Privacy

Data protection declaration for ktr.com

We are legally obliged to inform you about the processing of your personal data (hereinafter called “data”) in connection with using our website (hereinafter called the “website”). We take the protection of your personal data very seriously. This data protection notice provides you with information about the details of how your data is processed, and about the legal rights you hold in this connection. The legal definitions established in Art. 4, GDPR are applicable to concepts such as “personal data” or “processing” . We reserve the right to adapt our data protection declaration with effect for the future, particularly in the event of redevelopment of the website, in the event of using new technologies or in the event of the amendment of underlying statutory regulations and/or applicable precedent. We would advise you to read our data protection declaration from time to time and to keep a printout or a copy of the declaration on your files.

 

Scope of application

The data protection declaration is addressed to all users of the website www.ktr.com (clause 1) and to all of the customers and suppliers of KTR Systems GmbH (clause II). Its applicability does not extend to any linked websites and/or Internet presences of our own or of other providers. For applicants and other users of our Careers page www.ktr-karriere.de there applies the data protection declaration for applicants, and you can download this via https://www.ktr-karriere.de/#datenschutz . For our internet pages ktr-events.comotools.ktr.comonlinetools.ktr.comktr360.com and our webshop shop.ktr.com, the data protection declarations that are respectively posted there are applicable.

 

Responsible party/Data manager

The responsible party/data manager for the processing of personal data within the scope of application of this data protection declaration is:

KTR Systems GmbH
Carl-Zeiss-Straße 25
48432 Rheine Germany

Tel.: +49 5971 798-0
Email: mail@ktr.com
Website: www.ktr.com

 

Questions concerning Data protection

If you have any questions concerning the topic of data protection as it affects our Company or our website, please contact us directly using the contact details given above, or apply to our data protection officer. Here are the contact details for our data protection officer:

Anna Cardillo
Cardillo Management Consulting
Wilhelmshavener Straße 65
10551 Berlin

Tel.: +49 30 24048146
E-Mail: ac@cardillo-consulting.com
Webseite: https://cardillo-consulting.com

 

Your rights

You hold the following rights with regard to the personal data concerning yourself, and you can claim these rights from ourselves as follows:

  • Right of information: You can require information under Article 15, GDPR, concerning your personal data as processed by ourselves.
     
  • Right of amendment: Should any of the information concerning yourself not (or no longer) be correct, then under Article 16, GDPR, you can require amendment. If your data is incomplete, then you can require that it be supplemented.
     
  • Right of erasure: You can require the erasure of your personal data under Article 17, GDPR. • Right of restriction of processing: Under Article 18, GDPR, you are entitled to require that your personal data be restricted.
     
  • Right of objection to processing: You have the right at any time to object – for reasons relating to your particular situation – to the processing of our personal data as conducted under Article 6, paragraph 1, clause 1, subclause (e) or subclause (f), GDPR, in pursuance of Article 21, paragraph 1, GDPR. In that event, we will discontinue processing your data unless we are able to prove that there are urgent, protectable reasons for the processing which outweigh your own interests, rights and freedoms if the purpose of the processing is in order to claim and to exercise – or to defend against – legal entitlements (refer Article 21, paragraph 1, GDPR). Furthermore, under Article 21, paragraph 2, GDPR, you are entitled at any time to raise an objection against the processing of personal data relating to yourself for purposes of direct advertising; and the same is applicable to any instance of profiling to the extent that it is associated with the above-mentioned direct advertising. In this Data protection declaration, we indicate your right of objection as associated with the corresponding processing.
     
  • Right of revocation of your consent: If you previously issued consent for processing, then, under Article 7, paragraph 3, GDPR, you hold a right of revocation.
     
  • Right for transferability of data: You are entitled to receive the personal data concerning yourself – which you have provided for ourselves – in a structured, currently processable and machine-scannable format (“transferability of data”) together with the right to have this data forwarded to a different responsible party/data manager, subject to fulfilment of the pre-requisites under Article 20, paragraph 1, clauses (a) and (b), GDPR, (refer Article 20, GDPR).

You can claim your rights by sending a message to the contact details indicated under the section headed Responsible party/Data manager” or to our designated Data-protection officer.

If you believe that the processing of your personal data infringes the data protection regulations, then you also hold the right, under Article 77, GDPR, to place the matter before the data protection supervisory body of your choice. The choice of data protection supervisory bodies competent to govern the relevant responsible party/data manager includes the following: Landesbeauftragte für Datenschutz und Informationsfreiheit (=Regional officer for data protection and freedom of information) Nordrhein-Westfalen, Postfach 200444, 40102 Düsseldorf, 0211/38424-0, poststelle@ldi.nrw.de.

 

I. Using our website

 

1. Access details

The rules state that you are able to visit our website – purely in order for you to gain information – without having to disclose your identity. When individual pages of the website are visited for that purpose, all that will be released will be the contact details for our website provider, thus enabling you to gain a display of the website. In this context, the following data is processed:

  • Browser type/browser version,
  • Employed operating system,
  • Language and version of browser software,
  • Date and time of access,
  • IP address,
  • Content of request (specific website),
  • Access status/HTTP status code,
  • URL referrer (previously visited website),
  • Indication as to whether the visit was successful and
  • Quantity of data transferred
  • Difference in time zone relative to GMT.

The temporary processing of this data is required in order to make it technically possible for a website visit to take place and for the website to be made available to your terminal. The contact details are not utilised for purposes of identifying individual users, and they are not combined with any other data sources. There is continued storage in protocol files (log files) in order to ensure functionality of the website and the security of IT systems. The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (f), GDPR. We hold justified interests for protecting the functionality of the website and the integrity and security of the website. The storage of access data in log files – particularly the IP address – for a long period, enables us to detect abuse and to exercise protection against it. This includes, for example, defence against enquiries which would overload our service, or the utilisation of any bots. Access data is deleted as soon as it is no longer required in order to achieve the purpose of your processing. Where the data is logged in order to make the website available, then this is the case when you end your visit to the website. The rule is that the protocol data is stored directly and exclusively for administrators’ access, no later than by seven days afterwards. After that, the data will be available only indirectly – by reconstructing backup tapes (backups) – and will be permanently erased after a maximum of four weeks. You can file an objection to this processing. Your right of objection will be applicable for reasons arising from your particular situation. You can send us your objection using the contact details set out in the Section entitled “Responsible party/Data manager”.

 

2. Cookies and other functions

On our website, cookies and other functions are used, and these carry out the processing of our users’ terminals information and personal data. Some of them are urgently needed (“essential cookies”), whilst others fulfil the function of incorporating external elements, statistical analysis, company attribution or reach measurement.

 

2.1 Data protection settings

In our website, we have incorporated a consent management tool for purposes of requesting consents for the use of cookies or comparable functions. By recourse to the “Data protection settings”, you have the option of issuing or declining your consent for certain functionalities on our website, for example the functionalities for incorporating external elements, statistical analysis and reach measurement. Under “Data protection settings”, you can issue your consent for all functions (“Accept all”) or you can decline (“Accept only essential cookies”), or issue your consent for individual purposes or for individual functions. The settings which you have applied can also be changed by yourself, subsequently. The purpose of incorporating these tools is to leave it to the users of our website to decide about the setting of cookies and similar functionalities and to give them the opportunity – in their future use of our website – to amend settings which they had previously applied. In the process of using the consent management tool, there will be processing of personal data and information concerning the employed terminals. The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (f), GDPR. Our justified interests in processing relate to the storage of user settings and preferences concerning the use of cookies and other functionalities. User settings are stored by means of a cookie which has a storage period of one year. After that storage period has elapsed, a fresh consent request will be made. The applied user settings will then once again be stored for the same period. You can file an objection to this processing. Your right of objection will be applicable for reasons arising from your particular situation. You can prevent cookie-based data processing as follows: by deactivating or restricting or deleting cookies, in the settings for your browser software or by opening “Private mode” in the browser which you use.

 

2.2 Essential cookies

Essential cookies are required for basic website functions. This assures that the website will operate correctly. On our website, urgently required cookies are stored for the following purposes:

  • Log-in details: This cookie is a magnolia standard session cookie. When a user logs in, it will store the session ID. Accordingly, the logged-in user can be recognised and will be granted access to protected areas. Storage period: 1 week
  • Cookie opt-in: This comprises the selected data protection settings. Storage period: 1 year.
  • Chat function Userlike: To implement our service chat "Userlike" two cookies are stored. These cookies are technically necessary and are only filled with data when the chat is used. Detailed information about the chat function Userlike can be found in paragraph 4
  • Storage duration: Userlike Session Cookie: End of browser session; Userlike Expire Cookie: 1 year.

The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (f), GDPR. Our justified interests in processing relate to providing the above-mentioned particular functionalities so that the use of the website is configured to be more attractive and more effective. You can file an objection to this processing. Your right of objection will be applicable for reasons arising from your particular situation. You can prevent cookie-based data processing as follows: by deactivating or restricting or deleting cookies, in the settings for your browser software or by opening “Private mode” in the browser which you use.

 

2.3 Statistical analysis

 

Google Analytics

In order to make it possible for our website to be matched ideally to users’ interests, we use “Google Analytics”, a “Google” web analysis service (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001). “Google Analytics” uses “cookies” (refer section on “Cookies”, above) which are stored on your terminal. Using the cookies, “Google” processes the information which has been generated in the process of your terminal’s use of our website – if you have visited a specific website, for example – and the data which we will process will include the data mentioned in the Section on “Utilisation of our website”, with particular reference to your IP address, browser information, the previously visited website together with the date and time of the server request; for purposes of statistical analysis of website use. For this purpose, it is also possible to determine whether various terminals belong to yourself or to your household. This website uses “Google Analytics” with the extension “anonymizeIp()”. Accordingly, IP addresses (in an abbreviated form) are further processed in order to make it substantially difficult to identify any individuals. According to information from “Google”, your IP address is pre-abbreviated within European Union member states. Only in exceptional cases will your full IP address be sent to a “Google” server in the USA, and abbreviated there. On our behalf, “Google” will process this information for purposes of analysing your utilisation of the website, will compile reports for us (concerning website activities) and – if we stipulate this separately – in order to provide us with further services relating to website utilisation. The IP address released by your browser in the context of the above-described purposes is not combined with any other data by “Google”. The legal basis for this processing is your consent under Art. 6 Abs. 1 clause 1, subclause (a), GDPR. To some extent, “Google” also processes the data in the USA. When it comes to the transfer of data to the USA, there is no adequacy decision from the EU Commission; the legal basis for forwarding (of data) to the USA is your consent under Article 49, paragraph 1, clause 1, subclause (a), GDPR. Your data in connection with “Google Analytics” will be erased after fourteen months at latest. You can find out more information about data protection with “Google” by visiting: www.google.de/intl/de/policies/privacy. It is possible to revoke your consent for processing and third-party country transfer at any time by resetting the controller under “Settings” for the consent tool. This does not, as the result of the revocation, affect the legitimacy of processing conducted on the basis of consent before the revocation was applied.

 

Google Analytics

We use on our website the web analysis and optimisation service „Google Optimize“, a service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001 („Google“).
„Google Optimize“ serves for enhancing the attractiveness, the content and the user friendliness of our website. In the process, new functions and content in different variants are played to our useres and the different user behaviour is statistically evaluated. For that purpose „Google Optimize“ uses cookies with the aid of which „Google“ processes the information which has been generated in the process of your terminal’s use of our website – if you have visited a specific website, for example – and the data which we will process will include the data mentioned in the Section on “Utilisation of our website”, with particular reference to your IP address, browser information, the previously visited website together with the date and time of the server request; for purposes of statistical analysis of website use.  „Google Optimize“ is used with the extension „anonymizeIp()“. Accordingly, IP addresses (in an abbreviated form) are further processed in order to make it substantially difficult to identify any individuals. According to information from “Google”, your IP address is pre-abbreviated within European Union member states.
The legal basis for this processing is your consent under Art. 6 paragraph 1 clause 1, subclause (a), GDPR. To some extent, “Google” also processes the data in the USA. When it comes to the transfer of data to the USA, there is no adequacy decision from the EU Commission; the legal basis for forwarding (of data) to the USA is your consent under Article 49, paragraph 1, clause 1, subclause (a), GDPR. You will be provided with further information about the purpose and scope of data collection and its processing by Google in the privacy statements of Google.  You can find out more information about your rights and setting options for protecting your privacy with “Google” by visiting: www.google.de/intl/de/policies/privacy. 
It is possible to revoke your consent for processing and third-party country transfer at any time by resetting the controller under “Settings” [insert the link] for the consent tool. This does not, as the result of the revocation, affect the legitimacy of processing conducted on the basis of consent before the revocation was applied.

 

Pardot

To optimally adapt our website to our users‘ interests, we use „Pardot“, a web analysis service from „Salesforce“ Salesforce.com Germany GmbH, Erika-Mann-Straße 31, 80636 München. „Pardot“ uses so-called „Cookies“ (see paragraph „cookies“ above) that are stored on your terminal. Using these cookies „Pardot“ processes the information which has been generated in the process of your terminal’s use of our website – if you have visited a specific website, for example – and the data which we will process will include the data mentioned in the Section on “Utilisation of our website”, with particular reference to your IP address, browser information, the previously visited website together with the date and time of the server request; for purposes of statistical analysis of website use. For this purpose it is able to evaluate if various terminals pertain to you or your household. On our behalf, “Pardot” will process this information for purposes of analysing your utilisation of the website, will compile reports for us (concerning website activities) and – if we stipulate this separately – in order to provide us with further services relating to website utilisation. The legal basis for this processing is your consent under Art. 6 paragraph 1 clause 1, subclause (a), GDPR.
It is possible to revoke your consent for processing and third-party country transfer at any time by resetting the controller under “Settings” [insert the link] for the consent tool. This does not, as the result of the revocation, affect the legitimacy of processing conducted on the basis of consent before the revocation was applied.

 

2.4 Marketing

 

Google Ads Conversion

We use the “Google Ads” service provided by “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001), in order – with the aid of advertising media (formerly referred to as “Google AdWords”) on external websites -- to draw attention to our attractive offers. By consulting the details gathered from advertising campaigns, we can draw conclusions as to how successful individual advertising measures have been. These advertising measures are supplied by “Google” by way of “ad servers”. For that purpose, we use “ad server” cookies which make it possible to measure certain parameters relating to reach measurement, such as the fading in of advertisements or clicks applied by the user. To the extent that you visit our website by way of having selected a “Google” advertisement, a “cookie” will be stored by “Google Ads” on your terminal. By means of “cookies”, “Google” processes the information generated from your terminal, referring to interactions with our own advertising media (calling up a given Internet page or clicking on a promotion/advertisement) and the data are mentioned in the section entitled “Utilisation of our website”, with particular reference to your IP address, browser details, the previously visited website and the date and time of the server request – in order to analyse and to display our advertisements’ reach measurement. For this purpose, it is also possible to determine whether various terminals belong to yourself or to your household. Corresponding to the marketing tool employed, your browser will automatically set up a direct connection with Google’s server. If you are registered with a “Google” service, “Google” is able to attribute the visit to your user account. Even if you are not registered with “Google” and are not logged in, it is possible for the provider to learn of your IP address and to process it. We receive statistical analyses from Google purely in order to gauge the effectiveness of our advertising media. The legal basis for this processing is your consent under Art. 6 paragraph 1 clause 1, subclause (a), GDPR. To some extent, “Google” also processes the data in the USA. When it comes to the transfer of data to the USA, there is no adequacy decision from the EU Commission; the legal basis for forwarding (of data) to the USA is your consent under Article 49, paragraph 1, clause 1, subclause (a), GDPR. The storage period with “Google” is a maximum of 24 months. You can find out more information about data protection and the storage period with “Google” by visiting: policies.google.com/privacy. It is possible to revoke your consents for processing and third-party country transfer at any time by resetting the controller under “Settings” for the consent tool. This does not, as the result of the revocation, affect the legitimacy of processing conducted on the basis of consent before the revocation was applied.

 

Google Ads Remarketing

We use the “Google Ads” service – with the “dynamic remarketing” function provided by “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001). This is a process which we would like to discuss with you again. We are able to use the “dynamic remarketing” function in order to recognise website users from other websites within the “Google” advertising network (in “Google” search or on “YouTube”, “Google Ads” or on other websites) and in order to present them with advertisements tailored to their interests. Such advertisements may also relate to products and services which you have already seen on our website. To that end, there is analysis of users’ interactions with our website, in order to determine, for example, which offers are interesting for users, and in order to make it possible to present targeted advertising to users on other webpages even after they have completed their visit to our own website. When you visit our website, a “cookie” will be stored by “Google Ads” on your terminal. Using cookies, “Google” processes the information generated by your terminal, indicating how our website has been used and indicating interactions with our own website together with the data mentioned in the section entitled “Utilisation of our website”, with particular reference to your IP address, browser details, the website previously visited together with the date and time of the server request, for purposes of running personalised advertisements. For this purpose, it is also possible to determine whether various terminals belong to yourself or to your household. The data logged in the context of “Google Ads” is not merged with data from any other “Google” products. The legal basis for this processing is your consent under Art. 6 paragraph 1 clause 1, subclause (a), GDPR. To some extent, “Google” also processes the data in the USA. When it comes to the transfer of data to the USA, there is no adequacy decision from the EU Commission; the legal basis for forwarding (of data) to the USA is your consent under Article 49, paragraph 1, clause 1, subclause (a), GDPR. The storage period with “Google” is a maximum of 24 months. You can find out more information about data protection and the storage period with “Google” by visiting: policies.google.com/privacy. It is possible to revoke your consent for processing and third-party country transfer at any time by resetting the controller under “Settings” for the consent tool. This does not, as the result of the revocation, affect the legitimacy of processing conducted on the basis of consent before the revocation was applied.

 

Facebook Custom Audiences

Furthermore, the website uses Facebook’s “Website Custom Audiences” function. The provider is Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland, email: impressum-support@support.facebook.com; hereinafter called “Facebook”). Using “Web beacons” such as the “Facebook pixel”, information concerning your user behaviour on our website will be logged, and this will be processed by “Facebook”. By this means, users of the website and users of “Facebook” belonging to a comparable target group can receive relevant advertisements (“Facebook ads”) when they are visiting the “Facebook” social network. By means of “Facebook pixels” – these are small graphics which are simultaneously incorporated in our website and which are automatically loaded when our website is visited, and which enable tracking of user behaviour – your browser will automatically set up a direct connection with Facebook’s server. By means of incorporating the “Facebook pixels”, “Facebook” uses cookies to process the information which has been generated in the course of your terminal’s use of our website – if you have visited a specific website, for example – and the data which it will process will include the data mentioned in the Section on “Utilisation of our website”, with particular reference to your IP address, browser information, the previously visited website, the “Facebook ID” and the date and time of the server request; for purposes of running personalised advertisements. For this purpose, it is also possible to determine whether various terminals belong to yourself or to your household. If you are registered with a “Facebook” service, “Facebook” is able to attribute the collected information to your account. Even if you are not registered with “Facebook”, or if you have not logged in, it is possible for the provider to learn of your IP address and further identification characteristics, and to process the same. The legal basis for this processing is your consent under Art. 6 paragraph 1 clause 1, subclause (a), GDPR. To some extent, “Facebook” also processes the data in the USA. When it comes to the transfer of data to the USA, there is no adequacy decision from the EU Commission; the legal basis for forwarding (of data) to the USA is your consent under Article 49, paragraph 1, clause 1, subclause (a), GDPR. The storage period for the information in Facebook cookies is three months. You can find out more about data protection and about the storage period with “Facebook” on: www.facebook.com/privacy/explanation and www.facebook.com/policies/cookies/. It is possible to revoke your consent for processing and third-party country transfer at any time by resetting the controller under “Settings” for the consent tool. This does not, as the result of the revocation, affect the legitimacy of processing conducted on the basis of consent before the revocation was applied.

 

LinkedIn Ads (Retargeting)

On our website, furthermore, the “LinkedIn Ads” analysis and retargeting functions belonging to LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland; hereinafter referred to as: “LinkedIn”) are used. In this context, “LinkedIn” will process the information which has been generated in particular using cookies, tracking pixels and fingerprinting methods concerning the utilisation of our website by your terminal, in order to draw conclusions as to a defined user behaviour on our website. This will also include the processing of information which is stored on users’ terminals, with particular reference to IP addresses, browser details, log-in data, the details of the employed operating system and other data mentioned in the Section on “Utilisation of our website”. By this means, we are able to specifically address users of our website and users of “LinkedIn” belonging to a comparable target group – when they visit the “LinkedIn” social network – with advertisements (“LinkedIn ads”) relevant to their own interests. Using LinkedIn’s employed tracking technologies, your browser will automatically set up a direct connection with LinkedIn’s servers. If you are registered with a “LinkedIn” service, “LinkedIn” is able to attribute the collected information to your user account. Even if you do not have a user account with “LinkedIn”, and even if you are not logged onto it, it is possible for “LinkedIn” specifically to gain knowledge of your IP address and further identification characteristics, and to process the same. In this connection, we do not carry out any personally-related identification of the respective users. We have the option of retargeting for a period of up to 90 days following your visit to our website. The legal basis for the processing of your data is Article 6, paragraph 1, clause 1, subclause (a), GDPR. To a certain extent, “LinkedIn” processes this data on servers located in the USA. When it comes to the transfer of data to the USA, there is no adequacy decision from the EU Commission; the legal basis for forwarding (of data) to the USA is your consent under Article 49, paragraph 1, clause (1), subclause (a). You can find further information concerning data storage and the storage period with “LinkedIn” by visiting: www.linkedin.com/legal/privacy-policy and www.linkedin.com/legal/cookie_policy. It is possible to revoke your consent for processing and third-party country transfer at any time by resetting the controller under “Settings” for the consent tool. This does not, as the result of the revocation, affect the legitimacy of processing conducted on the basis of consent before the revocation was applied.

 

LinkedIn Ads (Conversion)

On our website, we use the “LinkedIn Ads” functions belonging to LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland; hereinafter referred to as: “LinkedIn”). To the extent that you reach our website by way of a “LinkedIn” advertisement, LinkedIn will deposit a cookie on your terminal or in your browser in order to gauge the reach of our advertisements, in order to enable the attribution of a given advertising medium’s success and in order to achieve continuous improvement of our advertisements. Using cookies, “LinkedIn” will process the information generated by your terminal, concerning interactions with our advertising media (e.g. the selection of a given Internet page or by clicking on an advertisement) and, to some extent, the data indicated in the Section on “Utilisation on our website”, such as your IP address, device and browser details, referrer URL and time stamps for purposes of measuring our advertisements’ reach and success, in which process LinkedIn will apply an abbreviation of the IP addresses. By means of using LinkedIn’s conversion tracking functions, we are able, in particular, to determine the extent to which the advertisements which we have inserted may have given rise to related actions on our website. To that end, your browser automatically sets up a direct connection with LinkedIn’s server. If you are logged in to a “LinkedIn” service, “LinkedIn” is able to attribute the logged information – particularly the details of your visit to our website – to your user account. The direct codes of registered users as processed in this connection will be removed by “LinkedIn” within seven days, and the data left in place will be erased within 180 days. Even if you do not have a user account with “LinkedIn”, and even if you are not logged onto it, it is possible for “LinkedIn” specifically to gain knowledge of your IP address and further identification characteristics, and to process the same. In the process of analysis, “LinkedIn” does not share any personal data with ourselves, but only sends us statistical analyses of the success of our advertising media. As the result, we learn – in the form of statistics – of the extent to which our advertisements as faded in on “LinkedIn” have been successful and have led to related actions on our website. In this context, furthermore, we receive statistical analyses as to which categories of persons (e.g. those belonging to a given profession, company or field) have carried out actions. On that basis, we can specify our target categories and improve the alignment of our advertising media. The legal basis for the processing of your data is Article 6, paragraph 1, clause 1, subclause (a), GDPR. To a certain extent, “LinkedIn” processes this data on servers located in the USA. When it comes to the transfer of data to the USA, there is no adequacy decision from the EU Commission; the legal basis for forwarding (of data) to the USA is your consent under Article 49, paragraph 1, clause 1, subclause (a), GDPR. You can find further information concerning data storage and the storage period with “LinkedIn” by visiting: www.linkedin.com/legal/privacy-policy and www.linkedin.com/legal/cookie_policy.
It is possible to revoke your consent for processing and third-party country transfer at any time by resetting the controller under “Settings” for the consent tool. This does not, as the result of the revocation, affect the legitimacy of processing conducted on the basis of consent before the revocation was applied.

 

SalesViewer® technology

In order to make it possible to align our marketing specifically to potential customers, we use SalesViewer® technology, a web analysis service from providers SalesViewer® GmbH, Bongardstraße 29, 44787 Bochum, email: info@salesviewer.com. SalesViewer® technology employs a JavaScript-based code which fulfils the function of highlighting company-related details and the corresponding utilisation. The data which is gathered by means of this technology is encrypted using a non-reversible one-way function ( “hashing”). The data is directly pseudonymised and is not used in order to achieve personal identification of the users of this website. However, there is identification of the user’s underlying company – to which it is subsequently possible to attribute the corresponding field and the details of the user’s specific actions on the website. The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (a), GDPR. The data which is logged using SalesViewer® technology is erased after 24 months, at latest.

 

2.5 External content

 

Google Maps

This website uses the “Google Maps” service provided by “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001) for purposes of displaying cards and/or sections of cards and thus provides you with user-friendly utilisation of the card function on the website. As the result of the visit to the website, “Google” is informed that you have selected the corresponding subsidiary page on our website. To some extent, furthermore, the data which is referred to in the Section entitled “Utilisation of our website” and “cookies” will be forwarded to “Google”. This takes place irrespective of whether “Google” has provided a user account by means of which you are logged on, and irrespective of whether there is no user account, at all. Once you are logged into “Google”, your data is directly attributed to your account. If you do not wish your profile to be attributed with “Google”, then you will have to log out before you activate the corresponding button. “Google” stores your data as utilisation profiles and processes it – irrespective of whether there is a user account with “Google” – for purposes of advertising, market research and/or the targeted configuration of its website. The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (a), GDPR. To some extent, Google also processes the data in the USA. When it comes to the transfer of data to the USA, there is no adequacy decision from the EU Commission; the legal basis for forwarding (of data) to the USA is your consent under Article 49, paragraph 1, clause 1, subclause (a), GDPR. You can find out more information about the purpose and scope of processing on the part of the plug-in provider, and the storage period with “Google Maps“ by visiting www.google.de/intl/de/policies/privacy.
It is possible to revoke your consent for processing and third-party country transfer at any time by resetting the controller under “Settings” for the consent tool. This does not, as the result of the revocation, affect the legitimacy of processing conducted on the basis of consent before the revocation was applied.

 

Incorporation of YouTube videos

On the website, we use plug-ins from the video platform of “YouTube.de” and/or “YouTube.com”, a service provided by YouTube LLC (head office address: 901 Cherry Avenue, San Bruno, CA 94066, USA; hereinafter referred to as “YouTube”), for which “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001) is the responsible party/data manager as defined under data protection regulations. Our purpose in practising this incorporation is also to include, on our website, visual content (“videos”) which we have published on “YouTube.de” and/or “YouTube.com”. In the course of utilisation of the streaming function, there is also processing of information which has been stored on your terminal (e.g. the IP address). The videos are incorporated in “extended data protection mode”, i.e. no data concerning yourself as a user is transmitted to “YouTube” if you do not play the videos. During the playing of videos of our website, “YouTube” will be informed that you selected the corresponding subsidiary page of our website. To some extent, furthermore, the data which is referred to in the Section entitled “Utilisation of our website” will be forwarded to “Google”. This takes place irrespective of whether “YouTube” has provided a user account by means of which you are logged in, and irrespective of whether there is no user account at all. Once you are logged into “Google”, your data is directly attributed to your account. If you do not wish your profile to be attributed with “YouTube”, then you will have to log out before you activate the corresponding button. “YouTube” stores your data as utilisation profiles and processes it – irrespective of whether there is a user account with “Google” – for purposes of advertising, market research and/or the targeted configuration of its website. The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (a), GDPR. To some extent, Google also processes the data in the USA. When it comes to the transfer of data to the USA, there is no adequacy decision from the EU Commission; the legal basis for forwarding (of data) to the USA is your consent under Article 49, paragraph 1, clause 1, subclause (a), GDPR. You can find out more information about the purpose and scope of processing on the part of “YouTube” and the storage period with “YouTube” by visiting policies.google.com/privacy.
It is possible to revoke your consent for processing at any time either by notifying ourselves (refer contact details in the Section entitled “Responsible party/data protection officer or by resetting the controller under “Settings” in the consent tool. This does not, as the result of the revocation, affect the legitimacy of processing conducted on the basis of consent before the revocation was applied.

 

2.6 Google Tag Manager

On our website, we use Google’s “Google Tag Manager” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001). “Google Tag Manager” is a solution which makes it possible to manage website tags and other elements from third-party providers, via an interface. Firstly, when the website is selected using Google Tag Manager, an HTTP request is sent to Google. Consequently, terminal details and personal data such as your IP address and the details of your browser settings will be sent to Google. We use Google Tag Manager in order to make it easier to carry out electronic communication, since information is transmitted via programming interfaces (amongst other channels) to third-party providers. In Google Tag Manager, the third-party providers’ respective tracking codes are implemented without our having to laboriously change the website’s source code. Rather, incorporation takes place using a container which sets what is referred to as a “placeholder” code in the source code. Furthermore, Google Tag Manager makes it possible to replace users’ data parameters in a defined sequence, especially by the arrangement and systematic organisation of the data packets. Furthermore, your data is individually transmitted to the USA. “Standard contract clauses” have been negotiated with Google in order to assure that a reasonable level of data protection is maintained. Upon request, we will send you a copy of these standard contract clauses. The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (f), GDPR. Our justified interests in processing relate to facilitation and implementation of electronic communication by means of identifying communication transmission points, control options, the exchange of data elements in a defined sequence and the identification of transmission errors. Google Tag Manager does not authorise any data storage. You can find out more information about data protection with “Google” by visiting: www.google.de/intl/de/policies/privacy.
You are entitled to file an objection to the processing to the extent that the processing arose under Article 6, paragraph 1, clause 1, subclause (f), GDPR. Your right of objection will be applicable for reasons arising from your particular situation. You can prevent the processing by erasing the history and the website data in your browser software settings, or by opening the employed browser in “private mode”.

Secondly, Google Tag Manager will, for example, install third-party provider tags such as tracking codes, and possibly also counting pixels, on our website. This tool creates the facility for triggering other tags which also detect your data; and we inform you of this fact elsewhere in this Data protection declaration. Google Tag Manager itself analyses neither the terminal information which is detected by the tags, nor users’ personal data. Rather, your data is forwarded to the respective third party provider service for the purposes mentioned in our section on the consent management tool. On our consent management tool, we have set Google Tag Manager so that the triggering of certain third-party provider services in Google Tag Manager is made conditional on your selection in our consent management tool, so that data processing will be triggered only for the third-party provider tags for which you have issued consent. The utilisation of Google Tag Manager is covered by consent for the respective third-party provider service. The legal basis for this processing is your consent under Article 6 Paragraph 1 clause 1, subclause (a), GDPR. To some extent, Google also processes the data in the USA. When it comes to the transfer of data to the USA, there is no adequacy decision from the EU Commission; the legal basis for forwarding (of data) to the USA is your consent under Article 49, paragraph 1, clause 1, subclause (a), GDPR. You will find the storage period for your data in the descriptions, as set out below, for individual third-party provider services. You can find out more information about data protection with “Google” by visiting: www.google.de/intl/de/policies/privacy.
It is possible to revoke your consent for processing and third-party country transfer at any time by resetting the controller under “Settings” for the consent tool for the respective third-party provider. This does not, as the result of the revocation, affect the legitimacy of processing conducted on the basis of consent before the revocation was applied.

 

3. Making contact with our Company

When you make contact with our Company, either by email or using the contact form on the website, we’ll process the personal data which you have disclosed in order to respond to your enquiry. The only essential details for the processing of enquiries via the contact form on the website will be the disclosure of a valid email address together with your message. At the point in time at which your message is sent to ourselves, furthermore, your IP address and the date and time of the transmission procedure will be processed. The legal basis for this processing is Article 6 paragraph 1 clause 1, subclause (f), GDPR and Article 6, paragraph 1, subclause (b) GDPR, if contact was made for purposes of negotiating a contract. The sole purpose of processing personal data from the input screen is to handle the contact case, and this includes the necessary justified interest in the processing of data. The other data which is processed during the transmission procedure is needed so as to prevent the abuse of the contact form and to ensure the security of our IT systems. No data is forwarded to any third parties in this connection. We will delete the data which arises in this connection once it is no longer necessary for it to be processed, or we will restrict processing as applicable to what is needed so as to adhere to the mandatory, statutory storage obligations applicable at the time.
You can file an objection to this processing. Your right of objection will be applicable for reasons arising from your particular situation. You can send us your objection using the contact details set out in the Section entitled “Responsible party/Data manager”.

We use for answering your contact inquiries the service „Pardot“ of the provider „Salesforce“ Salesforce.com Germany GmbH, Erika-Mann-Straße 31, 80636 München.  Salesforce processes your personal data on our behalf. For that purpose we concluded an agreement with Salesforce about the processing on behalf acc. to article 28 GDPR. The legal basis for this processing is Article 6 paragraph 1 clause 1, subclause (f), GDPR. Using these external services we pursue efficient and safe processing of your inquiries. You can file an objection to this processing. Your right of objection will be applicable for reasons arising from your particular situation. You can send us your objection using the contact details set out in the Section entitled “Responsible party/Data manager”.

 

4. Userlike chat function

On our website, we use a live chat function from providers Userlike UG (haftungsbeschränkt) (=limited liability)), Probsteigasse 44-46, 50670 , Cologne, Germany. You can use this function in order to make contact with ourselves. At the start of the chat, the following personal data is processed:

  • Date and time of call-up,
  • Browser type/version,
  • IP address,
  • Employed operating system,
  • URL of previously visited website and
  • Quantity of transmitted data.

There is also processing of personal data which you enter in the course of the chat. The legal basis for this processing is Article 6 paragraph 1 clause 1, subclause (f) GDPR and/or Article 6, paragraph 1, subclause (b) GDPR, if contact was made for purposes of negotiating a contract. The sole purpose of processing personal data from the input screen is to handle the contact case, and this includes the necessary justified interest in the processing of data. The purpose of the other data which is processed during the transmission procedure is to prevent the abuse of the chat function and to ensure the security of our IT systems. We will delete the data which arises in this connection once it is no longer necessary for it to be processed, or we will restrict processing as applicable to what is required in order to adhere to the mandatory, statutory storage obligations applicable at the time. You can file an objection to this processing. Your right of objection will be applicable for reasons arising from your particular situation. You can send us your objection using the contact details set out in the Section entitled “Responsible party/Data manager”.

 

5. Newsletter

You have the opportunity to subscribe – on the website – to our email newsletter by means of which we will regularly send you information on the following content:

  • Product information
  • Invitations to events, fairs or webinars
  • News concerning KTR in general

A valid email address has to be indicated in order to receive the newsletter. If you would like to subscribe to further newsletters on one of our websites (in order to receive news of job opportunities, for example) then in due course you will receive further information concerning the contents of newsletters. Our email newsletter is applied for using the double opt-in procedure. Once you have entered the data characterised as “required”, we will send an email to you at the email address which you indicated, and in our email we will ask you to specifically confirm your wish to subscribe to the newsletter (by clicking on a confirmation link). This procedure helps us to make certain that you actually do wish to receive our email newsletter. If confirmation is not received within 24 hours, then we block whatever information is sent to us, and will automatically delete it after one month (at latest). After receiving confirmation from you, we will process the email address and any other details for the relevant recipient – where indicated voluntarily – for purposes of sending you our email newsletter. The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (a), GDPR. We will erase this data if/when you terminate your newsletter subscription.
It is possible to revoke your consent for processing of the email address (as required in order to receive the newsletter) at any time either by notifying ourselves (refer contact details in the section on “Responsible party/Data manager”) or if you directly activate the “unsubscribe” link which is to be found in the newsletter. This does not, as the result of the revocation, affect the legitimacy of processing conducted on the basis of consent before the revocation was applied.

When you take up your subscription, we will also process your IP address, the time of your application to receive the newsletter and the time of your confirmation, in order to place your newsletter application on record and to prevent any abuse of your personal data. The legal basis for this processing is Article 6, paragraph 1 clause 1, subclause (f), GDPR. We hold a justified interest in this processing: to prevent fraud. We will immediately erase this data if/when the newsletter subscription is terminated. When we send out the newsletter, furthermore, we also analyse the open/click rates for our newsletters. For purposes of this analysis, the emails we send out will contain “web beacons” and/or tracking pixels, which constitute single-pixel picture files and are also incorporated into our website. Processing is conducted for purposes of analysing the reading behaviour patterns for our newsletters. In the process, we can learn when you read our newsletters, which links you click on within them, and consequently draw conclusions about what interests our customers. The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (f), GDPR. Our justified interests in this processing relate to reach measurement and the preparation of statistical analyses for our newsletters, together with optimising our email advertising. This information is processed for as long as you keep your newsletter subscription active. if a subscription is terminated, then we will process the corresponding data purely for statistical purposes and in anonymised form. We would like you to know that you can decline at any time to receive direct advertising and that you can object to processing for purposes of direct advertising without incurring any charges other than the transmission charges according to basic tariffs. In this context, you hold a general right of objection without having to indicate reasons (refer Article 21, paragraph 2, GDPR). Just click on the “unsubscribe” link in the respective email or send us notice of your objection by means of the contact details indicated in the section on “Responsible party/Data manager”. In order to send out our newsletter, we use the services of providers “Inxmail” (Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany). Inxmail processes your personal data on our behalf in order to send the newsletter to you. For that purpose, we have negotiated an agreement with Inxmail for contracted processing as defined in Article 28, GDPR. The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (f), GDPR. Our intention in using these outsourced services is to achieve efficient and reliable distribution of our newsletter.
You can file an objection to this processing. Your right of objection will be applicable for reasons arising from your particular situation. You can send us your objection using the contact details set out in the Section entitled “Responsible party/Data manager”.

 

6. Pop-Ups

On our webpage, we have included pop-ups by means of which we can send various offers to users. These include anonymous surveys about what sector you come from, for example, or requests for information on certain topics. You can see the specific content of each pop-up as it appears.

Where – in these pop-ups – we offer to send you our newsletter or other information or materials, you will need to indicate your name and a valid email address. All other information is elective. Applications for all email services are organised via the double opt-in procedure. Once you have entered the data characterised as “required”, we will send an email to you at the email address which you indicated, and in our email we will ask you to specifically confirm your wish to subscribe to the newsletter (by clicking on a confirmation link). This procedure helps us to make certain that you actually do wish to receive our news. If confirmation is not received within 24 hours, then we block whatever information is sent to us, and will automatically delete it after one month (at latest). After receiving confirmation from you, we will process your name, the email address and any other details for the relevant recipient – where indicated voluntarily – for purposes of sending you the desired news or information. The legal basis for this processing is Article 6 paragraph 1 clause 1, subclause (a), GDPR. We will erase this data if you revoke your consent. It is possible to revoke your consent for processing of the email address (as required in order to receive the desired information) at any time either by notifying ourselves (refer contact details in the section on “Responsible party/Data manager”) or if you directly activate the “unsubscribe” link which is to be found amongst the email details. This does not, as the result of the revocation, affect the legitimacy of processing conducted on the basis of consent before the revocation was applied.

When you give your corresponding instructions, we will also process your IP address, the time of your application to receive the newsletter and the time of your confirmation, in order to place your newsletter application on record and to prevent any abuse of your personal data. The legal basis for this processing is Article 6 paragraph 1 clause 1, subclause (f), GDPR. We hold a justified interest in this processing: to prevent fraud. We will promptly erase this data if/when your consent is terminated. We also analyse opening/click rates in connection with our provision of information. For purposes of this analysis, the emails we send out will contain “web beacons” and/or tracking pixels, which constitute single-pixel picture files and are also incorporated into our website. Processing is conducted for purposes of analysing the reading behaviour patterns for our news/information. In the process, we can learn when you read our news/information, which links you click on within it, and consequently draw conclusions about what interests our customers. The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (f), GDPR. Our justified interests in this processing relate to reach measurement and the preparation of statistical analyses for our news/information, together with optimising our email advertising. This information is processed for as long as you keep your news/information subscription active. if a subscription is terminated, then we will process the corresponding data purely for statistical purposes and in anonymised form. We would like you to know that you can decline at any time to receive direct advertising and that you can object to processing for purposes of direct advertising without incurring any charges other than the transmission charges according to basic tariffs. In this context, you hold a general right of objection without having to indicate reasons (refer Article 21, paragraph 2, GDPR). Just click on the “unsubscribe” link in the respective email or send us notice of your objection by means of the contact details indicated in the section on “Responsible party/Data manager”. For incorporating pop-ups, we use the services of providers WisePops SAS (87 boulevard Suchet, 75016 Paris, France; hereinafter referred to as: “WisePops”. WisePops processes your personal data on our behalf, in order to log your data. For that purpose, we have negotiated an agreement with WisePops for contracted processing as defined in Article 28, GDPR. For purposes of managing the data generated in the pop-ups, and for purposes of sending out the confirmation emails, furthermore, we use the services of providers Freshworks, Inc. 1250 Bayhill Drive, Suite 315, San Bruno, CA 94066, USA. Freshworks processes your personal data on our behalf in order to manage your data and to send you the confirmation emails. To that end, we have negotiated, with Freshworks, an agreement for processing under Article 28, GDPR. To a certain extent, Freshworks will also process the data in the USA. When it comes to the transfer of data to the USA, there is no adequacy decision from the EU Commission; the legal basis for forwarding (of data) to the USA comes from the standard contractual clauses under Article Article 46, paragraph 2, subclause (c), GDPR. For purposes of sending out the newsletter or other information which can be requested from the pop-ups, we use the services of providers “Inxmail” (Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany). Inxmail processes your personal data on our behalf in order to send you the newsletter, or to send you other information which you’ve requested. For that purpose, we have negotiated an agreement with Inxmail for contracted processing as defined in Article 28, GDPR.
The legal basis for processing on the part of our contracted processors is Article 6, paragraph 1, clause 1, subclause (f), GDPR. Our intention in using these outsourced services is to achieve efficient and secure incorporation of the pop-ups and the processing of the data correspondingly obtained. You are entitled to object to this processing. Your right of objection will be applicable for reasons arising from your particular situation. You can send us your objection using the contact details set out in the Section entitled “Responsible party/Data manager”.

 

7. Hosting

We use external hosting services from providers Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany), for purposes of providing the following services: Infrastructure and platform services, computing capacity, memory resources and database services, security services and technical maintenance services. For the above purposes, all data – including the access data described under the section on “Utilisation of our website” – will be processed as required for the operation and utilisation of our website. The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (f), GDPR. Our intention in using external hosting services is to achieve efficient and secure provision of our web content.
You can file an objection to this processing. Your right of objection will be applicable for reasons arising from your particular situation. You can send us your objection using the contact details set out in the Section entitled “Responsible party/Data manager”.

 

8. Social Media

We do not use any “social media plug-ins”. At various points on our website, however, we do offer you the option of visiting our presences on social networks such as Facebook, Twitter, LinkedIn, XING and YouTube. If you click on the respective logo or name of a social network, you will be forwarded – via a link – to our corresponding presence.
Before you click on the logos or links – meaning that you will be forwarded to the corresponding social network website – none of your personal data will be forwarded to the social networks. It’s only possible for your personal data to reach the respective social network and be processed by it once you have clicked on the corresponding logo on our website and have been forwarded to the social network’s website. Personal data will be processed in particular once you are logged in to your respective social media account and once the content – associated with your account – has been posted on social networks. Furthermore, though, data – such as your IP address, for example – can also be processed even if you do not have any social media account. Neither can we exert any influence on the logged data and the data processing procedures, nor are we aware of the full extent of data logging, the purposes for which the processing is conducted and the periods for which the data may come to be stored. Nor do we hold any information concerning the erasure of the logged data on the part of the respective social network. You should be able to find out more about the purpose and the extent of data logging and of its processing, by consulting the respective network’s data-protection declaration. There, you will also gain further information concerning your entitlements in this connection, and your setting options when it comes to protecting your privacy:

LinkedIn: www.linkedin.com/legal/privacy-policy

Facebook: de-de.facebook.com/policy.php

Instagram: www.facebook.com/help/instagram/155833707900388/

Xing: privacy.xing.com/de/datenschutzerklaerung

YouTube: policies.google.com/privacy

 

II. Customers and suppliers

 

1. Processing for contractual purposes

We process our customers’ and suppliers’ personal data – and their employees’ corresponding data (for example, the name and contact details of the contact person) -- if and to the extent that this is necessary in order to set up, to establish, to apply and/or to terminate a transaction with our company. The corresponding legal basis for this is to be found under Article 6, paragraph 1, clause 1, subclause (b), GDPR. You will need to provide your data for purposes of negotiating the contract, and you will be under contractual obligation to provide your data. You will not be able to negotiate and/or apply any contract without having provided your data. Once the due purpose has been achieved (e.g. processing of the contract), personal data is blocked from further processing and/or erased, unless we are entitled to conduct further processing under a consent issued by yourself (e.g. consent for processing of your email address so that we can send you our newsletter), a contractual agreement, a legal authorisation (e.g. authorisation to send you “existing customer” advertising) or on the basis of justified interests (e.g. storage for purposes of enforcing claims). Your personal data is forwarded to third parties to the extent that

  • this is necessary in order to establish, to operate or to terminate legal transactions with our company (e.g. where data is forwarded to a payment services provider/dispatch firm for purposes of processing a contract with yourself), (refer Article 6, paragraph 1, clause 1, subclause (b), GDPR, or
  • where this data is needed by a subcontractor or by agents whom we have specifically appointed in order to provide the offers or services you have requested (such providers are entitled to process your data – unless you are specifically informed otherwise– only to the extent required in order to provide the offer or the service) or
  • an enforceable official order (refer Article 6, paragraph 1, clause 1, subclause (c), GDPR, has been issued, or
  • an enforceable Court order has been issued (refer Article 6, paragraph 1, clause 1, subclause (c), GDPR, or
  • if we are legally required to do so by law (refer Article 6, paragraph 1, clause 1, subclause (c), GDPR), or if
  • the corresponding processing is necessary in order to protect the vital interests of the data subject or of any other individual (refer Article 6, paragraph 1, clause 1, subclause (d), GDPR, or
  • if this is necessary in order to carry out an action in the Public interest or in the event of one which is imposed by the Authorities on a compulsory basis (refer Article 6, paragraph 1, clause 1, subclause (e), GDPR, or
  • if we can validly invoke our own overriding, well-founded interests – or those of a third party – with regard to disclosure (refer Article 6, paragraph 1, clause 1, subclause (f), GDPR.

Your personal data will not be forwarded to any further extent to other persons, companies or offices unless you have given valid consent for such forwarding of data. The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (a), GDPR. In the context of this data-protection briefing concerning the respective processing procedures, we will inform you of the identity of the corresponding recipients of the data.

Supplier risk management: To fulfil our obligations of testing and reporting in the matter of sustainability and compliance regulation, we use the supplier risk management platform of IntegrityNext GmbH, Schillerstraße 23A, 80336 München („IntegrityNext“). It allows to efficiently perform abstract and concrete risk analyses of our suppliers, implement preventive and corrective measures, if necessary, and comply with our documentation and reporting obligations. In case if one of our suppliers is not yet registered on the IntegrityNext platform or the information given on the platform is not sufficient, we will notify IntegrityNext of the name, e-mail address and company of our contact with the supplier and IntegrityNext will send an invitation e-mail on our behalf. We support this processing on article  6 paragraph 1 page 1 lit. f) DSGVO (General Data Protection Regulation), our legitimate interest in inviting our suppliers to participating in such kind of risk management platform prevailing over the interest of the supplier’s contact. People affected may generally object to the processing, as explained at the beginning of this privacy policy under „right to object to processing“ in chapter „your rights“.   

 

IntegrityNext itself is responsible under data protection law for all data processing related to and after registration of the supplier. We do not have any influence on this processing. For more information about data processing by IntegrityNext, please read through the privacy statement of IntegrityNext under https://www.integritynext.com/data-privacy.  

 

2. Webshop

On the webpage of shop.ktr.com, we provide a web shop for our customers. For you to use this shop, you will need to authorise the setting-up of a customer account. You can apply to set up your account using the corresponding form on our website. The details you will need to give in order to process your application are as follows:

  • Company name
  • Forename and surname,
  • Postal address and
  • Email address.

The legal basis for this processing is Article 6 paragraph 1 clause 1, subclause (b), GDPR. You will need to disclose your data, as a necessary and binding condition of negotiating and executing the contract. If you don’t disclose your data, then you will be unable to register, i.e. it will not be possible to negotiate and/or to execute any orders using our web shop. The data will be erased as soon as it is no longer needed in order to achieve the purpose of its processing, or otherwise it will be restricted to the extent of processing needed under statutory storage obligations.

After your enquiry has been successfully processed, we will send you your access data (username and password) either by post or by email, according to your preference. The following functions are available to you in the log-in area:

  • Order from KTR catalogue
  • Order from KTR design programs
  • Overview of your invoices
  • View of delivery notes
  • Track & trace for your consignment
  • Rapid data-entry mask
  • Inputting using specific product reference number
  • Changing your password

We process your data for purposes of enabling the order to go through. The legal basis for this processing is Article 6 paragraph 1 clause 1, subclause (b), GDPR. It’s necessary (and mandatory) for your data to be provided in order for the contract to be negotiated and then completed. If you do not provide your data, then it will not be possible for the contract to be negotiated and/or completed. In order to prevent unauthorised third parties from accessing your personal data, the order procedure is encrypted on the website using SSL technology. We will erase the data arising in this connection once storage is no longer necessary, or otherwise we will restrict processing to the extent required under any mandatory storage obligations. Under mandatory commercial and fiscal regulations, we are obliged to place your address, payment and order details on store for a period of up to 10 years.

 

3. Email marketing/ Existing customer advertising

We reserve the right to use our customers’ emails as disclosed in the course of our business relationship within the legally permitted framework, in order to email to you (either during or following your order) some items of content as listed below unless you have already objected to this type of processing of your email address:

  • Product information
  • Invitations to events, fairs or webinars
  • News concerning KTR in general

If the sending of electronic information as required for processing of a contract (e.g. emails in an IT related format) should be necessary, the corresponding processing is governed on the legal basis under Article 6, paragraph 1, clause 1, subclause (b), GDPR. You will be under contractual obligation to share your data. If your data is not shared, then it will not be possible to email you any IT format information in the course of executing the contract. If the sending of electronic information is not required for processing of a contract (e.g. emails in an IT related format) is not necessary, then the corresponding processing is governed on a legal basis under Article Article 6, paragraph 1, clause 1, subclause (f), GDPR. Our justified interests in the above-described processing relate to enhancing and optimising our services, our dispatch of direct advertising and the assurance of customer satisfaction. We will delete your data once you have completed your utilisation process, but in any case no later than three years after the contract has terminated.
We would like you to know that you can decline at any time to receive direct advertising and that you can object to processing for purposes of direct advertising without incurring any charges other than the transmission charges according to basic tariffs. In this context, you hold a general right of objection without having to indicate reasons (refer Article 21, paragraph 2, GDPR). Just click on the “unsubscribe” link in the respective email or send us notice of your objection by means of the contact details indicated in the section on “Responsible party/Data manager”.

 

Copyright © by Spirit Legal