Part 1: Information on data protection regarding our processing under Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)
We take data protection very seriously and inform you herein how we process your data and what claims and rights you are entitled to under data protection regulations. Applicable from 25 May 2018.
1. Office responsible for data processing and contact data
responsible office in the meaning of data-protection law KLINGER Kempchen GmbH Im Waldteich 21 46147 Oberhausen T +49 208-8482-0 info@klinger-kempchen.de | Contact data of our data-protection officer: HEC Harald Eul Consulting GmbH Data-protection officer KLINGER Kempchen GmbH Auf der Höhe 34 D-50321 Brühl datenschutz-kempchen@he-c.de |
2. Purposes and legal foundations upon which we process your data
We process personal data in accordance with the stipulations of the General Data-Protection Regulation (GDPR), the German Federal Data-Protection Act (Bundesdatenschutzgesetz – BDSG) and other applicable data-protection provisions (details are provided in the following). The details of which data are processed and how they are used depends largely on the services requested or agreed in each case. Further details or additions for the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent and/or other information provided to you (e. g. in the context of the use of our website or our terms and conditions). In addition, this data protection information may be updated from time to time, as you may find out from our website www.klinger-kempchen.de
2.1 Purposes pursuant to fulfilment of an agreement or pre-contractual measures (Art. 6, section 1 b of the GDPR)
The processing of personal data is carried out in order to carry out our contracts with you and the execution of your orders as well as to carry out measures and activities within the framework of pre-contractual relations, e. g. with interested parties. In particular, the processing thus serves to provide services according to your orders and wishes and include the necessary services, measures and activities. This essentially includes contract-related communication with you, the corresponding billing and associated payment transactions, Credit checks, the verifiability of transactions, orders and other agreements as well as quality control by means of appropriate documentation, goodwill procedures, measures to control and optimize business processes as well as the fulfilment of general duties of care, control and supervision by affiliated companies (e. g. Parent company); statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, accounting and tax assessment of operational services, risk management, assertion of legal claims and defence in the event of legal disputes; ensuring IT security ((inter alia system and plausibility tests) and general security, including building and plant security, securing and exercising domestic authority (e. g. by means of access controls); guaranteeing the integrity, authenticity and availability of data, preventing and investigating criminal offences; control by supervisory bodies or supervisory authorities (e. g. auditing).
2.2 Purposes within the framework of a legitimate interest on our part or of third parties (Art. 6, section 1 f of the GDPR)
Above and beyond the actual fulfilment of the (pre-) agreement, we process your data whenever this is necessary to protect legitimate interests of our own or of third parties, in particular for the following purposes:
- advertising or market and opinion research, as far as you have not objected to the use of your data;
- obtaining information and exchanging data with credit agencies where this goes beyond our economic risk;
- the examination and optimization of processes for needs analysis;
- the further development of services and products as well as existing systems and processes;
- the disclosure of personal data within the framework of due diligence in the course of company sale negotiations;
- for comparison with European and international anti-terrorist lists, insofar as this goes beyond the legal obligations;
- the enrichment of our data, e. g. by using or researching publicly accessible data;
- statistical evaluations or market analysis;
- of benchmarking;
- the assertion of legal claims and defence in legal disputes which are not directly attributable to the contractual relationship;
- the restricted processing of data, if a deletion is not possible or only possible with disproportionately high effort due to the special type of storage;
- the development of scoring systems or automated decision-making processes;
- the prevention and investigation of criminal offences, if not exclusively for the fulfilment of legal requirements;
- the anonymization of personal data;
- building and plant security (e. g. by means of access control and video surveillance), insofar as this goes beyond the general duties of care;
- internal and external investigations, safety reviews;
- internal fraud prevention in connection with the performance of a contract as well as pre-contractual measures, insofar as not exclusively for the fulfillment of legal requirements
- any monitoring or recording of telephone conversations for quality control and training purposes;
- Preservation and maintenance of certifications of a private-law or official government nature;
- the seizure and exercise of domestic authority by means of appropriate measures as well as video surveillance for the protection of our customers and employees as well as for securing evidence in the event of criminal offences and their prevention.
2.3 Purposes within the framework of your consent (Art. 6, section 1 a of the GDPR)
Your personal data can also be processed for certain purposes (e.g. use of company communication systems for private purposes; photographs/videos of you for publication in the Intranet/Internet) including as a result of your consent. As a rule, you can revoke this consent at any time. This also applies to the revoking of declarations of consent that were issued to us before the GDPR went into effect, i.e. prior to 25 May 2018. You shall be separately informed about the consequences of revocation or refusal to provide consent in the respective text of the consent.
Generally speaking, revocation of consent only applies to the future. Processing that takes place prior to consent being issued is not affected by such and remains lawful
2.3 Purposes relating to adherence to statutory requirements (Art. 6, section 1 c of the GDPR) or in the public interest (Art. 6, section 1 e of the GDPR)
Just like any actor which takes part in business life, we are also subject to a large number of legal obligations. These are primarily statutory requirements (e.g. commercial and tax laws), but also if applicable supervisory law or other requirements set out by government authorities. The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g. comparisons with European and international anti-terror lists), compliance with control and notification obligations under tax law as well as the archiving of data for the purposes of data protection and data security as well as for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the framework of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution or the satisfaction of civil law claims.
2.4 The categories of data that we process as long as we do not receive data directly from you, and its origin
If necessary for the contractual relationship with you and the activities performed by you, we may process data which we lawfully receive from other offices or other third parties (e.g. quality assessment or complaints by customers/suppliers/consumers). In addition, we process personal data that we have lawfully collected, received or acquired from publicly accessible sources (such as, for example, commercial registers and association registers, civil registers, the press, Internet and other media) if such is necessary and we are allowed to process this data in accordance with statutory provisions.
Relevant personal data categories may in particular be:
- personal data (name, date of birth, place of birth, nationality, marital status, occupation/trade and comparable data)
- contact data (address, e-mail address, telephone number and similar data)
- Address data (population register data and comparable data)
- payment confirmation/confirmation of cover for bank and credit cards
- information about your financial situation (creditworthiness data including scoring, i. e. data for assessing the economic risk)
- customer history
- data about your use of the telemedia offered by us (e. g. time of access to our websites, apps or newsletter, clicked pages/links of us or entries and comparable data)
- Video data
4. Recipients or categories of recipients of your data
At our company, your data is received by those internal offices or organisational units that need such to fulfil our contractual and statutory obligations or that require such data within the framework of processing and implementing our legitimate interests.
Your data is disclosed/passed on to external offices and persons solely
- in connection with the execution of the contract;
- for purposes where we are obligated or entitled to give information, notification or forward data (e.g. employer’s liability insurance association, health insurance schemes, fiscal authorities) in order to meet statutory requirements or where the forwarding of data is in the public interest (see number 2.4);
- to the extent that external service-provider companies commissioned by us process data as contract processors or parties that assume certain functions (e.g. external data centres, support and maintenance of IT applications, archiving, document processing, call centre services, compliance services, controlling, data screening for anti-money laundering purposes, data validation and data protection. plausibility check, data destruction, purchasing/procurement, customer administration, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutions, printing plants or companies for data disposal, courier services, logistics);
- as a result of our legitimate interest or the legitimate interest of the third party within the framework of the purposes cited under number 2.2 (e.g. to government authorities, credit agencies, collection agencies, attorneys, courts of law, appraisers, companies belonging to company groups and bodies and control instances) ;
- if you have given us consent to transmit data to third parties.
We shall moreover refrain from transmitting your data to third parties if we have not informed you of such separately. If we commission service providers within the framework of processing an order, your data will be subject there to the security standards stipulated by us in order to adequately protect your data. In all other cases, recipients may only use the data for purposes for which the data has been sent to them.
5. Length of time your data is stored
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the execution of a contract.
Above and beyond this, we are subject to various retention and documentation obligations that emanate inter alia from the German Commercial Code (HGB) and the German Tax Code (AO). The periods and deadlines for retention and/or documentation stipulated therein are up to ten years beyond the end of the contractual relationship or the pre-contractual legal relationship.
Furthermore, special statutory provisions may require longer retention such as for example the preservation of evidence in connection with statutory time-barring provisions (statute of limitations). Under §§ 195 ff. of the German Civil Code (BGB), the regular time-barred period is three years, but time-barred periods of up to 30 years may also be applicable.
If the data is no longer required to meet contractual or statutory obligations and rights, it is regularly deleted unless its further processing – for a limited period – is necessary to fulfil the purposes listed under number 2.2 due to an overriding legitimate interest. Such an overriding legitimate interest is deemed to be the case, for example, if it is not possible to delete the data as a result of the special type of storage or such is only possible at an unreasonably great expense and processing for other purposes is excluded by appropriate technical and organisational measures.
6. Processing of your data in a third country or through an international organisation
Data is transmitted to offices in countries outside the European Economic Area EU/EEA (so-called third states) whenever such is necessary to meet a contractual obligation towards you (e.g. if you are despatched to another country), such is required by law (e.g. notification obligations under tax law), such is in the legitimate interest of us or a third party or you have issued us your consent to such.
At the same time, your data may be processed in a third country including in connection with the involvement of service providers within the framework of the processing of the order. If no decision has been issued by the EU Commission regarding the ensurance of an adequate level of data protection for the respective country or for one or more specific sectors within a third country, appropriate contracts (such as EU standard contracts) and additional measures may be used as a basis for the transfer. Information on the appropriate or adequate safeguards and on the possibility of obtaining a copy from you can be requested from the company data protection officer.
7. Your data-protection rights
If certain conditions are met, you can assert your data-protection rights against us
- Thus, you have the right to receive information from us on the data stored on you in accordance with the rules of Art. 15 of the GDPR (if applicable with restrictions in accordance with § 34 of the German Federal Data-Protection Act (BDSG))
- If you so request, we shall correct data stored on you in accordance with Art. 16 of the GDPR if such data is incorrect or flawed.
- If you so desire, we shall delete your data in accordance with the principles of Art. 17 of the GDPR if such is not prevented by other statutory provisions (e.g. statutory retention obligations or the restrictions laid down in § 35 of the German Federal Data-Protection Act (BDSG)) or an overriding interest on our part (for example, to defend our rights and claims)
- Taking into account the preconditions laid down in Art. 18 of the GDPR, you can demand that we restrict the processing of your data .
- Furthermore, you can file an objection to the processing of your data in accordance with Art. 21 of the GDPR, as a result of which we have to stop processing your data. This right of objection only applies, however, if very special circumstances characterise your personal situation, whereby the rights of our company may run counter to your right of objection.
- You also have the right to receive your data in accordance with the arrangements laid down in Art. 20 of the GDPR in a structured, commonplace and machine-readable format or transmit such data to a third party.
- You furthermore have the right to revoke consent that has been issued to us to process personal data at any time effective into the future (see number 2.3).
- You are in addition entitled to file a complaint with a data-protection supervisory authority (Art. 77 of the GDPR). We recommend, however, to first always send a complaint to our data-protection officer.
Whenever possible, your applications for the exercise of your rights should be sent in writing to the address stated above or addressed directly to our data-protection officer.
8. Scope of your obligations to provide us your data
You only need to provide data that is necessary for the commencement and performance of the business relationship or for a pre-contractual relationship with us or the collection of which we are required by law. Without this data, we are generally not able to conclude the agreement or continue to perform such. This may also relate to data that is required later within the framework of the contractual relationship. If we request data from you above and beyond this, you shall be informed about the voluntary nature of the information separately.
9. Presence of an automated decision made in individual cases (including profiling)
We do not use any purely automated decision-making procedure as set out in Article 22 of the GDPR. If we do institute such a procedure in individual cases in the future, we shall inform you pursuant hereto separately if this is required by law.
Under certain circumstances, we may process your data in part with the aim of evaluating certain personal aspects (profiling).
In order to provide you with targeted information and advice on products, we may use evaluation tools. These enable a needs-oriented product design, communication and advertising including market and opinion research.
Such procedures can also be used to assess your solvency and creditworthiness as well as to combat money laundering and fraud. “Score values” can be used to assess your creditworthiness and creditworthiness. In the case of scoring, the probability is calculated using mathematical methods with which a customer will meet his payment obligations in accordance with the contract. Such score values thus support us, for example, in assessing our creditworthiness, decision-making in the context of product deals and are incorporated into our risk management. The calculation is based on mathematically and statistically recognised and proven methods and is based on your data, in particular income, expenditure, existing liabilities, profession, employer, length of service, experience from the previous business relationship, repayment of previous loans in accordance with the contract and information from credit agencies.
Information on nationality and special categories of personal data according to Art. 9 GDPR are not processed.
Information on your right of objection under Art. 21 of the GDPR 1.You have the right to file an objection at any time against processing of your data which is performed on the basis of Art. 6, section 1 f of the GDPR (data-processing on the basis of a weighing out of interests) or Art. 6, section 1 e of the GDPR (data-processing in the public interest). The precondition for this, however, is that there are grounds for your objection emanating from your special personal situation. This also applies to profiling that is based on this purpose in the meaning of Art. 4, no. 4 of the GDPR. If you file an objection, we shall no longer process your personal data unless we can demonstrate compelling reasons warranting protection for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. 2.We will also use your personal data in order to perform direct advertising. If you do not want to receive any advertising, you have the right to file an objection to such at any time. This also applies to the profiling to the extent that it is connected with such direct advertising. We shall respect this objection with effect into the future. We shall no longer process your data for the purpose of direct advertising if you object to processing for this purpose. The objection can be filed without adhering to any form requirements and should if possible be sent to KLINGER Kempchen GmbH Im Waldteich 21 46147 Oberhausen |
Our privacy policy and the information on data protection about our data processing according to article 13, 14 and 21 GDPR may change from time to time. All changes will be published on this page. Older versions can be viewed in an archive
Data protection information 05.06.2024
Part 2: Supplementary data protection information for our website
General information
The following information will provide you with an easy to navigate overview of what will happen with your personal data when you visit this website. The term “personal data” comprises all data that can be used to personally identify you. For detailed information about the subject matter of data protection, please consult our Data Protection Declaration, which we have included beneath this copy.
Data recording on this website
Who is the responsible party for the recording of data on this website (i.e., the “controller”)?
The data on this website is processed by the operator of the website, whose contact information is available under section “Information about the responsible party (referred to as the “controller” in the GDPR)” in this Privacy Policy.
How do we record your data?
We collect your data as a result of your sharing of your data with us. This may, for instance be information you enter into our contact form.
Other data shall be recorded by our IT systems automatically or after you consent to its recording during your website visit. This data comprises primarily technical information (e.g., web browser, operating system, or time the site was accessed). This information is recorded automatically when you access this website.
What are the purposes we use your data for?
A portion of the information is generated to guarantee the error free provision of the website. Other data may be used to analyze your user patterns.
What rights do you have as far as your information is concerned?
You have the right to receive information about the source, recipients, and purposes of your archived personal data at any time without having to pay a fee for such disclosures. You also have the right to demand that your data are rectified or eradicated. If you have consented to data processing, you have the option to revoke this consent at any time, which shall affect all future data processing. Moreover, you have the right to demand that the processing of your data be restricted under certain circumstances. Furthermore, you have the right to log a complaint with the competent supervising agency.
Please do not hesitate to contact us at any time if you have questions about this or any other data protection related issues.
Analysis tools and tools provided by third parties
There is a possibility that your browsing patterns will be statistically analyzed when your visit this website. Such analyses are performed primarily with what we refer to as analysis programs.
For detailed information about these analysis programs please consult our Data Protection Declaration below.
Recording of data on this website
Cookies
Our websites and pages use what the industry refers to as “cookies.” Cookies are small data packages that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them, or they are automatically eradicated by your web browser.
Cookies can be issued by us (first-party cookies) or by third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services of third-party companies into websites (e.g., cookies for handling payment services).
Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of these cookies (e.g., the shopping cart function or the display of videos). Other cookies may be used to analyze user behavior or for promotional purposes.
Cookies, which are required for the performance of electronic communication transactions, for the provision of certain functions you want to use (e.g., for the shopping cart function) or those that are necessary for the optimization (required cookies) of the website (e.g., cookies that provide measurable insights into the web audience), shall be stored on the basis of Art. 6(1)(f) GDPR, unless a different legal basis is cited. The operator of the website has a legitimate interest in the storage of required cookies to ensure the technically error-free and optimized provision of the operator’s services. If your consent to the storage of the cookies and similar recognition technologies has been requested, the processing occurs exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR and § 25 (1) TDDDG); this consent may be revoked at any time.
You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete-function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.
Which cookies and services are used on this website can be found in this privacy policy.
Consent with Complianz
Our website uses Complianz’s consent technology to obtain your consent to store certain cookies on your device or for the use of certain technologies and to document this consent in a manner compliant with data protection regulations. The provider of this technology is Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, the Netherlands (hereinafter “Complianz”).
Complianz is hosted on our servers, so no connection to the servers of the provider of Complianz is established. Complianz stores a cookie in your browser in order to be able to allocate the consents granted to you or their revocation. The data collected in this way is stored until you request us to delete it, delete the Complianz cookie yourself or until the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.
Complianz serves to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6(1)(c) GDPR.
Contact form
If you submit inquiries to us via our contact form, the information provided in the contact form as well as any contact information provided therein will be stored by us in order to handle your inquiry and in the event that we have further questions. We will not share this information without your consent.
The processing of these data is based on Art. 6(1)(b) GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6(1)(f) GDPR) or on your agreement (Art. 6(1)(a) GDPR) if this has been requested; the consent can be revoked at any time.
The information you have entered into the contact form shall remain with us until you ask us to eradicate the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists (e.g., after we have concluded our response to your inquiry). This shall be without prejudice to any mandatory legal provisions, in particular retention periods.
Request by e-mail, telephone, or fax
If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.
These data are processed on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR) if it has been obtained; the consent can be revoked at any time.
The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
Plug-ins and Tools
YouTube with expanded data protection integration
This website integrates videos from the YouTube website. The operator of the website is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
When you visit one of these websites on which YouTube is integrated, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.
We use YouTube in extended data protection mode. According to YouTube, videos that are played in extended data protection mode are not used to personalize browsing on YouTube. Ads that are played in extended data protection mode are also not personalized. No cookies are set in extended data protection mode. Instead, so-called local storage elements are stored in the user’s browser, which contain personal data similar to cookies and can be used for recognition. Details on the extended data protection mode can be found here: https://support.google.com/youtube/answer/171780.
After activating a YouTube video, further data processing operations may be triggered over which we have no influence.
The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6(1)(f) GDPR, this is a legitimate interest. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.
For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under: https://policies.google.com/privacy?hl=en.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Google Fonts (local embedding)
This website uses so-called Google Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application.
For more information on Google Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
Google Maps
This website uses the mapping service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With the means of this service, we can integrate map material on our website.
To enable the use of the Google Maps features, your IP address must be stored. As a rule, this information is transferred to one of Google’s servers in the United States, where it is archived. The operator of this website has no control over the data transfer. In case Google Maps has been activated, Google has the option to use Google Fonts for the purpose of the uniform depiction of fonts. When you access Google Maps, your browser will load the required web fonts into your browser cache, to correctly display text and fonts.
We use Google Maps to present our online content in an appealing manner and to make the locations disclosed on our website easy to find. This constitutes a legitimate interest as defined in Art. 6(1)(f) GDPR. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For more information on the handling of user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.
The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
KemProof
On our website you have the opportunity to download our tool “KemProof”. In order to be able to send you the download link, we need your e-mail address.