Data protection policy

Data protection policy

The responsible controller in the sense of the data protection laws, in particular the EU data protection basic regulation (GDPR), is:

Friedrich Klumpp GmbH, Dornbirner Straße 23, D-70469 Stuttgart

We are very pleased about your interest in our company. Data protection is of particular importance to the management of Friedrich Klumpp GmbH.

The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always done in accordance with the General Data Protection Regulation and in accordance with our privacy policy. By means of this privacy policy we would like to inform the public about the nature, extent and purpose of the personal data collected, used and processed by us. Furthermore, data subjects are informed of their rights in this privacy policy.

1. Your rights as a data subject

You can always exercise the following rights using the contact details of our data protection officer:

  • Information about your stored data and its processing (Art. 15 GDPR),
  • Correction of incorrect personal data (Art. 16 GDPR),
  • Deletion of your stored data (Art. 17 GDPR),
  • Restriction of data processing, if we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
  • Objection to the processing of your data by us (Art. 21 GDPR) and
  • Data portability, provided that you have consented to the data processing or have concluded a contract with us (Art. 20 GDPR).

If you have given us your consent, you can revoke it at any time with effect for the future.

You can contact a regulatory authority at any time with a complaint, such as the competent supervisory authority of the federal state of your domicile or the authority responsible for us as the responsible controller.

A list of non-public-sector supervisory authorities can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html,

2. Use of the website

A. Collection of general information when visiting our website
1. Type and purpose of processing:

If you access our website, that is, if you do not register or otherwise provide information, information of a general nature is automatically collected.

This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider, your IP address and the like.

It is processed in particular for the following purposes:

  • Ensuring hassle-free connection of the website,
  • Ensuring smooth use of our website,
  • Evaluation of system security and stability as well
  • for further administrative purposes.

We do not use your data to draw conclusions about you as a person. Information of this kind may be statistically evaluated by us to optimize our website and the underlying technology.

2. Legal basis:

The processing is carried out in accordance with Art. 6 (1) (f) GDPR based on our legitimate interest in improving the stability and functionality of our website.

3. Recipient:

The recipient of the data may be technical service providers who act as commissioned processors for the operation and maintenance of our website.

4. Storage time:

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. This is generally the case when the session has ended for data that serves for provision of the website.

5. Provision required or necessary:

The provision of the aforementioned personal data is neither legally nor contractually required. Without the IP address, however, the service and functionality of our website is not guaranteed. Additionally, individual services may not be available or may be limited. It is therefore not possible to object to its collection.

B. Cookies
1. Type and purpose of processing:

Like many other websites, we also use so-called “cookies.” Cookies are small text files that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website.

The provide us with certain data such as IP address, browser used and operating system.

Cookies cannot be used to launch programs or to transfer viruses to a computer. Based on the information contained in cookies, we can facilitate navigation and enable the correct display of our websites.

In no case will the data collected by us be passed on to third parties nor will a link with personal data be established without your consent.

Of course, you can also view our website without cookies. Internet browsers are regularly set to accept cookies. In general, you can deactivate the use of cookies at any time through the settings of your browser. Please use the help functions of your internet browser to find out how to change these settings. Please note that some features of our website may not work if you have disabled the use of cookies.

2. Storage duration and used cookies:

If you allow us to use cookies through your browser settings or consent, the following cookies may be used on our websites:

> The respective cookies with storage duration still need to be added here <

Insofar as these cookies may (also) concern personal data, we will inform you about this in the following sections.

You can use your browser settings to delete individual cookies or all of the cookies. In addition, you will receive information and instructions on how to delete these cookies or block their storage in advance. Depending on the provider of your browser, you will find the necessary information under the following links:

 

C. Use of Google Analytics
1. Type and purpose of processing:

This website uses Google Analytics, a web analytics service of Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043 USA (hereafter: “Google”). Google Analytics uses so-called “cookies”, i.e. text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymisation on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data.

The purposes of the data processing are the evaluation of the use of the website and the compilation of reports on activities on the website. Based on the use of the website and the Internet, other related services will then be provided.

2. Legal basis:

The processing of the data is based on the consent of the user (Art. 6 (1) (a) GDPR).

3. Recipient:

The recipient of the data is Google as a commissioned processor. We have concluded a corresponding commissioned processing agreement with Google for this purpose.

4. Storage time:

The deletion of the data takes place as soon as it is no longer necessary for our recording purposes.

5. Third country transfer:

Google processes your data in the US and has submitted to the EU_US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.

6. Provision required or necessary:

The provision of your personal data is voluntary and based solely on your consent. If you prevent access, this may result in functional restrictions on the website.

7. Withdrawal of consent:

You can prevent the storage of cookies by a corresponding setting of your browser software; however, we point out that in this case you may not be able to use all functions of this website in full. In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: Browser add-on for disabling Google Analytics.

In addition or as an alternative to the browser add-on, you can prevent tracking by Google Analytics on our pages by clicking this link. An opt-out cookie will be installed on your device. This will prevent collection by Google Analytics for this website and for this browser in the future, as long as the cookie remains installed on your browser.

8. Profiling:

With the help of the tracking tool Google Analytics the behavior of the visitors of the website can be evaluated and the interests analyzed. We create a pseudonymous user profile for this purpose.

D. SSL encryption

To protect the security of your data during transmission, we use state-of-the-art encryption techniques (such as SSL) over HTTPS.

3. Data protection in applications and in the application process

1. Type and purpose of processing:

The controller collects and processes the personal data of applicants for the purpose of processing applications. The processing can also be done electronically. This is particularly the case if an applicant submits corresponding application documents to the controller by electronic means, for example by e-mail or via a web form available on the website. If the controller concludes a contract of employment with an applicant, the data transmitted will be stored for the purposes of the employment relationship in accordance with the law.

2. Legal basis:

For the fulfillment of contractual obligations (Art. 6 (1) (b) GDPR) in conjunction with Article 26 BDSG. The processing of data takes place in preparation for a contract of employment

3. Recipient:

Human resources staff for contact with you and for contractual cooperation (including the fulfillment of pre-contractual measures) as well as management involved in the decision-making process. Your data may be passed on to service providers who work for us as a commissioned processor, e.g. support or maintenance of EDP or IT applications and data destruction. All service providers are contractually bound and in particular obliged to treat your data confidentially.

A transfer of data to recipients outside of our company takes place only in compliance with the applicable data protection regulations.

4. Storage time:

If no contract of employment is concluded by the controller with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that deletion is not opposed by any other legitimate interests of the controller. Other legitimate interest in this sense, for example, include a burden of proof in a procedure under the General Equal Treatment Act (AGG).

5. Third country transfer:

Your data will only be processed within the European Union and within the European Economic Area (EEA).

6. Withdrawal of consent:

You have the right, for reasons of your own particular situation, to object at any time to the processing of personal data relating to you pursuant to Art. 6 (1) (f) GDPR (data processing based on a balance of interests); this also applies to a profiling based on this provision within the meaning of Art. 4 (4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.

7. Provision required or necessary:

As part of the application process, you must provide the personal data necessary for the commencement, performance and termination of the contractual relationship and for the performance of the associated contractual obligations, or data we are legally required to collect. Without this data we will generally not be able to adequately consider you in the decision-making process for staffing

4. Processing of customer and supplier data

1. Type and purpose of processing:

For the processing of customer orders and in the context of procurement processes, we process personal data of our customers and suppliers as well as the individual contact persons at our customers/suppliers. In doing so, we store the data in our ERP system and use it in all processes of service fulfillment and procurement. Furthermore, we use the data for active contact in the customer relationship and for the support of suppliers including an internal supplier evaluation.

2. Legal basis:

For the fulfillment of contractual obligations (Art. 6 (1) (b) GDPR)

The processing of data takes place to carry out our contract

Due to legal requirements (Art. 6 (1) (c) GDPR)

We are subject to various legal obligations that result in data processing. These include for example:

  • Tax laws and statutory accounting
  • The fulfillment of requests and requirements from regulatory or law enforcement agencies
  • The fulfillment of tax control and reporting obligations

In addition, the disclosure of personal data in the context of administrative/judicial action may be required for purposes of gathering evidence, prosecuting or enforcing civil claims.

In the context of a balance of interests (Art. 6 (1) f GDPR)

If necessary, we process your data for the protection of legitimate interests of us or third parties in addition to the actual fulfillment of the contract. Examples of such cases include:

  • Processing in the CRM system for the active addressing of customers
  • Evaluation of suppliers
  • Asserting legal claims and defense in legal disputes

3. Recipient:

Employees for contact with you and for contractual cooperation (including the fulfillment of pre-contractual measures). Your data may be passed on to service providers who work for us as a commissioned processor, e.g. support or maintenance of EDP or IT applications and data destruction. All service providers are contractually bound and in particular obliged to treat your data confidentially.

A transfer of data to recipients outside of our company takes place only in compliance with the applicable data protection regulations. Recipients of personal data may include:

  • Public authorities and institutions (e.g. financial or law enforcement authorities) in the presence of a legal or regulatory obligation
  • Credit and financial service providers (processing payment transactions)
  • Tax consultant or economic and employment tax auditor (statutory audit)

4. Storage time:

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. If the data is no longer required for the fulfillment of contractual or legal obligations, it is deleted on a regular basis.

Exceptions arise

  • Insofar as storage is required to meet statutory storage requirements, e.g. Commercial Code (HGB) and Tax Code (AO). The deadlines for storage and documentation specified there are usually six to ten years;
  • For the preservation of evidence in the context of the statutory statute of limitations. According to §§195 ff of the Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.
  • Possibly other reasons.

If the data processing takes place in the legitimate interest of us or a third party, the personal data will be deleted as soon as this interest no longer exists. The mentioned exceptions apply here.

5. Third country transfer:

Your data will only be processed within the European Union and within the European Economic Area (EEA).

6. Withdrawal of consent:

You have the right, for reasons of your own particular situation, to object at any time to the processing of personal data relating to you pursuant to Art. 6 (1) (f) GDPR (data processing based on a balance of interests); this also applies to a profiling based on this provision within the meaning of Art. 4 (4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.

7. Provision required or necessary:

As part of the contractual relationship, you must provide the personal data necessary for the commencement, performance and termination of the contractual relationship and for the performance of the associated contractual obligations, or data we are legally required to collect. Without this information we will generally not be able to conclude or execute the contract with you.

5. Change of our data protection policy

We reserve the right to change this data protection policy from time to time to ensure that it complies with current legal requirements or to implement changes to our services in the data protection policy, for example, when introducing new services. Your new visit will be subject to the new data protection policy.

6. Questions to the data protection officer

If you have questions about privacy, please email us or contact the person responsible for data protection in our organization:

Michael Weinmann
http://www.dsb-office.de
Sielminger Hauptstr. 52/1
70794 Filderstadt
Tel.: 0173-7632962
Enail: michael.weinmann[at]dsb-office.de
 

The privacy policy has been created with the privacy policy generator of activeMind AG created (Version 2018-09-24) and supplemented by Mr. Michael Weinmann.