The Responsible Body as defined by the data protection laws is:
KLS Martin SE & Co. KG
KLS Martin Platz 1
78532 Tuttlingen, Germany
When you access our web site, information of a general nature is automatically recorded. This information (server log files) includes items such as the type of web browser, the operating system of your computer, the domain name of your internet service provider, and similar information. The recorded information does not include any personal data. This information is a technical requirement in order to display the requested content of the web site correctly and is essential in order to use the internet. We statistically analyze this type of anonymous information in order to optimize our internet presence and the underlying technology.
Some personal data, such as name, address, telephone number(s) and email address for contact and communication, will be recorded when you register on our web site. If you are registered with us, you will have access to content and services that we only offer to registered users. Users who are logged-in can also change or delete the data recorded during registration at any time. We will also of course disclose to you the personal data that we hold at any time. We will also correct or delete this data on request, unless we are required by law to retain it. Please use the contact data at the end of this privacy statement if you wish to contact us about your personal information.
For the provision of paid services we will request additional data, such as payment details.
We use state-of-the-art encryption technology (e.g. SSL) over HTTPS to ensure the security of your data.
The data that you provide in order to log in to get our newsletter will be used exclusively for this purpose. Subscribers may also be informed by email about conditions that are relevant for the service or the registration (such as changes to the newsletters offered or technical items).
We require a valid email address for an effective registration. We use the "double opt-in" procedure to ensure that the owner of an email address is actually the person who registered. For this purpose we log the order of the newsletter, the sending of a confirmation email and the receipt of the requested response. We do not record any additional information. The information is used exclusively for sending the newsletter and is not available for third parties.
You can withdraw your agreement to the storage of your personal data and its use for sending the newsletter at any time. A corresponding link is included in every newsletter. You can also deregister directly on this web site at any time or send your request to the contact addresses that can be found at the end of this document.
Newsletter emails are sent through Mailchimp. This is a service of The Rocket Science Group LLC in the USA. The appropriate level of data protection is guaranteed through its Privacy Shield certification. Moreover, we have entered into a processing agreement with Mailchimp.
Information on the processing activity:
Nature and scope of the data processing:
We process such data which you voluntarily disclose to us in our questionnaires, such as name and contact details as well as any data you specify in free text fields. In addition, the service provider collects technical diagnostic data and service-generated data.
Purposes of the processing activity:
The purpose is to conduct surveys in a defined group of users. Please note the data protection information for the respective surveys
Legal basis of the processing activity:
The legal basis for the collection and analysis of your data is your consent pursuant to Art. 6 (1)(a) GDPR. The requirements for consent are satisfied in accordance with Art. 7 (1)-(4) GDPR.
Categories of recipients:
For conducting our online surveys, we use Microsoft Forms, a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. We have entered into a processing contract with the provider. You can find further information on compliance with data protection during the use of Microsoft cloud services at https://privacy.microsoft.com/de-de/privacystatement.
Your data are processed through Microsoft's European cloud server; however, based on U.S. laws, access by U.S. security authorities cannot be entirely ruled out.
The results of the survey are evaluated by the respective survey creator and may be shared with other data controllers within the KLS Martin Group.Data transfer to a third country:No transfer to a third country is planned.
The raw data are erased when it is no longer required for the specified purposes (usually within one year after the completion of the survey) or when you withdraw your consent to the data processing. For this purpose, please contact our above-mentioned data protection officer, mentioning your objective.
Please note that Microsoft holds the data for another 93 days after the erasure before it is permanently erased.
Rights of data subjects:
You have a right of access (under Art. 15 GDPR) through the controller to personal data which pertain to you as well as rectification (Art. 16 GDPR), erasure (Art. 17 GDPR), and to restriction of processing (Art. 18 (1) GDPR). Furthermore, you have a right to object to the processing (Art. 21 GDPR) as well as the right to data portability (Art. 20 GDPR).
If you wish to exercise your rights, please contact the above-mentioned data protection officer.
Right to lodge a complaint:
You can contact your competent supervisory authority at any time with a complaint. Your competent supervisory authority is based on the federal state of your domicile, your place of work or the place of the alleged infringement. You will find a list of supervisory authorities (for the private sector) with addresses at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Duty to provide personal data:
You are not obligated to provide the data.
Automated decision-marking:
No automated decision-making or profiling occurs.
Contact form
If you contact us by email or the contact form, the information that you include will be stored for the purposes of processing your enquiry and for possible subsequent questions.
We comply with the principles of data avoidance and data minimization. Therefore, we store your personal data only so long as it is required for the purposes stated here or for the various periods specified by the relevant legislation. On completion of the purpose or on expiration of the periods the applicable information will be routinely blocked or deleted in accordance with the legal regulations.
We use Google Analytics, a web analytics service provided by Google Ireland Limited (https://www.google.com/about/) (Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter referred to as "Google"), on our website. As part of this, pseudonymised user profiles are created and cookies (see the section on "Cookies") are used. The information generated by the cookie about your use of this website, such as your browser 1. browser type/version 2. operating system 3. referrer URL (website previously visited), host 4. name of the accessing computer (IP address) and 5. time of server request, is transmitted to a Google server in the US and stored there. This information is used to evaluate your use of this website, to compile reports on the website activities, and to perform further services linked to website and internet use for market research purposes and to tailor the design of this website. This information may also be sent to third parties if this is legally required or if third parties process this data on behalf of Google. Under no circumstances will your IP address be associated with any other data. IP addresses are anonymised so that it is not possible to assign them to individuals (known as IP masking). You may refuse the use of cookies by selecting the appropriate settings on your browser; however, we would point out that this may result in you not being able to use all the features of this website. These processing operations only take place if express consent is granted in accordance with Article 6 Paragraph 1(a) GDPR. You can also prevent the data generated by the cookie about your use of the website (including your IP address) from being sent to and processed by Google by downloading and installing the available browser add-on: Browser add-on for deactivating Google Analyticss
As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from capturing data by clicking on the following link: Deactivate Google Analytics.. Google Tracking deactivated. This sets an opt-out cookie that prevents the future collection of your data when visiting this website. The opt-out cookie is only valid on this browser and only for our website and is stored on your device. If you erase the cookies stored for this browser, you will need to reset the opt-out cookie. Additional information on data protection with respect to Google Analytics is available on the Google Analytics website in the help section (https://support.google.com/analytics/answer/6004245?hl=en ).
To be able to recognize and evaluate the perception of our products and brand in social media channels, we monitor the publications of users in social media channels regarding the KLS Martin Group and our products. For this purpose, we have commissioned DIGIMIND, a commercial partnership (SA) 6 Place Robert Schumann, 38100 Grenoble (France) as a service provider. Only aggregated information is provided to us. We have entered into an order processing agreement with DIGIMIND (SA). For more information on data processing by DIGIMIND (SA), please visit https://www.digimind.com/data-privacy/. The legal basis for the data processing is Article 6 Paragraph 1 lit. f GDPR. We have a legitimate interest to know about the market position of our brand and products and being able to react promptly to developments.
Our website uses social plugins from the providers listed below. You can recognise these plugins by the fact that they are marked with a corresponding logo.
These plugins may be used to send information, including personal data, to the service provider and may be used by the service provider. We prevent the automatic and inadvertent collection and transfer of data to the service provider through a two-click solution. To activate the chosen social plugin, it must first be activated by clicking on the corresponding button. Only when the plugin is activated will the collection of information and its transmission to the service provider be triggered. We do not collect any personal data ourselves through social plugins or their use.
We have no influence on what data an activated plugin collects and how it is used by the provider. We must currently work on the assumption that a direct connection to the services of the provider will be established and that your IP address and device-related information will be recorded and used at a minimum. It is also possible that service providers may attempt to store cookies on the computer being used. Please see the privacy policy of the respective service provider to find out what data specifically is collected and how it is used.
We have included the social media buttons of the following companies on our website:
Social media buttons are used on the basis of Article 6 Paragraph 1 Sentence 1(f) GDPR. The promotional purpose behind this is deemed a legitimate interest as defined by the GDPR.
To allow us to communicate with you on social networks and inform you about our services, we run our own pages on these social networks. If you visit one of our social media pages, we and the provider of the social media network are joint controllers (Art. 26 GDPR) regarding to the processing operations triggered thereby, which concern personal data.
We are not the original provider of these pages, but only use them within the scope of the options offered to us by the respective providers.
We would therefore like to point out as a precautionary measure that your data may also be processed outside of the European Union or the European Economic Area. Use of these networks may therefore involve data protection risks for you since the protection of your rights may be difficult, e.g. your rights to information, erasure, objection, etc. Processing on social networks frequently takes place directly for advertising purposes or for the analysis of user behaviour by network providers, and we have no control over this. If the provider creates user profiles, cookies are often used or user behaviour may be assigned directly to your own member profile on the respective social network (if you are logged in).
The processing operations of personal data described are carried out in accordance with Article 6 Paragraph 1(f) GDPR on the basis of our legitimate interests and the legitimate interests of the respective provider in order to communicate with you in a timely manner or to inform you about our services. If you have to grant your consent to the respective providers to process your data as a user, the legal basis for this processing is Article 6 Paragraph 1(a) GDPR in conjunction with Article 7 GDPR.
Since we have no access to these providers’ databases, we would like to point out that you would be best placed to exercise your rights (e.g. to information, rectification, erasure, etc.) directly with the respective provider. More information on the processing of your data on social networks and your options for exercising your right to object or your right of revocation (opt out) is listed below for each of the social network providers we use:
(Jointly) Data controller responsible for data processing in Europe:
Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Notice (Data Policy):
https://www.facebook.com/about/privacy
Opt-out and advertising settings:
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
https://facebook.com/about/privacy/
(Jointly) Data controller responsible for data processing in Europe:
Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Notice (Data Policy):
http://instagram.com/legal/privacy/
Opt-out and advertising settings:
https://www.instagram.com/accounts/privacy_and_security/
(Jointly) Data controller responsible for data processing in Europe:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Privacy Notice:
https://www.linkedin.com/legal/privacy-policy
Opt-out and advertising settings:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
YouTube
(Jointly) Controller responsible for data processing in Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy Notice:
https://policies.google.com/privacy
Opt-out and advertising settings:
https://adssettings.google.com/authenticated
(Jointly) Data controller responsible for data processing in Germany:
XING AG, Dammtorstrasse 29–32, 20354 Hamburg, Germany
Privacy Notice:
https://privacy.xing.com/de/datenschutzerklaerung
Requests for information for XING members:
https://www.xing.com/settings/privacy/data/disclosure
General information about cookies
We use cookies on our website. Cookies are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our website.
Information generated from the specific device used is stored in cookies. This does not mean, however, that we will gain immediate knowledge of your identity.
The use of cookies helps us make it more convenient for you to use our website. For example, we use session cookies to detect whether you have already visited individual pages on our website. These are erased automatically when you leave our website.
We also use temporary cookies to optimise user-friendliness. These cookies are stored on your device for a specific period of time. If you return to our website to use our services, cookies allow us to automatically recognise that you have visited our website previously and remember the inputs and settings you have made so that you do not have to enter them again.
We also use cookies to statistically record the use of our website and analyse it for the purpose of optimising our services. These cookies allow us to automatically recognise that you have already visited our website when you visit our website again. These cookies are automatically erased after a defined period of time.
Legal basis for the use of cookies
The data processed by cookies, which are required for the proper functioning of the website, are to safeguard our legitimate interests pursuant to Article 6 Paragraph 1 Sentence 1(f) GDPR.
For all other cookies you have given your consent to this through our opt-in cookie banner in accordance with Article 6 Paragraph 1(a) GDPR.
Payment by credit card
When you pay for services with your card, we collect personal data and transmit these to the network operator.
The network operator and the respective payment service providers responsible for accepting and settling payment transactions (e.g., acquirers) process the data further. This is performed in particular for payment processing, to prevent card misuse, to limit the risk of payment defaults, and for legally prescribed purposes, such as, for example, combating money laundering and criminal prosecution. For these purposes, your data will also be transferred to other responsible parties, such as, for example, your card-issuing bank.
Details on the processing of your personal data can be found below:
Many steps are necessary to ensure that you can pay securely with your card. We therefore cooperate with a network operator and one or more acquirers.
We, the network operator and acquirers, are separately responsible for processing the data within our respective areas of technical influence as follows:
a) We are responsible for the operation of the payment terminal at the cash register and for our internal network up to the secure transmission via the Internet or telephone line to the network operator.
b) Network operator for central network operation, processing, encryption, risk assessment, and further transmission: Stripe, Inc; with its headquarters in the USA. You can find information on the data protection of the provider at: https://stripe.com/de/privacy
c) Acquirer is a payment service provider regulated under the Payment Services Act (ZAG) that accepts and settles payment transactions on behalf of traders. Who the acquirer is depends on what type of card you have used. We hold the contact details of the acquirer and his responsible data protection supervisory authority on your behalf. You can obtain this information on request.
Insofar as Stripe handles acquiring, the contact details already mentioned shall apply.
Card data (data stored on your card):
card number, card type (e.g., VISA, Mastercard, American Express) and expiry date.
Additional payment data:
amount, date, time, ID of the payment terminal (location, company, and branch where you are paying), verification data from your card issuer (“EMC data”), your signature if applicable.
PIN:
your PIN input is cryptographically secured and checked by the card-issuing institution. In this case, the network operator provides cryptographic security and transmission, but does not store the PIN and has no access to the encrypted PIN.
Chargeback:
If you dispute a transaction made with your card: in this case, the purchase receipt and, if necessary, further information about you that the trader intends to use to prove their claim (e.g. name and address) may be passed on to the card-issuing institution
What sources do your data originate from?
The card data are read from your card by the payment terminal. The payment terminal and, if applicable, the trader will directly provide you with further payment details. You enter your PIN yourself and provide your signature.
Purposes and legal basis of the data processing
KLS Martin SE & Co. KG: Verification and execution of your payment to us, Art. 6 (1) (b) GDPR.
Document archiving in accordance with legal requirements, in particular in accordance with Sections 257 (1) No. 4 of the German Commercial Code (HGB), Section 147 (1) No. 4 of the German Fiscal Code (AO) and Article 6 (1) (c) of the GDPR.
Network operator:
Verification and execution of your payment to the trader, Art. 6 (1) (b) GDPR.
Secure transmission of your data, in particular in accordance with the statutory provisions, Sections 25a KWG (German Banking Act), 27 ZAG (German Payment Services Oversight Act) , and the provisions of the credit card organization, Art. 6 (1) (c) and (f) GDPR.
Acquirer:
Verification and execution of your payment to the trader, Art. 6 (1) (b) GDPR.Prevention of card misuse (Section 10 (1) No. 5 GWG (Money Laundering Act ); Art. 6 (1) (c) GDPR
Limitation of the risk of payment defaults, Art. 6 (1) (f) GDPR. Secure transmission of your data, in particular in accordance with the statutory provisions, Sections 25a KWG (German Banking Act), 27 ZAG (German Payment Services Oversight Act) , and the provisions of the credit card organization, Art. 6 (1) (c) and (f) GDPR. Settlement of fees owed by the trader to your card issuer, Art. 6 (1)(f) GDPR. Document archiving, in particular in accordance with Sections 257 (1) No. 4 of the German Commercial Code (HGB), Section 147 (1) No. 4 of the German Fiscal Code (AO); Art. 6 (1) (c) of the GDPR. Debt collection after a chargeback, Art. 6 (1) (f) GDPR
Who receives your data?
In addition to the trader and the network operator, further parties require your data to process payment or to comply with legal requirements. Your data will only be transmitted to this extent to the following parties:the payment card systemyour card-issuing institution and the acquirer's bankthe intermediaries appointed by the credit card organizations to handle the clearing and settlement of paymentslaw enforcement authorities in cases provided for by lawmoney laundering reporting offices in cases provided for by law
Are data transmitted to a third country or to an international organization?
The acquirer forwards your data to the payment card system outside the European Economic Area in accordance with the respective agreed rules (e.g., “Binding Corporate Rules,” “Standard Contractual Clauses”) or for the purpose of fulfilling the contract with the foreign payer in order to authorize and execute your payment. With regard to the processing of your data by the payment card system, please refer to its privacy policy:
a) MasterCard Europe SPRL,
Chaussée de Tervuren 198A,
1410 Waterloo,Belgium, for thep
ayment methods "MasterCard“and "Maestro“,
https://www.mastercard.de/dede/datenschutz.html
b) Visa Europe Services LLC,
registered in Delaware USA,
acting through the
office in London, 1Sheldon Square, London W26TT, United Kingdom,for the
payment methods "Visa“, "Visa Electron“ and "V PAY“
https://www.visa.co.uk/privacy/
c) American Express Payment Services Ltd.,
branch office Frankfurt amMain,
Theodor-Heuss-Allee 112,60486 Frankfurt am Main, for thepayment method “AmericanExpress“;
www.americanexpress.de/datenschutz
d) Diners Club International Ltd.,
2500 Lake Cook Road,
Riverwoods, IL 60016, USA, fort
he payment methods “Diners”, “Diners Club” and “Discover”;
https://www.dinersclub.com/privacy-policy
e) JCB International Co., Ltd,
5-1-22, Minami Aoyama, Minato-Ku,
Tokyo, Japan, for the
payment method "JCB“;
http://www.jcbeurope.eu/privacy/
f) Union Pay International Co., Ltd.,
German Branch, An der Welle 4,
60322 Frankfurt, for the
payment methods "CUP” and
"Union Pay”
http://www.unionpayintl.com/en/aboutUs/companyProfile/contactUs/Europe/Europe2/?currentPath=%2FglobalCard%2Fen%2Fglobal_7%2F10050072
How long will your data be stored?
Stripe stores and processes your data for as long as necessary to fulfill the contract and our contractual and legal obligations. If storage of the data is no longer necessary for the fulfillment of contractual or special legal obligations and the purpose for which they were stored no longer applies, the data will be deleted - unless further processing is required for the following purposes:
Compliance with commercial and tax law, as well as other retention obligations (e.g., retention of accounting-related data for 10 years) Retention of evidence within the scope of statutory limitation provisions
Do I have to provide my data?
You are neither legally or contractually obligated to provide your data. If you do not wish to provide your data, you can use another payment method, e.g. cash payment.
Will my data be used for automated decision-making?
If you wish to use your card for payment, card payment must first be authorized. Authorization is provided automatically using your data. The following considerations may play a role in particular: payment amount, place of payment, previous payment history, trader, purpose of payment. Payment by card is not possible without authorization. This does not affect other payment methods (e.g., other cards or cash).
If you register for a webinar, we process the data you provide in order to fulfill this offer (fulfillment of contract). In return for your participation in webinars, you grant us permission to use your data for the purpose of sending you further information as well as for the purpose of contacting our sales organization (also specialized trade partners) with regard to our offers. Otherwise we will not be able to offer webinars. Of course, you can revoke your permission to use your data at any time if you accept this offer. To do so, please send an email to webucation@klsmartin.com.
Processing for the purpose of conducting the webinar is necessary for the fulfillment of a contract or a pre-contractual measure in accordance with Art. 6 Par. 1 lit. b DS-GVO. Within the framework of private autonomy, you can decide under which conditions you wish to receive the services. The prohibition of tying in accordance with Art. 7 Para. 4 is therefore not relevant.
In order to provide the service, we involve contract processors within the meaning of Art. 4 No. 8 in conjunction with Art. 28 DSGVO. In order to protect your data and, if necessary, to enable us to transfer data to third countries (outside the EU/EEA), we have concluded agreements on order processing on the basis of the standard contractual clauses of the European Commission.
In order to be able to conduct webinars, we must involve external service providers. For this we use:
Zoom Video Communications, Inc., with its headquarters in the USA. You can find information on the data protection of the provider at: https://zoom.us/de-de/privacy.html#_Toc44414846
We also use external service providers for payment processing for seminars with costs. For this we use:
Your registration for the webinar includes consent to use the specified services. We expressly refer to the risks of data transfer to one of the named providers in third countries as follows:
Due to the powers of U.S. intelligence agencies and the legal situation in the United States, governmental surveillance measures of the USA are disproportionate and, from the perspective of the EU, no adequate level of data protection exists for personal data. In particular, section 702 of the U.S. Foreign Intelligence Surveillance Act (FISA) provides no restrictions of surveillance measures of intelligence agencies and no guarantees for non-U.S. citizens. In addition, Presidential Policy Directive 28 (PPD-28) gives data subjects no effective legal remedies against measures of the U.S. authorities and provides no limits for assuring proportionate measures. Moreover, based on the U.S. Cloud Act, American authorities can require a U.S. enterprise to surrender all stored data, even when such data reside on servers within the EU.
If we want to record online seminars, we will inform you transparently and - if necessary - ask for your consent. The fact of the recording will also be displayed in the app.
Recordings of presentations and requests in chats can be made available to all participants as part of the seminar follow-up. An automated decision making process in the sense of Art. 22 DSGVO is not used. The provision of your data is necessary to fulfill the service. Without your data, participation in the webinar is not possible.
With our marManagement communications and knowledge platform, we want to introduce in-depth technical product information on services and service execution to you on marManagement and provide an opportunity to discuss its impact with you. The legal basis for the processing of your data is your consent in the course of registration for the platform pursuant to Art. 6 (1) (a) GDPR; for employees of the KLS Martin group, the legal basis is Art. 6 (1)(b) GDPR in conjunction with § 26 (1) of the German Federal Data Protection Act (BDSG)
For our marManagement communications and knowledge platform we use the online service SharePoint of Microsoft Deutschland GmbH. This is a subsidiary of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. In using the online services of Microsoft, personal data are processed about you and your usage of the service. You can find information on the processing by Microsoft through the following link: https://privacy.microsoft.com/de-de/privacystatement. We have entered into appropriate agreements with Microsoft to protect your privacy. According to the statutory framework applicable to Microsoft, however, it cannot be ruled out that US authorities (such as intelligence agencies) will demand the surrender of data that are processed in Europe and process, analyze and permanently store it for surveillance or other purposes. The decisions of U.S. authorities could have adverse consequences for you. We have no influence over such processing.
For purposes of utilizing the online discussions, your entries will be permanently visible to all registered users of the platform until we convert them to FAQ in anonymized form after two years.
You can withdraw your consent to the use of the platform at any time. To this end, please contact the data protection officer mentioned below. Processing of your data is not compelled either by law or by contract; however, without your consent, you cannot use the portal. No user profiling occurs in terms of Art. 22 GDPR.
Data processing in the context of sending electronic greeting cards
We process your personal data for the purpose of sending greeting cards, especially at Christmas time. The legal basis for this is Article 6 (1) lit. f GDPR (legitimate interest). Our legitimate interest lies in maintaining customer relationships.
Categories of personal data
In the course of this processing activity, we process the following categories of personal data:
Recipients of the data
Your data will be passed to the following recipients:
Storage period
Your data will be deleted as soon as they are no longer required for the stated purposes.
Nature and purpose of processing:
For the purposes of sales contacts, the preparation of offers and the pre-contractual proposal phase, we process personal data such as address and contact data, the product groups that are of interest to you, information on discussions held, your requirements, offers as well as further information that we receive from you. In the case of business customers, we also process information, in particular contact information, with our contact partners.
Legal basis:
When collecting your contact data at, for example, trade fairs or other events, the legal basis for data processing is your consent pursuant to Art. 6 (1) lit. a GDPR in conjunction with Art. 7 GDPR. For this further data processing and the support of interested parties and customers, the legal basis is the (pre-)contractual relationship and is legitimized accordingly pursuant to Art. 6 (1) lit. b GDPR.
Recipient:
Employees for contact with you and the contractual cooperation (including the fulfillment of pre-contractual measures). Where applicable, your data will be passed on to service providers who act as processors for us, e.g. provision of platforms for sales management, support or maintenance of EDP or IT applications and data erasure. All service providers are contractually bound and in particular obliged to treat your data confidentially. Data will only be passed on to recipients outside our company in compliance with the applicable data protection regulations.
Storage period:
We process and store your personal data as long as this is necessary for the fulfillment of our contractual and legal obligations. If the data are no longer required for the fulfillment of contractual or legal obligations, they are erased on a regular basis. Exceptions are given insofar as legal storage obligations must be fulfilled, e.g. the German Commercial Code (HGB) and the German Tax Code (AO). The periods specified there for retention or documentation are generally six to ten years; for the keeping of evidence within the context of the statutory limitation provisions. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years. Others, if applicable.
If data processing is performed in our legitimate interest or that of a third party, the personal data will be deleted as soon as this interest no longer exists. The aforementioned exceptions shall apply in this regard. Third country transfer: your data will only be processed within the European Union and States within the European Economic Area (EEA).
Revocation of consent: you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is performed on the basis of Article 6(1)(f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4 No. 4 GDPR. If you object, we will no longer process your personal data, unless we can demonstrate compelling grounds worth protecting for processing which override your interests, rights and freedoms, or unless processing is for the establishment, exercise or defense of legal claims.
Within the framework of the promotion campaigns, personal data is collected and processed in order to fulfill the respective conditions of the promotion program. These data are, for example, details of your company, your contact details, details of orders and serial numbers of products already delivered. The legal basis is the fulfillment of the contract concluded with you in accordance with Art. 6 para. 1 lit. b DS-GVO. The collected or processed data will only be used for the fulfillment of the program and will not be disclosed to unauthorized third parties. In the case of programs for discounting additional purchases, your data will be passed on to our order processing department, please refer to the notes in the section "Processing of customer and supplier data". If these discount promotions are run by a third party, such as the supplier or manufacturer of the item, your data may be shared with them. For cash-back or trade-in programs, the required information is provided to payment service providers. For gift or demo programs, we share address information with logistics service providers. We use The "Microsoft Forms" service for registration, please see our notice in the relevant section of this privacy information.
Without the information provided by you, participation in the promotional campaign is not possible.
Nature and purpose of processing:
We process the personal data of our customers and suppliers as well as the individual contact persons at our customers/suppliers for the processing of customer orders and within the scope of procurement processes. In doing so, we store the data in our ERP system and use them in all processes relating to performance fulfillment or procurement. Furthermore, we use the data to actively address customer relationships and to support suppliers, which includes an internal supplier evaluation.
Legal basis:
For the fulfillment of contractual obligations (Art. 6 (1) Letter b GDPR). The processing of data is performed for the execution of our contract due to legal requirements (Art. 6 (1) Letter c GDPR). We are subject to various legal obligations which entail data processing. For example, this includes:
Furthermore, the disclosure of personal data may become necessary in the context of official/court measures for the purpose of gathering evidence, criminal prosecution or the enforcement of civil claims. In the context of balancing interests (Art. 6 (1) f GDPR). To the extent necessary, we process your data beyond the actual fulfillment of the contract to protect our legitimate interests or those of third parties. Examples for such cases include:
Recipient:
Employees for contact with you and the contractual cooperation (including the fulfillment of pre-contractual measures). Where applicable, your data will be passed on to service providers who act as processors for us, e.g. provision of support or maintenance of EDP or IT applications and data erasure. All service providers are contractually bound and in particular obliged to treat your data confidentially. Data will only be passed on to recipients outside our company in compliance with the applicable data protection regulations. For example, the recipients of personal data may include:
Storage period:
We process and store your personal data as long as this is necessary for the fulfillment of our contractual and legal obligations. If the data are no longer required for the fulfillment of contractual or legal obligations, they are erased on a regular basis. Exceptions are given insofar as legal storage obligations must be fulfilled, e.g. the German Commercial Code (HGB) and the German Tax Code (AO). The periods specified there for retention or documentation are generally six to ten years; for the keeping of evidence within the context of the statutory limitation provisions. According to Sections 195 et seq. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is 3 years.
Others, if applicable. If data processing is performed in our legitimate interest or that of a third party, the personal data will be deleted as soon as this interest no longer exists. The aforementioned exceptions shall apply in this regard.
Third country transfer: your data will only be processed within the European Union and States within the European Economic Area (EEA).
Revocation of consent: you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is performed on the basis of Article 6(1)(f) GDPR (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Article 4 No. 4 GDPR. If you object, we will no longer process your personal data, unless we can demonstrate compelling grounds worth protecting for processing which override your interests, rights and freedoms, or unless processing is for the establishment, exercise or defense of legal claims.
Nature and purpose of processing:
To directly contact suitable applicants, we collect data that is published by potential applicants on platforms such as LinkedIn. We collect and process the personal data of applicants for the purpose of handling the application process. Processing may also be conducted electronically. The applies in particular if an applicant submits relevant application documents by electronic means, for example by e-mail or via a web form on the Internet website, to the person responsible for processing. As part of the application process via LinkedIn, answers to suitability questions are also collected in order to assess the applicant's qualifications
Legal basis:
Data are processed for the purpose of preparing an employment contract with the applicant. The legal basis for data processing is the implementation of pre-contractual measures to which the data subject is party (Art. 6 (1) (b) GDPR). With regard to the search for suitable candidates using active sourcing via platforms, Article 6 (1) (f) GDPR can be invoked; our legitimate interest lies in making potential candidates aware of vacancies at our company.
Recipient:
The recipients of your information are HR employees who will contact you and handle the contractual arrangements for cooperation (including the fulfillment of pre-contractual measures), as well as the managers involved in the decision-making process and, in the case of job information via LinkedIn, Facebook, and Instagram, employees in the marketing department. Where applicable, your data may be passed on to service providers who act as processors on our behalf, e.g. for the support or maintenance of IT applications and data destruction. All service providers are contractually bound and in particular obliged to treat your data confidentially. Data will only be passed on to recipients outside our company in compliance with the applicable data protection regulations.
We also post job vacancies on LinkedIn, Meta, Inc. on Facebook, and Instagram. Information that you enter in the lead forms is processed by the platform operator, LinkedIn or Meta, Inc.
Storage period:
In the event that we enter into an employment contract with you as an applicant, the data you provide for the purpose of conducting the employment relationship will be stored in compliance with the statutory provisions. If we do not conclude an employment contract with you as an applicant, your application documents will automatically be deleted six months after notification of the rejection decision, provided that no other legitimate interests of the person responsible for processing prevent deletion. Other legitimate interests in this sense include, for example, burden of proof in proceedings under the General Equal Treatment Act (AGG).
Third country transfer:
Your data will only be processed within the European Union and States within the European Economic Area (EEA). Insofar as you fill out lead forms on Instagram or Facebook, Meta, Inc. will transfer data to a third country. Please take note of our information in the section “Our activities on social networks”.
Provision mandatory or required:
As part of the application process, you must provide the personal data that are necessary for initiating, executing, and terminating the contractual relationship and for fulfilling the associated contractual obligations, or that we are legally obligated to collect. Without these data, we will generally not be able to consider you appropriately in the decision-making process for filling the position.
We store and process information about you in the course of selecting suppliers or service providers. As part of supplier review and evaluation, we may obtain and also store further information – such as from credit agencies – for this purpose. In addition to your master data, we also process order-specific information for purposes of order fulfillment. In the case of business contacts, we also process information – particularly contact information – on our contact persons. Support systems (IT environment, CRM/ERP systems, financial accounting) may be used during the processing of information.
Microsoft Forms
We use the "Microsoft Forms" service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA to create surveys, polls and quizzes.
Microsoft Forms is a web-based application for creating surveys, quizzes and polls. The created forms can be shared via links or embeds on a web page to collect feedback from an audience or to conduct polls. The results of the surveys are collected automatically and can be viewed and analyzed in real time.
When using Microsoft Forms, various personal information may be collected, including:
The retention period for personal data is based on the respective statutory retention period.
Participation in the surveys, polls or quizzes is voluntary. The legal basis for the processing of personal data is your voluntarily given consent according to Art. 6 para. 1 lit. a) DS-GVO. You can revoke this at any time with effect for the future.
This US company is certified under the EU-US Data Privacy Framework. There is hereby an adequacy decision pursuant to Art. 45 DS-GVO, so that a transfer of personal data may also take place without further guarantees or additional measures.
You can find more information about the Microsoft Forms service and the privacy policy at: https://privacy.microsoft.com/de-de/.
Microsoft Teams
We use the "Microsoft Teams" tool ("MS Teams") to conduct our communications, both in written form (chat) and in the form of telephone conferences, online meetings and video conferences. The operating company of the service is Microsoft Ireland Operations ("Microsoft"), Ltd, 70 Sir John Rogerson's Quay, Dublin, Ireland. Microsoft Ireland Operations, Ltd. is part of the Microsoft group of companies located at One Microsoft Way, Redmond, Washington, USA.
When using MS Teams, the following personal data is processed:
To enable the display of video and playback of audio, data is processed from your endpoint device microphone and from an endpoint device video camera for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time through the "Microsoft Teams" applications.
If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a) DS-GVO. In the context of an employee relationship, corresponding data processing takes place on the basis of Section 26 BDSG. The legal basis for the use of "MS Teams" in the context of contractual relationships is Art. 6 para. 1 lit. b) DS-GVO. In all other cases, the legal basis for processing your personal data is Art. 6 para. 1 lit. f) DS-GVO. Here, our interest is in the effective conduct of online meetings.
If we record online meetings, we will inform you of this before we start and, where necessary, ask you to consent to the recording. If you do not wish to do so, you may leave the online meeting.
As a cloud-based service, "MS Teams" processes the aforementioned data as part of providing the service. To the extent that "MS-Teams" processes personal data in connection with Microsoft's legitimate business operations, Microsoft is an independent data controller for such use and, as such, is responsible for compliance with applicable laws and obligations of a data controller. To the extent you access the MS Teams website, Microsoft is the data controller. Accessing the website is necessary to download the MS-Teams software.
If you do not want to or cannot download the software, the service can be provided through your browser and, to that extent, through Microsoft's website.
This US company is certified under the EU-US Data Privacy Framework. There is hereby an adequacy decision pursuant to Art. 45 DS-GVO, so that a transfer of personal data may also take place without further guarantees or additional measures.
Detailed information on the subject of data protection at Microsoft, in connection with "MS Teams", can be found at: https://docs.microsoft.com/de-de/microsoftteams/teams-privacy.
You have the right to receive disclosure of your personal information that we hold at any time. You also have the right to correct, block or delete your personal information, subject to the data storage requirements specified for processing transactions. Please contact our privacy officer if you want more information. See below for the contact details.
In order to implement a blockage of data at any time the data must be retained in a blocked file for control purposes. You can also request your information to be deleted, unless there is a legal requirement for archiving it. If this applies to the data in question, we will block it on request.
You can make changes or withdraw an approval with effect into the future by informing us.
You can contact the competent supervisory authority at any time with a complaint. Your competent supervisory authority is based on the federal state of your domicile, your place of work or the place of the alleged infringement. You will find a list of supervisory authorities (for the private sector) with addresses at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
We reserve the right to amend this privacy statement at times to ensure that it always corresponds to the current legal requirements or to implement changes to our services, e.g. the introduction of new services. The new privacy statement will apply next time you visit our web site.
If you have any questions regarding information privacy, please write to us by email or contact our privacy officer directly:
Contact information:
DatenschutzBeauftragter@klsmartin.com, Tel.: +49 173 7632962, KLS Martin Platz 1, 78532 Tuttlingen
Installation instructions for web apps