Dr.-Herbert-Kittel-Straße 10, 87600 Kaufbeuren, Germany
+49 (0) 8341 / 966 128 300


[borlabs-cookie type=”btn-cookie-preference” title=”Cookie Auswahl ändern”/] [borlabs-cookie type=”btn-switch-consent” id=”ID of the Cookie”/]    

Privacy Policy

This Privacy Policy explains the type, scope and purpose of the processing of personal data as part of our provision of service and within our online presence and the associated websites, functions and content as well as external online presences, such as our social media profile (hereafter referred to jointly as our “online presence”). With regards to the terms used, such as “processing” or “Controller”, we refer to the definitions found in Art. 4 of the General Data Protection Regulation (GDPR).


Kunststofftechnik Bernt GmbH Dr.-Herbert-Kittel-Str. 10 87600 Kaufbeuren Germany Tel +49 (0) 8341 / 966 128 300 Fax +49 (0) 8341 / 966 128 360 Email info(at)ktbernt.de

Types of Data processed

– Basic data (e.g. personal master data, names or addresses). – Contact data (e.g. email, phone numbers). – Content data (e.g. text input, photos, videos). – Usage data (e.g. websites visited, interest in content, access times). – Meta/communication data (e.g. device information, IP addresses).

Categories of Data Subjects

Visitors and users of the online presence (hereafter we refer to the data subjects jointly as “users”).

Purpose of Processing

– Provision of the online presence, its functions and content – Responding to contact enquiries and communication with users – Security measures – Coverage measurement/marketing

Terms Used

“Personal data” is all information that refers to an identified or identifiable natural person (hereafter “data subject”); a natural person is deemed identifiable if they can be identified directly or indirectly, especially through the assignment of an identifier such as a name, an identifying number, location details, online identifier (e.g. cookie) or one of more specific features, which are an expression of the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person. “Processing” is any procedure carried out with or without the help of an automated process or any such series of procedures connected to personal data. The term is far-reaching and covers practically every element of data handling. “Pseudonymisation” is the processing of personal data in such a way that the personal data can no longer be allocated to a specific data subject without the addition of further information, provided that this further information is specially stored and subject to technical and organisational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person. “Profiling” is any kind of automated processing of personal data which involves using these personal data to evaluate certain personal aspects that refer to a natural person, in particular to analyse or predict aspects regarding the work performance, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location of this natural person. “Controller” refers to the natural or legal person, authority, facility or other body that alone or together with others makes decisions on the purposes and means of processing the personal data. “Processor” is a natural or legal person, authority, facility or other body that processes the personal data on behalf of the responsible party.

Relevant Legal Bases

In accordance with Art. 13 GDPR we advise you of the relevant legal bases of our data processing. For users outside the jurisdiction of the General Data Protection Regulation (GDPR), i.e. the EU and the EEA, wherever the legal basis is not named in the Privacy Policy, the following applies: the legal basis for obtaining consent is Art. 6(1) lit. a and Art. 7 GDPR; the legal basis for the processing required to provide our services and carry out contractual measures and respond to enquiries is Art. 6 (1) lit. b GDPR; the legal basis for the processing required to satisfy our legal obligations is Art. 6(1) lit. c GDPR; in the event that vital interests of the data subject or another natural person make the processing of their personal data necessary, the legal basis is Art. 6(1) lit. d GDPR. The legal basis for the processing required to perform a task that lies in the public interest or in the exercise of official authority transferred to the Controller is Art. 6(1) lit. e GDPR. The legal basis for the processing required to maintain our legitimate interests is Art. 6(1) lit. f GDPR. The processing of data for other purposes than those they were collected for is determined by the regulations of Art 6(4) GDPR. The processing of special categories of data (corresponding to Art. 9(1) GDPR) is determined by the regulations of Art. 9(2) GDPR.

Security Measures

In line with the statutory requirements, taking into account the state of the art, the implementation costs and the nature, scope, conditions and purpose of the processing as well as the different likelihood and severity of the risk to the rights and freedoms of natural persons, we take the appropriate technical and organisational measures to guarantee an appropriate level of protection from that risk. These measures include in particular safeguarding the confidentiality, integrity and availability of the data by controlling physical access to the data, and also the relevant access, input, dissemination, safeguarding of availability and its separation. Furthermore we have set up procedures that ensure protection of the rights of the data subjects, erasure of data and reaction to any risk to the data. Moreover we take into account the protection of personal data in the development or choice of hardware, software and any procedures, in line with the principle of data protection through technology and through data protection-friendly settings.

Cooperation with Processors, Joint Controllers and Third Parties

If we, as part of our processing of data, disclose, transmit or otherwise give access to the data to other people and companies (processors, joint controllers or third parties), this is only done on the basis of legal consent (e.g. when transmission of the data to a third party, such as a payment service provider, is required to fulfil the contract), the users have given their consent, a legal obligation compels it or it is on the basis of our legitimate interests (e.g. when using contractors, website hosts, etc.). If we disclose, transmit or otherwise give access to data to other companies within our corporation, this is done in particular for administrative purposes as a legitimate interest and furthermore on the corresponding basis of one of the statutory requirements.

Transmission to Third Countries

If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA) or the Swiss Confederation) or if this happens as part of the utilisation of third-party services, or data is disclosed or transmitted to other persons or companies, this is only done when it is necessary to fulfil our (pre)contractual obligations, on the basis of their consent, due to a legitimate obligation or on the basis of our legitimate interests. Without the explicit consent or contractually necessary transmission, we only process or allow the data to be processed in third countries with a recognised level of data protection, such as certified US processors under the “Privacy Shield”, or that work on the basis of special guarantees, such as contractual obligation through so-called standard protection clauses of the EU Commission, the presentation of certification or binding internal data protection regulations (Art. 44 to 49 GDPR, Information website of the EU Commission).

Rights of Data Subjects

Right of information: You have the right to request confirmation of whether relevant data are processed and to receive information about these data and additional information and copies of the data according to the statutory requirements. Right to rectification: You have the right, according to the statutory requirements, to demand the completion of the data that concerns you or the rectification of the incorrect data that concerns you. Right to erasure and restriction of processing: You have the right, according to the statutory requirements, to demand that data that concerns you is immediately erased or, according to the statutory requirements, to demand a restriction of the processing of the data. Right to data portability: You have the right to receive the data that concerns you and that you have provided to us, according to the statutory requirements, in a structured, common and machine-readable format, or to demand their transmission to another controller. Complaining to a supervisory authority: You also have the right, according to the statutory requirements, to lodge a complaint with the responsible supervisory authority.

Right of Withdrawal

You have the right to withdraw your consent with future effect.

Right of Objection

Right of objection: You have the right, for reasons arising out of your particular situation, to lodge an objection at any time against the processing of your personal data on the basis of Art. 6(1) lit. e or f GDPR; this also applies to profiling supported by these conditions. If your personal data are processed for the purposes of direct marketing, you have the right to object at any time to the processing of your personal data for the purposes of this kind of advertising; this also applies to profiling, where it is associated with such direct advertising.

Cookies and the Right of Objection to Direct Marketing

“Cookies” are small data files that are stored on users’ computers. Different information can be stored inside the cookies. A cookie is primarily there to store information about a user (or the device on which the cookie is stored) during or after their visit to an online presence. Temporary cookies, also known as session cookies or transient cookies, are those cookies that are deleted once a user has left the online presence and closed their browser. These cookies store information such as the contents of a shopping basket in an online shop or a login status. Permanent or persistent cookies are those cookies that are stored even after the browser has been closed. In this way, for example, the login status can be stored if the user wants to look it up again some days later. Equally, the interests of the user can be stored in this kind of cookie, which is then used to measure reach or for marketing purposes. Third-party cookies are those cookies that are operated by providers other than the Controller, which operate the online presence (in other cases where the cookies are only from the Controller, they are known as first-party cookies). We can insert temporary and permanent cookies and clarify this in our Privacy Policy. Provided we ask the user for their consent to the use of cookies (e.g. as part of a cookie consent), the legal basis for this processing is Art. 6 (1) lit. a. GDPR. Otherwise, the personal cookies of the user will be processed in line with the following declarations as part of this Privacy Policy based on our legitimate interests (i.e. interest in the analysis, optimisation and commercial operation of our online presence in the sense of Art. 6(1) lit. f. GDPR) or if the use of cookies is necessary for the provision of our contractual services, according to Art. 6(1) lit. b. GDPR, or if the use of cookies is necessary for the performance of a task that lies in the public interest or in the exercise of official authority, according to Art. 6(1) lit. e. GDPR. If the user does not want cookies to be stored on their computer, they are asked to deactivate the relevant option in the system settings of their browser. Stored cookies can be erased in the system settings of the browser. The exclusion of cookies can lead to a restriction in the functions of this online presence. A general objection to the use of cookies placed for purposes of online marketing can be clarified for a multitude of services, especially in the case of tracking, via the American website http://www.aboutads.info/choices/ or the European website http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by switching them off in browser settings. Please note that in this case not all functions of the online presence may be able to be used.

Erasure of Data

The data processed by us is erased or restricted in its use according to the statutory requirements. If it is not explicitly indicated in this Privacy Policy, the data stored with us will be erased as soon as they are no longer required for their intended purpose and the erasure does not violate any legal retention obligations. If the data are not erased because they are required for other and legally permissible purposes, their processing will be restricted. I.e. the data will be blocked and not processed for other purposes. This applies e.g. to data that have to be retained for commercial or tax reasons.

Changes and Updates to the Privacy Policy

We ask you to keep yourself regularly informed of the contents of our Privacy Policy. We modify the Privacy Policy as soon as any changes to our data processing make this necessary. We keep you informed as soon as the changes require any participation on your part (e.g. consent) or any other individual notification is required.

Contractual Services

We process the data of our contract partners and interested parties and of other clients, customers or contract partners (uniformly referred to as “contract partners”) according to Art. 6(1) lit. b. GDPR in order to perform our contractual or pre-contractual services for you. The data processed for this, the nature, scope and purpose and the need for their processing is determined by the underlying contractual relationship. Data that are processed include the personal data of our contract partners (e.g. names and addresses), contact data (e.g. email addresses and telephone numbers), contract data (e.g. services requested, contract contents, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history). We do not process special categories of personal data except when these are part of commissioned or contractual processing. We process data that are required to justify and fulfil the contractual services and indicate the necessity for your information provided it is not evident for the contract partner. Disclosure to external persons or companies only happens when this is required as part of a contract. When processing the data submitted to us as part of an order, we act in accordance with the instructions issued by the client as well as the statutory requirements. As part of the use of our online services, we may store the IP address and time of the relevant user action. This storage happens on the basis of our legitimate interests and also the interests of users to protect them from misuse and other unauthorised use. These data are not transmitted to any third party unless they are required to pursue our claims according to Art. 6(1) lit. f. GDPR or there is a statutory obligation according to Art. 6(1) lit. c. GDPR. The data are erased when they are no longer required to fulfil a contractual or legal duty of care or for handling any guarantee or similar obligations, with the necessity of retaining the data checked every three years; the legal retention obligations also apply.

Administration, Accounting, Office Organisation, Contact Management

We process data as part of our administrative duties and for the organisation of our company, accounting and compliance with legal obligations such as archiving. For this we process the same data that we process as part of providing our contractual services. The processing is based on Art. 6(1) lit. c. GDPR, Art. 6 (1) lit. f. GDPR. Customers, interested parties, business partners and website visitors are affected by the processing. The purpose of and our interest in the processing lies in administration, accounting, office organisation and data archiving, all of which serve to maintain our business activities, fulfil our responsibilities and perform our services. The erasure of data with regards to contractual services and the contractual communication corresponds to the information named for these processing activities. We disclose or transfer data to the tax authorities, advisers such as tax advisers or auditors as well as other fee offices and payment service providers. Furthermore we store information on suppliers, organisers and other business partners on the basis of our commercial interests, e.g. for the purpose of future contact. This predominantly company-related data is in principle stored permanently.

Commercial Analysis and Market Research

In order to operate our business on a commercial basis and to identify market trends and the wishes of our contract partners and users, we analyse the data we have on business transactions, contracts, enquiries, etc. We process inventory data, communication data, contractual data, payment data, usage data, metadata based on Art. 6(1) lit. f. GDPR, whereby the data subjects include contract partners, interested parties, customers, visitors and users of our online presence. The analyses are done for the purpose of commercial evaluations, marketing and market research. We can take the profiles of registered users into account with information, e.g. services they have asked us to perform. These analyses enable us to increase user friendliness, optimise our offer and improve our commercial efficiency. The analyses are for our internal use only and are not disclosed externally, unless it is in the form of anonymous analyses with aggregated values. If these analyses or profiles are personal, they are erased or anonymised with the termination of the user, or failing this two years after the end of the contract. Furthermore, all commercial analyses and general trend determinations are created anonymously where possible.


When making contact with us (e.g. via contact form, email, phone or social media) the information of the user is processed for the handling of the contact enquiry and the subsequent handling of the enquiry according to Art. 6(1) lit. b. (as part of a contractual/pre-contractual relationship), Art. 6(1) lit. f. (other enquiries) GDPR. The user’s information may be stored in a Customer Relationship Management system (“CRM system”) or similar enquiry organisation. We erase enquiries when they are no longer required. We check the necessity every two years; the statutory archiving obligations also apply.

Hosting and Email Traffic

The hosting services that we use enable us to provide the following services: infrastructure and platform services, calculating capacity, storage space and database services, email traffic, security services and technical maintenance services, which we employ for the purposes of operating this online presence. Here we or our hosting provider process personal data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to the online presence on the basis of our legitimate interests to enable us to provide this online presence in a way that is efficient and secure according to Art. 6(1) lit. f GDPR in conjunction with Art. 28 GDPR (termination of order processing contract).

Collection of Access Data and Log Files

We or our hosting provider collect data on the basis of our legitimate interests in the sense of Art. 6(1) lit. f. GDPR for any access to the server where this service is located (so-called server log files). The access data include names of the website visited, file, date and time of the access, transmitted data volume, report on successful access, browser type with version, operating system of the user, referrer URL (previously visited page), IP address and requesting provider. Log file information is stored for a maximum of 7 days for security reasons (e.g. to clarify misuse or fraudulent transactions) and then erased. Data that are required to be retained for proof are exempt from this deletion until final clarification of the case in question.

Online Social Media Presence

We have an online presence on social networks and platforms in order to communicate there with active customers, interested parties and users and to be able to inform them about our services. We make it clear that in this case the user data may be processed outside the area of the European Union. This may pose risks for the user, because it may, for example, make it harder for the user to assert their rights. With regards to US providers who are certified under the Privacy Shield, we make it clear that they are obliged as a result to comply with EU data protection standards. Furthermore, the data of the user are generally processed for market research and advertising purposes. As a result, a user profile could be created, for example from the user behaviour and the interests derived from this. The user profile could then be used, for example to display advertisements which to a large degree correspond to the interests of the user inside and outside the platform. To these ends, cookies containing the user behaviour and the interests of the user are generally stored on users’ computers. The user profiles may also store data independent of the devices used by the user (especially if the user is a member of the relevant platforms and is logged in to them). The processing of the personal data of the user is done on the basis of our legitimate interests in providing effective information to the user and having effective communication with the user according to Art. 6(1) lit. f. GDPR. If the user is asked for consent by the relevant providers of the platform for the aforementioned data processing, the legal basis of the processing is Art. 6(1) lit. a., Art. 7 GDPR. For a detailed representation of the relevant processing and the options for objection (Opt-Out), please refer to the following linked information of the providers. In the event of requests for information and the assertion of user rights, we refer to the fact that this can be done most effectively with the service providers. Only the service providers have access to the user data and can directly take the corresponding measures and provide information. If you still require help, you are also welcome to contact us. – Facebook, pages, groups, (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the basis of an agreement on joint processing of personal data – Data protection declaration: https://www.facebook.com/about/privacy/, specially for pages: https://www.facebook.com/legal/terms/information_about_page_insights_data , Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active. – Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) – Data protection declaration:  https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. – Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Data protection declaration/Opt-Out: http://instagram.com/about/legal/privacy/. – Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Data protection declaration: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active. – Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) – Data protection declaration/Opt-Out: https://about.pinterest.com/de/privacy-policy. – LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) – Data protection declaration https://www.linkedin.com/legal/privacy-policy , Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active. – Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) -Data protection declaration/Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung. – Wakalet (Wakelet Limited, 76 Quay Street, Manchester, M3 4PR, United Kingdom) – Data protection declaration/Opt-Out: https://wakelet.com/privacy.html. – Soundcloud (SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany) – Data protection declaration/Opt-Out: https://soundcloud.com/pages/privacy.

Integration of Services and Contents from Third Parties

Within our online presence and on the basis of our legitimate interests (i.e. interests in the analysis, optimisation and commercial operation of our online presence in the sense of Art. 6(1) lit. f. GDPR) we use the content or service offers of third party providers in order to integrate their content and services, such as videos or fonts (hereafter uniformly described as “content”). This always presumes that the third-party provider of this content is aware of the IP address of the user as without the IP address they cannot send the content to their browser. The IP address is therefore required for the presentation of this content. We try only to use such content where the relevant provider only uses the IP address to supply the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The pixel tags can be used to evaluate information such as visitor traffic on the pages of the website. The pseudonymous information can also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and the operating system, referring websites, visit time and other information on the use of our online presence, and may also be associated with such information from other sources.

Google Fonts

We integrate the fonts provided by the service provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. According to information from Google, the user data is only used for purposes of displaying the fonts in the user’s browser. The integration is done on the basis of our legitimate interests in a technically secure, maintenance-free and efficient use of fonts, their uniform display and a consideration of possible licensing terms for their integration. Privacy Policy: https://www.google.com/policies/privacy/.

Google ReCaptcha

We integrate the function for identifying robots, e.g. when entering data in online forms (“ReCaptcha”) from the service provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated.

Google Maps

We integrate the maps of the service “Google Maps” from the service provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The processed data may include in particular IP addresses and location data of the user, which may not be collected without the user’s consent (generally given through the settings of their mobile device). The data may be processed in the USA. Privacy Policy: https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated. Created with Datenschutz-Generator.de by RA Dr. Thomas Schwenke