse the effectiveness and success of our advertising campaigns (esp. conversions and leads). 
Marketing tools also include optional tools from the social networks that serve to share posts and content via these networks (social media plugins).
The legal basis for these functional tools – unless specified otherwise – is your consent pursuant to Art. 6 Para. 1 Clause 1 lit. a GDPR. Access to and saving of information in the end device then occurs on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany as per Section 25 Para. 1 TTDSG.
In the event that personal data is transferred to the USA or other third countries, your consent also expressly extends to the transfer of data (Art. 49 Para. 1 Clause 1 lit. a GDPR). The cookie banner and this privacy policy inform you of the associated risks.
In the section below, we would like to explain these technologies and the providers we engage for them in more detail. The data collected may include the following in particular: 

•    The IP address of the device; 
•    The ID number of a cookie; 
•    The device ID for mobile devices; referrer ID (site visited previously);
•    Sites accessed (date, time, URL, title, dwell time); 
•    Files downloaded; 
•    Links to other websites clicked; 
•    Achievement of certain targets (conversions) if applicable); 
•    Technical information: operating system; browser types, version and language; device type, brand, model and resolution; approximate location (country and possibly city).
The data collected is saved exclusively in pseudonymised format so that there can be no direct conclusions drawn concerning individuals.
You may revoke your consent to use the tools at any time. To do this, click on ‘Privacy settings’ at the bottom of the page, which will display the cookie banner again and allow you to select or deactivate individual tools.

 

a) Google Ads Conversion Tracking and Ads Remarketing (formerly AdWords)

Our website uses the ‘Google Ads’ services, which for users from the European Economic Area and Switzerland is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively known as ’Google’).
Google Ads uses ‘Google Ads Conversion Tracking’ to record and analyse customer actions defined by us (such as clicking on an advertisement, page views, downloads). We use ‘Google Ads Remarketing’ so that we can show you customised advertising messages for our products on Google partner websites.
The data arising in this context may be transferred by Google to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, we have agreed standard contractual clauses with Google.
In particular, Google uses the following cookies for the specified purpose with the respective storage duration: 

•    “IDE” for 13 months (third-party cookie identify and differentiate website visitors by means of a user ID, to record the interaction with advertising and in the context of playing personalised advertising; 
•    “1P_JAR” for 1 month (optimisation of personalised advertising, preventing the same advertisement from being played multiple times); 
•    “DV” for 5 minutes (user preferences, such as language); 
•    “NID” for 6 months (settings for Google services and further functions for advertising purposes).

The legal basis for processing is your consent pursuant to Art. 6 Para. 1 lit. a GDPR. Access to and saving of information in the end device then occurs on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany as per Section 25 Para. 1 TTDSG. The transfer of your data to the USA and other third countries is based on your explicit consent pursuant to Art. 49 Para. 1 lit. a GDPR. 
If you use a Google account, Google may, depending on the settings stored in the Google account, link your web and app browsing history to your Google account and use information from your Google account to personalise advertisements. If you do not wish to be linked with your Google account in this way, you must log out of Google before visiting our website.
If you have not consented to the use of Google Ads, Google will display only general advertising that has not been selected on the basis of information collected about you on this website. In addition to withdrawing your consent, you also have the option to deactivate personalised advertising in the Google advertising settings: https://adssettings.google.com/.
You can find more information on this:
•    in the information on data use: https://policies.google.com/technologies/ads;
•    in the Google Privacy Policy: https://policies.google.com/privacy.
 

b) Microsoft Advertising (formerly Bing Ads)

Our website uses Microsoft Advertising, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (‘Microsoft’). Microsoft uses cookies and similar technologies to present advertisements relevant to you. The use of these technologies enables Microsoft and its partner websites to place advertisements based on previous visits to our or other websites on the internet. To this end, we also analyse your usage behaviour and use retargeting technologies. The data arising in this context may be transferred by Microsoft to a server in the USA for evaluation and stored there.
In particular, Microsoft Advertising places the following cookies for the purpose specified and with the respective storage duration: ‘_uetsid’ for 24 hours (session ID); ‘_uetvid’ for 16 days (user identification, usage analysis and to play personalised advertising); ‘MUID’ for 1 year (visitor identification, usage analysis and to play personalised advertising).
In particular, Microsoft Advertising saves the following information in the local storage: ‘_uetsid’ and ‘_uetvid’ (the same purposes as the corresponding cookies); ‘_uetsid_exp’ and ‘_uetvid_exp’ (information about the expiry date of cookies).

The legal basis for processing is your consent pursuant to Art. 6 Para. 1 lit. a GDPR. Access to and saving of information in the end device then occurs on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany as per § 25 Para. 1 TTDSG. The transfer of your data to the USA and other third countries is based on your explicit consent pursuant to Art. 49 Para. 1 lit. a GDPR. 

In addition to revoking your consent, you also have the option to deactivate Microsoft Advertising personalised advertisements in the advertising settings in your Microsoft account:
 https://about.ads.microsoft.com/de-de/ressourcen/richtlinien/personalisierte-anzeigen und http://choice.microsoft.com/de-de/opt-out.
You can find more information about this on the Microsoft Advertising help pages, and Microsoft’s data protection provisions:
 https://help.bingads.microsoft.com/#apex/3/de/53056/2 und https://privacy.microsoft.com/de-de/privacystatement.
 

c) The Trade Desk

Our website uses The Trade Desk, a service of The Trade Desk, Inc. 42 N. Chestnut Street Ventura, CA 93001 USA (‘The Trade Desk’). The Trade Desk uses cookies and similar technologies to present advertisements that are relevant to you. The use of these technologies enables The Trade Desk and its partner websites to place advertisements based on previous visits to our or other websites on the Internet. The data arising in this context may be transferred from The Trade Desk to a server in the USA for evaluation and stored there.
You can find further information in the data protection provisions of The Trade Desk: https://www.thetradedesk.com/general/privacy.

 

d) Google Marketing Platform and Ad Manager (formerly DoubleClick)

Our website uses the Google Marketing Platform and the Google Ad Manager, services which for users from the European Economic Area and Switzerland are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, and for all other users by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (collectively known as ’Google’).
These services use cookies and similar technologies to present advertisements that are relevant to you. The use of these services enables Google and its partner websites to place advertisements based on previous visits to our or other websites on the internet. The data arising in this context may be transferred by Google to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, we have agreed standard contractual clauses with Google.
In particular, Google uses the following cookies for the specified purpose with the respective storage duration: 
•    “IDE” for 13 months (third-party cookie identify and differentiate website visitors by means of a user ID, to record the interaction with advertising and in the context of playing personalised advertising; 
•    “1P_JAR” for 1 month (optimisation of personalised advertising, preventing the same advertisement from being played multiple times); 
•    “DV” for 5 minutes (user preferences, such as language); 
•    “NID” for 6 months (settings for Google services and further functions for advertising purposes).
The legal basis for processing is your consent pursuant to Art. 6 Para. 1 lit. a GDPR. Access to and saving of information in the end device then occurs on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany as per Section 25 Para. 1 TTDSG. The transfer of your data to the USA and other third countries is based on your explicit consent pursuant to Art. 49 Para. 1 lit. a GDPR. 
If you have not consented to the use of Google Marketing Platform and Ad Manager, Google will display only general advertising that has not been selected on the basis of information collected about you on this website. In addition to withdrawing your consent, you also have the option to deactivate personalised advertising in the Google advertising settings: https://adssettings.google.com/.
You can find further information about this in Google’s privacy policy: https://policies.google.com/?hl=de.
 

e) Meta pixel (formerly Facebook pixel)

For marketing purposes, our websites use the service “Meta pixel” from the social network Facebook, which for users outside the USA and Canada is offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, and for all other users by Meta Platforms Inc., 1601 Willow Road, Menlo Park, California 94025, USA (together “Facebook”). 
We use Facebook pixel to analyse the general use of our websites and to track the effectiveness of advertising (‘Conversion Tracking’). We also use Meta pixel to play you personalised advertising messages in the social networks of Meta Platforms (such as Facebook and Instagram) based on your interest in our products (retargeting). Custom Audience also performs target audience remarketing. The data arising in this context may be transferred by Meta Platforms to a server in the USA for evaluation and stored there. 
To this end, Meta Platforms processes data that the service collects via JavaScript, cookies and other technologies on our websites. These include the following in particular: 

•    http header information such as information on the browser used (e.g. user agent, language);
•    Information on events such as “page access”, further object properties and buttons clicked by visitors to the website;
•    Online identifiers such as IP addresses and, where provided, Facebook Business-related identifiers or device IDs (such as advertising IDs for mobile operating systems) and information on the status of deactivation/limitation of advertisement tracking. 
Facebook pixel places the following cookies for the purpose specified and with the respective storage duration: 
•    “_fbp” for 3 months (usage analysis and retargeting).

The legal basis for processing is your consent pursuant to Art. 6 Para. 1 lit. a GDPR. Access to and saving of information in the end device then occurs on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany as per Section 25 Para. 1 TTDSG. The transfer of your data to the USA and other third countries is based on your explicit consent pursuant to Art. 49 Para. 1 lit. a GDPR. 
The data arising in this context may be transferred by Meta to a server in the USA for evaluation and stored there. In the event that personal data is transferred to the USA, we have agreed standard contractual clauses.
If you are member of Facebook or Instagram and have allowed Meta Platforms to do so via the privacy settings of your account, Facebook or Instagram can also link the information collected about your visit to us to your member account and use it for the targeted placement of advertisements. You can view and amend the privacy settings of your Facebook profile at any time: https://m.facebook.com/privacy/touch/basic/.
You can prevent linking to other data gathered outside Instagram for the placement of personalised advertising in Instagram as follows: 
https://de-de.facebook.com/help/instagram/2885653514995517?locale=de_DE.
If you have not consented to the use of Meta pixel, Meta Platforms will display only general advertising that has not been selected on the basis of information collected about you on this website.
You can find more information on this, in particular on the shared responsibility and the contact details, in the privacy policy of Meta Platforms, in particular for the social networks Facebook and Instagram: https://www.facebook.com/about/privacy/.

 

8. Online presence on social networks

We maintain an online presence on social networks so that we can communicate there with customers, prospects and other interested parties, and provide information about our products and services.
The respective social networks general process users’ data for market research and advertising purposes. This allows usage profiles to be created based on users’ interests. To this end, cookies and other identifiers are stored on the user’s computer. On the basis of these usage profiles, advertisements, for example, are then placed within the social networks, as well as on third-party websites.
As part of operating our online presence, we may possibly access information such as statistics on the use of our online presence, which are provided by the social networks. These statistics are aggregated, and in particular may include demographic information and data regarding interaction with our online presence and the posts and content disseminated via them. See the list below for details and links to the social network data that we as operator of the online presence have access to. The collection and use of these statistics are generally subject to shared responsibility. Where this applies, the relevant contract is listed below. 
The legal basis for the data processing is Art. 6 Para. 1 Clause 1 lit. f GDPR, based on our legitimate interest in effectively informing and communicating with users, and Art. 6 Para. 1 Clause 1 lit. b GDPR, to maintain contact with our customers and provide them with information, and to execute pre-contractual measures with future customers and prospects.
Where you have an account on the social network, we may be able to see the information and media you make public when we access your profile. In addition, the social network may allow us to get in touch with you, for example in the form of direct messages or via posts. Content-related communication via the social network and the processing of content-related data is subject to the responsibility of the social network as a messenger and platform service. At the point at which we adopt or further process your personal in our own systems, this is our independent responsibility and is conducted in order to conduct precontractual measures and to fulfil a contract pursuant to Art. 6 Para. 1 lit. c GDPR. 
For the legal basis of the data processing carried out by the social networks under their own responsibility, please refer to the data protection information of the respective social network. The links below will take you to further information regarding the respective data processing and the options to object.
Please note that data protection requests can be asserted most efficiently with the respective social network provider, as only these providers have access to the data and can take appropriate measures directly. You are of course welcome to contact us with any concern. In this case, we will process your enquiry and forward it to the provider of the social network. 
Below is a list with information concerning the social networks on which we maintain an online presence:

•    Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland): Privacy policy: https://www.facebook.com/policy.php;
•    Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland): Privacy policy: https://help.instagram.com/519522125107875
•    Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland): 
    Privacy policy: https://policies.google.com/privacy
    Opt-out: https://www.google.com/settings/ads;
•    LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland): Operation of the LinkedIn company site in joint responsibility based on an agreement concerning the joint processing of personal data (‘Page Insights Joint Controller Addendum’): https://legal.linkedin.com/pages-joint-controller-addendum; Information concerning the Page Insights Data and contact options in the event of data protection enquiries: https://legal.linkedin.com/pages-joint-controller-addendum; Privacy policy: https://www.linkedin.com/legal/privacy-policy; Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out;
•    Pinterest (Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland): Privacy policy: https://policy.pinterest.com/de/privacy-policy.

 

9. Data transfer to third-party countries

As explained in this privacy policy, we use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. Where this is the case, and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations.
Where this is not possible, we base the transfer of data on exceptions to Art. 49 GDPR, in particular your express consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.
If a transfer to a third country is provided for and no adequacy decision or suitable guarantees are in place, it is possible, and there is a risk, that authorities in the respective third country (e.g. intelligence services) may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your data subject rights cannot be guaranteed. You will be informed if your consent is obtained via the cookie banner.
 

10. Storage duration

In general, we store personal data only for as long as they are necessary to fulfil the contractual or statutory obligations for which we have collected the data. Following this, we immediately delete the data unless we need them until the end of the statutory limitation period for purposes of proof for civil law claims or due to statutory retention obligations, or unless there is another legal basis in data protection law for the further processing of your data in an individual case.
For evidence purposes, we must retain contractual data for a further three years from the end of the year in which the business relationship with you ends. Any claims become statute-barred after the statutory period of limitation, at the earliest at this point in time.
Even after this term, we are sometimes required to save your data for accounting purposes. We are obliged to do so because of legal documentation obligations that may arise from the German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified in this legislation for the retention of documents range from two to ten years.
 

11. Your rights

Where the respective legal requirements are met, you have the data subject rights set out in Art. 7 Para. 3, Art. 15-21, Art. 77 GDPR at all times: 

•    Right to withdraw consent (Art. 7 Para. 3 GDPR).
•    Right to object to the processing of your personal data (Art. 21 GDPR);
•    Right to information about the processing of your personal data by us (Art. 15 GDPR);
•    Right to correction of personal data incorrectly stored by us (Art. 16 GDPR);
•    Right to erasure of your personal data (Art. 17 GDPR);
•    Right to limitation of processing of your personal data (Art. 18 GDPR);
•    Right to data portability of your personal data (Art. 20 GDPR);
•    Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

To assert your rights as described here, you can use the contact details above at any time. This also applies should you wish to obtain copies of guarantees to prove an adequate level of data protection. Provided that the respective legal requirements are met, we will comply with your data protection request.
Your requests for the assertion of data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, even longer for the assertion, exercise or defence of legal claims. The legal basis is Art. 6 Para. 1 Clause 1 lit. f GDPR, based on our interest in defending any civil rights claims pursuant to Art. 82 GDPR, avoiding fines pursuant to Art. 83 GDPR, and fulfilling our accountability obligations pursuant to Art. 5 Para. 2 GDPR.
Finally, you have the right to file a complaint with a data protection supervisory authority. You may exercise this right before a supervisory authority in the Member State in which you are staying, working or in the place of the alleged infringement. The responsible supervisory authority in Ahlen (Westphalia) is: State Commissioner for Data Protection in North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf.

 

12. Right of revocation and objection

Pursuant to Art. 7 Para. 2 GDPR, you have the right to revoke consent granted to us at any time. As a result, we shall not continue to process data based on this consent in the future. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent prior to revocation.
Where we process your data on the basis of legitimate interests, you are entitled to object to the processing of your data at any time for reasons arising from your particular situation. Where you object to the processing of data for the purposes of direct marketing, you have a general right of objection which we must implement without you providing us with reasons. 
If you would like to exercise your right of objection or withdrawal, informal notification to the contact details named above is sufficient. 
You can easily revoke your consent to cookies and similar technologies via ‘Data settings’ at the bottom of the page.

You can withdraw your consent to data processing by cookies and similar technologies at any time by deselecting the relevant tools or tool categories in the Usercentrics settings.

TO DATA PROTECTION SETTINGS

Where we process your data on the basis of legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR, you are entitled pursuant to Art. 21 GDPR to object to the processing of your data for reasons arising from your particular situation and that you consider to show that your interests worthy of protection take precendence. Where you object to the processing of data for the purposes of direct marketing, you have a general right of objection which we must implement without you providing us with reasons. Should you wish to exercise your right of revocation or objection, simply send an e-mail to info[at]kaldewei.de or an informal letter to the above address.

 

13. Data security

Within the website visit, we use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. As a rule, this is a 256-bit encryption. Should your browser not support 256-bit encryption, we revert to 128-bit v3 technology instead. You can determine whether a single page of our website is transmitted in encrypted form by the closed display of the key or padlock symbol in the lower status bar of your browser.
We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

 

14. Currency and amendment of this privacy policy

This privacy policy is currently valid and was issued in April 2023.
Due to the further development of our website and offers related to it or due to changes in statutory or official requirements, it may become necessary to change this privacy policy. You can view the current privacy policy and print it at any time at https://www.kaldewei.de/datenschutz.