[borlabs-cookie type=”btn-cookie-preference” title=”Cookie Auswahl ändern”/] [borlabs-cookie type=”btn-switch-consent” id=”ID of the Cookie”/]
Kunststofftechnik Bernt GmbH Dr.-Herbert-Kittel-Str. 10 87600 Kaufbeuren Germany Tel +49 (0) 8341 / 966 128 300 Fax +49 (0) 8341 / 966 128 360 Email info(at)ktbernt.de
Types of Data processed
– Basic data (e.g. personal master data, names or addresses). – Contact data (e.g. email, phone numbers). – Content data (e.g. text input, photos, videos). – Usage data (e.g. websites visited, interest in content, access times). – Meta/communication data (e.g. device information, IP addresses).
Categories of Data Subjects
Visitors and users of the online presence (hereafter we refer to the data subjects jointly as “users”).
Purpose of Processing
– Provision of the online presence, its functions and content – Responding to contact enquiries and communication with users – Security measures – Coverage measurement/marketing
“Personal data” is all information that refers to an identified or identifiable natural person (hereafter “data subject”); a natural person is deemed identifiable if they can be identified directly or indirectly, especially through the assignment of an identifier such as a name, an identifying number, location details, online identifier (e.g. cookie) or one of more specific features, which are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person. “Processing” is any procedure carried out with or without the help of an automated process or any such series of procedures connected to personal data. The term is far-reaching and covers practically every element of data handling. “Pseudonymisation” is the processing of personal data in such a way that the personal data can no longer be allocated to a specific data subject without the addition of further information, provided that this further information is specially stored and subject to technical and organisational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person. “Profiling” is any kind of automated processing of personal data which involves using these personal data to evaluate certain personal aspects that refer to a natural person, in particular to analyse or predict aspects regarding the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location of this natural person. “Controller” refers to the natural or legal person, authority, facility or other body that alone or together with others makes decisions on the purposes and means of processing the personal data. “Processor” is a natural or legal person, authority, facility or other body that processes the personal data on behalf of the responsible party.
Relevant Legal Bases
In line with the statutory requirements, taking into account the state of the art, the implementation costs and the nature, scope, conditions and purpose of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons, we take the appropriate technical and organisational measures to guarantee an appropriate level of protection from that risk. These measures include in particular safeguarding the confidentiality, integrity and availability of the data by controlling physical access to the data, and also the relevant access, input, dissemination, safeguarding of availability and its separation. Furthermore we have set up procedures that ensure protection of the rights of the data subjects, erasure of data and reaction to any risk to the data. Moreover we take into account the protection of personal data in the development or choice of hardware, software and any procedures, in line with the principle of data protection through technology and through data protection-friendly settings.
Cooperation with Processors, Joint Controllers and Third Parties
If we, as part of our processing of data, disclose, transmit or otherwise give access to the data to other people and companies (processors, joint controllers or third parties), this is only done on the basis of legal consent (e.g. when transmission of the data to a third party, such as a payment service provider, is required to fulfil the contract), the users have given their consent, a legal obligation compels it or it is on the basis of our legitimate interests (e.g. when using contractors, website hosts, etc.). If we disclose, transmit or otherwise give access to data to other companies within our corporation, this is done in particular for administrative purposes as a legitimate interest and furthermore on the corresponding basis of one of the statutory requirements.
Transmission to Third Countries
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or if this happens as part of the utilisation of third-party services, or data is disclosed or transmitted to other persons or companies, this is only done when it is necessary to fulfil our (pre)contractual obligations, on the basis of their consent, due to a legitimate obligation or on the basis of our legitimate interests. Without the explicit consent or contractually necessary transmission, we only process or allow the data to be processed in third countries with a recognised level of data protection, such as certified US processors under the “Privacy Shield”, or that work on the basis of special guarantees, such as contractual obligation through so-called standard protection clauses of the EU Commission, the presentation of certification or binding internal data protection regulations (Art. 44 to 49 GDPR, Information website of the EU Commission).
Rights of Data Subjects
Right of information: You have the right to request confirmation of whether relevant data are processed and to receive information about these data and additional information and copies of the data according to the statutory requirements. Right to rectification: You have the right, according to the statutory requirements, to demand the completion of the data that concerns you or the rectification of the incorrect data that concerns you. Right to erasure and restriction of processing: You have the right, according to the statutory requirements, to demand that data that concerns you is immediately erased or, according to the statutory requirements, to demand a restriction of the processing of the data. Right to data portability: You have the right to receive the data that concerns you and that you have provided to us, according to the statutory requirements, in a structured, common and machine-readable format, or to demand their transmission to another controller. Complaining to a supervisory authority: You also have the right, according to the statutory requirements, to lodge a complaint with the responsible supervisory authority.
Right of Withdrawal
You have the right to withdraw your consent with future effect.
Right of Objection
Right of objection: You have the right, for reasons arising out of your particular situation, to lodge an objection at any time against the processing of your personal data on the basis of Art. 6(1) lit. e or f GDPR; this also applies to profiling supported by these conditions. If your personal data are processed for the purposes of direct marketing, you have the right to object at any time to the processing of your personal data for the purposes of this kind of advertising; this also applies to profiling, where it is associated with such direct advertising.
Cookies and the Right of Objection to Direct Marketing
Erasure of Data
We process the data of our contract partners and interested parties and of other clients, customers or contract partners (uniformly referred to as “contract partners”) according to Art. 6(1) lit. b. GDPR in order to perform our contractual or pre-contractual services for you. The data processed for this, the nature, scope and purpose and the need for their processing is determined by the underlying contractual relationship. Data that are processed include the personal data of our contract partners (e.g. names and addresses), contact data (e.g. email addresses and telephone numbers), contract data (e.g. services requested, contract contents, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history). We do not process special categories of personal data except when these are part of commissioned or contractual processing. We process data that are required to justify and fulfil the contractual services and indicate the necessity for your information provided it is not evident for the contract partner. Disclosure to external persons or companies only happens when this is required as part of a contract. When processing the data submitted to us as part of an order, we act in accordance with the instructions issued by the client as well as the statutory requirements. As part of the use of our online services, we may store the IP address and time of the relevant user action. This storage happens on the basis of our legitimate interests and also the interests of users to protect them from misuse and other unauthorised use. These data are not transmitted to any third party unless they are required to pursue our claims according to Art. 6(1) lit. f. GDPR or there is a statutory obligation according to Art. 6(1) lit. c. GDPR. The data are erased when they are no longer required to fulfil a contractual or legal duty of care or for handling any guarantee or similar obligations, with the necessity of retaining the data checked every three years; the legal retention obligations also apply.
Administration, Accounting, Office Organisation, Contact Management
We process data as part of our administrative duties and for the organisation of our company, accounting and compliance with legal obligations such as archiving. For this we process the same data that we process as part of providing our contractual services. The processing is based on Art. 6(1) lit. c. GDPR, Art. 6 (1) lit. f. GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose of and our interest in the processing lies in administration, accounting, office organisation and data archiving, all of which serve to maintain our business activities, fulfil our responsibilities and perform our services. The erasure of data with regards to contractual services and the contractual communication corresponds to the information named for these processing activities. We disclose or transfer data to the tax authorities, advisers such as tax advisers or auditors as well as other fee offices and payment service providers. Furthermore we store information on suppliers, organisers and other business partners on the basis of our commercial interests, e.g. for the purpose of future contact. This predominantly company-related data is in principle stored permanently.
Commercial Analysis and Market Research
In order to operate our business on a commercial basis and to identify market trends and the wishes of our contract partners and users, we analyse the data we have on business transactions, contracts, enquiries, etc. We process inventory data, communication data, contractual data, payment data, usage data, metadata based on Art. 6(1) lit. f. GDPR, whereby the data subjects include contract partners, interested parties, customers, visitors and users of our online presence. The analyses are done for the purpose of commercial evaluations, marketing and market research. We can take the profiles of registered users into account with information, e.g. services they have asked us to perform. These analyses enable us to increase user friendliness, optimise our offer and improve our commercial efficiency. The analyses are for our internal use only and are not disclosed externally, unless it is in the form of anonymous analyses with aggregated values. If these analyses or profiles are personal, they are erased or anonymised with the termination of the user, or failing this two years after the end of the contract. Furthermore, all commercial analyses and general trend determinations are created anonymously where possible.
When making contact with us (e.g. via contact form, email, phone or social media) the information of the user is processed for the handling of the contact enquiry and the subsequent handling of the enquiry according to Art. 6(1) lit. b. (as part of a contractual/pre-contractual relationship), Art. 6(1) lit. f. (other enquiries) GDPR. The user’s information may be stored in a Customer Relationship Management system (“CRM system”) or similar enquiry organisation. We erase enquiries when they are no longer required. We check the necessity every two years; the statutory archiving obligations also apply.
Hosting and Email Traffic
The hosting services that we use enable us to provide the following services: infrastructure and platform services, calculating capacity, storage space and database services, email traffic, security services and technical maintenance services, which we employ for the purposes of operating this online presence. Here we or our hosting provider process personal data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to the online presence on the basis of our legitimate interests to enable us to provide this online presence in a way that is efficient and secure according to Art. 6(1) lit. f GDPR in conjunction with Art. 28 GDPR (termination of order processing contract).
Collection of Access Data and Log Files
We or our hosting provider collect data on the basis of our legitimate interests in the sense of Art. 6(1) lit. f. GDPR for any access to the server where this service is located (so-called server log files). The access data include names of the website visited, file, date and time of the access, transmitted data volume, report on successful access, browser type with version, operating system of the user, referrer URL (previously visited page), IP address and requesting provider. Log file information is stored for a maximum of 7 days for security reasons (e.g. to clarify misuse or fraudulent transactions) and then erased. Data that are required to be retained for proof are exempt from this deletion until final clarification of the case in question.
Online Social Media Presence
We have an online presence on social networks and platforms in order to communicate there with active customers, interested parties and users and to be able to inform them about our services. We make it clear that in this case the user data may be processed outside the area of the European Union. This may pose risks for the user, because it may, for example, make it harder for the user to assert their rights. With regards to US providers who are certified under the Privacy Shield, we make it clear that they are obliged as a result to comply with EU data protection standards. Furthermore, the data of the user are generally processed for market research and advertising purposes. As a result, a user profile could be created, for example from the user behaviour and the interests derived from this. The user profile could then be used, for example to display advertisements which to a large degree correspond to the interests of the user inside and outside the platform. To these ends, cookies containing the user behaviour and the interests of the user are generally stored on users’ computers. The user profiles may also store data independent of the devices used by the user (especially if the user is a member of the relevant platforms and is logged in to them). The processing of the personal data of the user is done on the basis of our legitimate interests in providing effective information to the user and having effective communication with the user according to Art. 6(1) lit. f. GDPR. If the user is asked for consent by the relevant providers of the platform for the aforementioned data processing, the legal basis of the processing is Art. 6(1) lit. a., Art. 7 GDPR. For a detailed representation of the relevant processing and the options for objection (Opt-Out), please refer to the following linked information of the providers. In the event of requests for information and the assertion of user rights, we refer to the fact that this can be done most effectively with the service providers. Only the service providers have access to the user data and can directly take the corresponding measures and provide information. If you still require help, you are also welcome to contact us. – Facebook, pages, groups, (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the basis of an agreement on joint processing of personal data – Data protection declaration: https://www.facebook.com/about/privacy/, specially for pages: https://www.facebook.com/legal/terms/information_about_page_insights_data , Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active. – Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) – Data protection declaration: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. – Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Data protection declaration/Opt-Out: http://instagram.com/about/legal/privacy/. – Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Data protection declaration: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active. – Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – Data protection declaration/Opt-Out: https://about.pinterest.com/de/privacy-policy. – LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) – Data protection declaration https://www.linkedin.com/legal/privacy-policy , Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active. – Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) -Data protection declaration/Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung. – Wakalet (Wakelet Limited, 76 Quay Street, Manchester, M3 4PR, United Kingdom) – Data protection declaration/Opt-Out: https://wakelet.com/privacy.html. – Soundcloud (SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany) – Data protection declaration/Opt-Out: https://soundcloud.com/pages/privacy.
Integration of Services and Contents from Third Parties
Within our online presence and on the basis of our legitimate interests (i.e. interests in the analysis, optimisation and commercial operation of our online presence in the sense of Art. 6(1) lit. f. GDPR) we use the content or service offers of third party providers in order to integrate their content and services, such as videos or fonts (hereafter uniformly described as “content”). This always presumes that the third-party provider of this content is aware of the IP address of the user as without the IP address they cannot send the content to their browser. The IP address is therefore required for the presentation of this content. We try only to use such content where the relevant provider only uses the IP address to supply the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The pixel tags can be used to evaluate information such as visitor traffic on the pages of the website. The pseudonymous information can also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and the operating system, referring websites, visit time and other information on the use of our online presence, and may also be associated with such information from other sources.