Privacy Policy Walter Kraus GmbH

Privacy Policy

1. Introduction

With the following information we would like to give you as an “affected person” an overview of the processing of your personal data by us and your rights under the Data Protection Law. A use of our internet pages is basically possible without the input of personal data. However, if you wish to use special services of our company through our website, it may be necessary to process your personal data. If the processing of personal data is required and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address or e-mail address, always takes place in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to “Walter Kraus GmbH”. By means of this privacy policy we would like to inform you about the scope and purpose of the personal data collected, used and processed by us.

We have implemented many technical and organizational measures as responsible Company in order to ensure the most complete protection possible for personal data processed through this website. Nevertheless, Internet-based data transmissions can generally have security holes, so that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us in alternative ways, such as by phone or by post.

2. Responsibilities

Responsible within the meaning of the GDPR is the:

Walter Kraus GmbH
Aindlinger Straße 13, 86167 Augsburg, Germany

Telephone: +49 (0)821 796090
Fax: +49 (0)821 7960926
E-Mail:

Head of the responsible office: Mr. Markus Kraus

3. Data Protection Officer

The data protection officer can be reached as follows:

Stephan Weiss

Telephone:
Fax: 08231 30 18 864
E-Mail:

If you have any questions or suggestions regarding data protection, you can contact our data protection officer at any time.

4. Definitions

The privacy statement is based on the terminology used by the European Union‘s legislature in the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain in advance the terminology used.

We use the following terms in this privacy policy, including but not limited to:

  1. Personal data
    Personal data is any information that relates to an identified or identifiable natural person. A natural person well be considered as identifiable – either direct or indirect – in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, which does express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.
  2. Affected person
    Affected person is any identified or identifiable natural person whose personal data is processed by the repsonsible personsof our company.
  3. Processing
    Processing means performing any process related to personal data with or without automated processing related to personal data, such as collecting, organizing, storing, adapting or modifying, selecting, querying and using the data, with or without the aid of automated procedures as well as disclosure by submission, distribution or any other form of provision, reconciliation or association, restriction, deletion or destruction.
  4. Restriction of processing
    Restriction of the processing is the marking of filed personal data with the aim to limit its future processing.
  5. Profiling
    Profiling is any kind of automated processing of personal data that serves to use personal information and to evaluate certain personal aspects relating to a natural person, particularly focusing on the analysis and prediction of aspects related to job performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or relocation of that natural person.
  6. Pseudonymization
    Pseudonymisation is the processing of personal data in a way that personal data can no longer be attributed to a person´s specific data without using additional information, as long as such additional information is kept separatly and subjected to technical and organizational measures ensuring that the personal data can not be assigned to an identified or identifiable natural person.
  7. Processors
    The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the person responsible.
  8. Recipient
    Recipient is a natural or legal person, public authority, agency, company or other entity to whom Personal Data is disclosed, no matter if it is a third party or not. However, public authorities which may receive personal data under EU or national law as part of a particular inquiry on this are not considered receivers.
  9. Third Party
    A third party is a natural or legal person, public authority, agency, company or body other than the affected person, the controller, the data processor or the persons authorized under the direct responsibility of the controller or the data processor to process the personal data.
  10. Consent
    A consent is any voluntarily given and unambiguously expressed act by the affected person in the form of a statement or other unambiguous confirmation on the particular case, by which the affected person indicates that he/she consents and accepts the processing of the concerned personal data.

5. Legal basis of processing

Art. 6 para. 1 lit. A GDPR serves our company as the legal basis for processing operations where we obtain consent for a particular processing purpose.

If the processing of personal data is necessary to fulfill a contract of which you are a party (e.g. in processing operations necessary for the supply of goods or the provision of any other service or consideration), the processing is based on Art. 6 para. 1 lit. b GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries regarding our products or services.

If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Art. 6 para. 1 lit. c GDPR.

In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and his or her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. Then processing would be based on Art. 6 para. 1 lit. d GDPR.

Finally processing operations can be based on Art. 6 para. 1 lit. f GDPR. On this legal basis, Data will be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’). The processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the person prevail. Such processing operations are particularly allowed to us since they have been specifically mentioned by the European legislator. In that regard, a legitimate interest may be assumed, if you are a customer of our company (Recital 47, second sentence, GDPR).

6. Technology

6.1 SSL / TLS encryption

This Web site uses an SSL or TLS encryption to ensure the security of the data processing and to protect the transmission of confidential content, such as orders, login details or contact requests that you send to us as the operator or user. An encrypted connection can be recognized by the fact that the address bar of the browser contains an “https: //” instead of an “http: //” and the lock symbol in your browser bar.

If SSL or TLS encryption is enabled, the data you submit to us can not be read by third parties.

6.2 Data collection when visiting the website

In the case of the merely informative use of our website, if you do not register or otherwise provide us with information, we will only generate data that your browser transmits to our server (in so-called “server log files”). Our website collects a series of general data and information each time a page is accessed by you or an automated system. This general data and information is stored in the log files of the server. Recorded can be:

  1. used browser types and versions,
  2. the operating system used by the accessing system,
  3. the website from which a system accesses our website (so-called referrers),
  4. the sub-web pages, which are accessed from an accessing system on our website,
  5. the date and time of access to the website,
  6. an internet protocol address (IP address),
  7. The Internet service provider of the accessing system.

When using this general data and information, we draw no conclusions about your person. Rather, this information is needed

  1. to deliver the contents of our website correctly,
  2. to optimize the content of our website as well as to optimize the advertising for it,
  3. to ensure the long-term functionality of our IT systems and the technology of our website,
  4. to provide law enforcement with information necessary for prosecution in the event of a cyberattack.

This collected data and information is therefore on the one hand statistically evaluated by us and furthermore aims to increase data protection and data security in our company in order to ensure an optimum level of protection for the personal data we process. The data of the server log files are stored separately from all personal data provided by an affected person.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest is shown in the data collection purposes listed above.

7. Cookies

7.1 General information about cookies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not harm your device, do not contain viruses, Trojans or other malicious software.

In the cookie information is stored, which results from the connection with the specific terminal used. However, this does not mean that we are immediately aware of your identity.

The usage of cookies targets to improve our web based offer for you. For example, we use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after leaving our page.

In addition, to improve usability, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our site again using our services, it will automatically recognize that you have already visited us and which particular inputs and settings you have made, so you do not have to re-enter them.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer. These cookies allow us to automatically recognize when you visit our site again that you have already been with us. These cookies are automatically deleted after a defined time.

The data processed by cookies is required for the purposes mentioned in order to safeguard our legitimate interests as well as third parties according to Art. 6 para. 1 sentence 1 lit. f GDPR.

Most browsers accept cookies automatically. However, you can configure your browser in the way that no cookies are stored on your computer or alternatively a hint appears any time before a new cookie is created. However, disabling cookies completely may limit your ability to use the features on our website.

7.2 Legislative basis for use of cookies

The data processed by cookies, which are required for the proper function of the website, are to protect our legitimate interests and those of third parties in accordance with Art. 6 Para. 1 S. 1 lit. f GDPR.

For all other cookies, you can use our opt-in cookie banner to consent to this within the meaning of Art. 6 Para. 1 lit. a GDPR.

8. Contents of our Website

8.1 Contact / Contact form

When contacting us (for example via contact form or e-mail), personal data is collected. The data collected throughout your Inputs is stated on the respective contact form. These data is stored and used solely for the purpose of answering your request or for establishing the contact and is stored and used for the associated technical administration. The legal basis for processing the data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aiming to conclude a contract with us, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted from our Web services after the processing of your request is finalized and as long as there is no legal obligation to keep the data.

9. Web analytics

9.1 Google Analytics

Our websites use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.de/intl/de/about/) (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Irland; hereinafter “Google”). In this context, pseudonymised user profiles are created and cookies (see point 4) are used. The information about your use of this website generated by the cookie such as:

  1. Browser type / version,
  2. the used operating system,
  3. Referrer URL (the previously visited page),
  4. Host name of the accessing computer (IP address),
  5. time of server request,

is transmitted to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purpose of market research and tailor-made website design. This information may also be transferred to third parties if required by law or if third parties process this data in the order. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymized, so that an assignment is not possible (IP masking).

You can prevent the installation of cookies by setting the browser software accordingly; however, we point out that in this case not all features of this website may be fully exploited.

You have given your consent to this within the meaning of Art. 6 para. 1 lit. A GDPR via our opt-in cookie banner.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data from Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent detection by Google Analytics by clicking on the following link: Deactivate Google Analytics. An opt-out cookie, that will prevent the future collection of your data when visiting this website, will be set. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

For more information about privacy related to Google Analytics, see the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=en).

9.2 Matomo

We have integrated the component Matomo on this website. Matomo is an open source software tool for web analysis. Web analysis is the recording, collection and analysis of data about the behavior of visitors to websites. Among other things, a web analysis tool collects data about the webseite, from which an affected person accessed our website (so-called referrer), which subpages of the website were accessed or how often and for which length of stay a subpage was viewed. A web analysis is mainly used to optimize the website and make a cost-benefit analysis of the Internet advertising service.

The software is operated on the server of the controller, the data protection sensitive log files are stored exclusively on this server.

The purpose of the Matomo component is to analyze visitor flows on our website. Among other things, we use the data and information obtained to evaluate the use of this website and to create online reports that show the activities on our websites.

Matomo sets a cookie on your IT system. By setting the cookie, we are enabled to analyze the use of our website. Each time you visit one of the pages on this website, the Internet browser on your IT system will automatically cause the Matomo component to submit data to our server for online analysis. In the course of this technical process, we gain knowledge of personal data, such as the IP address of the person concerned, which among other things serves to help us understanding the origin of visitors and clicks.

The cookie stores personally identifiable information, such as access time, the location from which access was made, and the frequency of visits to our website. Each time you visit our website, this personal information, including the IP address of the Internet connection you use, is transmitted to our server. These personal data are stored by us. We do not share this personal information with third parties.

You can prevent the setting of cookies through our website at any time by means of an appropriate setting of the Internet browser and thus permanently contradict the setting of cookies. Such a setting of the Internet browser used would also prevent Matomo from setting a cookie on your IT system. In addition, a cookie already set by Matomo can be deleted at any time via the Internet browser or other software programs.

Furthermore, you can decline the detection of the data generated by Matomo and related with the use of this website data. To do so, you must set an opt-out cookie. If your IT system is later deleted, formatted, or reinstalled, you must re-opt-out this cookie. By setting the opt-out cookie, however, our internet pages might be no longer fully usable to you.

You have given your consent to this within the meaning of Art. 6 para. 1 lit. a GDPR via our opt-in cookie banner.

Further information and Matomo’s applicable privacy policy can be found at https://matomo.org/privacy/.

Revocation of data collection by Matomo

Deactivate Matomo Analytics

10. Plugins and other services

10.1 Google Maps

On our website, we use Google Maps (API) from Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive (land) maps to visually display geographic information. By using this service you can, for example, see our location and make it easier to get there.

When you visit any of the subpages where the Google Maps map is incorporated, information about your use of our website (such as your IP address) is transmitted to Google’s servers in the United States and stored there. This is done regardless of whether Google provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not want to associate with your profile on Google, you’ll need to log out of your Google Account. Google stores your data (even for non-logged-in users) as usage profiles and evaluates them. According to Art. 6 para. 1 lit. f GDPR, such an evaluation is based on the legitimate interests of Google in the display of personalized advertising, market research and / or customized design of its website. You have the right to object to the generation of user profiles. On that account you will have to address it to Google directly.

US-based Google LLC is certified under the US Privacy Shield, which ensures compliance with the level of data protection in the EU.

If you disagree with the future transmission of your data to Google when using Google Maps, you can also disable the Google Maps web service completely by turning off the JavaScript application in your browser. Google Maps and the map display on this website might then not be usable anyore.

You have given our consent to this within the meaning of Art. 6 para. 1 lit. a GDPR via our opt-in cookie banner.

Google’s Terms of Use can be viewed at https://www.google.com/intl/en/policies/terms/regional.html and the additional Google Maps terms of service can be found at https://www.google.com/intl/en_US/help/terms_maps.html

For details on privacy related to the use of Google Maps, please visit the Google Privacy Policy: https://www.google.com/intl/en/policies/privacy/

10.2 Vimeo (Videos)

Plugins from the Vimeo video portal from Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA are integrated into our website. When you visit a page on our website that contains such a plugin, your browser establishes a direct connection to Vimeo’s servers. Vimeo transmits the content of the plugin directly to your browser and integrates it into the page. Through this integration, Vimeo receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Vimeo account or are not currently logged in to Vimeo. This information (including your IP address) is sent directly from your browser to a Vimeo server in the USA and stored there.

If you are logged in to Vimeo, Vimeo can immediately assign your visit to our website to your Vimeo account. If you interact with the plugins (such as pressing the start button of a video), this information is also transmitted directly to a Vimeo server and stored there.

The data processing operations described are carried out in accordance with Art. 6 Para. 1 lit. f GDPR based on Vimeo’s legitimate interest in market research and the needs-based design of the service.

If you do not want Vimeo to assign the data collected via our website directly to your Vimeo account, you must log out of Vimeo before visiting our website.

The purpose and scope of the data collection and the further processing and use of the data by Vimeo as well as your related rights and setting options to protect your privacy can be found in Vimeo’s data protection information: https://vimeo.com/privacy

The tracking tool Google Analytics is automatically integrated into videos from Vimeo that are integrated on our site. This is Vimeo’s own tracking, to which we have no access and which cannot be influenced by our side. Google Analytics uses so-called “cookies” for tracking, these are text files that are stored on your computer and enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

These processing operations are only carried out when express consent is given in accordance with Art. 6 Para. 1 lit. a GDPR.

11. Social Media activities

To communicate with our customers via social networks and provide information about our services, we are represented there with our own pages. If you visit one of our social media pages, we are jointly responsible with the provider of the respective social media platform within the meaning of Art. 26 GDPR with regard to the processing operations triggered by this, which concern personal data.

We are not the original provider of these pages, but only use them within the scope of the possibilities offered by the respective provider.

Therefore, we would like to point out as a precaution that your data may also be processed outside of the European Union or the European Economic Area. Use can therefore have data protection risks for you, since the protection of your rights e.g. information, deletion, objection, etc. can be more difficult and the processing in the social networks often takes place directly for advertising purposes or for the analysis of user behavior by the provider without this being influenced by us. If usage profiles are created by the provider, cookies are often used or the usage behavior is assigned directly to your own member profile of the social networks (provided you are logged in here).

The described processing operations of personal data are carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider in order to be able to communicate with you in a contemporary manner or to inform you about our services. If you have to give your consent to data processing as a user with the respective provider, the legal basis refers to Art. 6 Para. 1 lit. a GDPR in conjunction with Art. 7 GDPR.

Since we have no access to the data stocks of the providers, we would like to point out that it is best to apply your rights (e.g. to information, correction, deletion, etc.) directly to the respective provider. Further information on the processing of your data in the social networks and the possibility of making use of your right of objection or revocation (so-called opt-out) is listed below for the respective social network provider we use:

11.1 LinkedIn

Responsible for data processing in Europe:

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Data protection Documents:

https://www.linkedin.com/legal/privacy-policy

Opt-out and advertising settings:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

12. Your rights as an affected person

12.1 Right to confirm

You have the right to ask us for confirmation of your personal data being processed.

12.2 Right to information Art. 15 DS-BER

You have the right at any time to receive free information from us about the personal data stored about you and to receive a copy of this data.

12.3 Right to correction Art. 16 DS-BER

You have the right to demand the correction of incorrect personal data concerning your records. Furthermore, the affected person has the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

12.4 Deletion Art. 17 GDPR

You have the right to demand that the personal data concerning you is being deleted without delays, if applicable by law and processing is not required.

12.5 Restriction of processing Art. 18 GDPR

You have the right to demand that we restrict processing, if there are no other legal requirements valid in case.

12.6 Data transferability Art. 20 GDPR

You have the right to receive your personal data record provided to us in a structured, common and machine-readable format.

You also have the right to transfer this data to another responsible entity without impediment by us (if we have been provided with the personal data from your side), if the processing is based on the consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and the processing is carried out by automated processes, unless the processing is not or no more necessary for the performance of a task in the public interest or in the exercise of official authority which has been entrusted to us.

In addition, when exercising your right to data portability under Article 20 (1) of the GDPR, you have the right to obtain that your personal data will be transmitted directly from one controller to another, where technically feasible and as long as the liberties of any others are not affected.

12.7 Contradiction Art. 21 GDPR

For reasons arising from your particular situation, you have the right to contradict against the processing of personal data related to you, which have been pursued due to Art. 6 para. 1 lit. e (data processing in the public interest) or f (data processing based on a balance of interests) GDPR at any time.

This also applies to a profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.

If you refuse the processing, we will no longer process your personal information unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves the asserting, exercising or defending legal claims.

In addition, you have the right, for reasons arising from your particular situation, to refuse to the processing of personal data concerning for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) of the GDPR unless such processing is necessary to fulfill a public interest task.

Feel free, in the context of using any services of information societies, not withstanding Directive 2002/58 / EC, to exercise your right of refusal through automated procedures where technical specifications are used.

12.8 Revocation of a data protection consent

You have the right to withdraw your consent to the processing of personal data at any time with future effect.

12.9 Complaint to a regulatory authority

You have the right to complain to the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 27 in 91522 Ansbach (www.lda.bayern.de) about our processing of personal data.

13. Routine storage, deletion and blocking of personal data

We process and store your personal data only for the period required to achieve the purpose of the storage or as provided by the legislation and laws to which our company is subject.

If the purpose of the storage is omitted or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

14. Duration of storage of personal data

The criteria for the duration of the storage of personal data is the respective statutory retention period. After the deadline is passed, the corresponding data will be routinely deleted, if the data is no longer required to fulfill the contract or to initiate a contract.

15. Updating and changing the privacy policy

This privacy policy is currently valid and is valid as of September 2018.

Due to the further development of our websites and offers or due to changed legal or official requirements, it may be necessary to change this privacy policy. You can always retrieve and print out the current data protection declaration on the website under https://www.kraus.de/en/data-protection/