Data Protection Declaration

I .        Name and address of the Data Controller

The Data Controller within the meaning of the General Data Protection Regulation and other national data protection laws of the EU Member States as well as other data protection regulations is:

accu-industrie-bedarf KUNSTMANN GmbH

Zur Lohmühle 5

86874 Tussenhausen

Tel:  +49 (0)8268 9099-0                                                                                           

E-mail: info@aib-kunstmann.de

Website: www.aib-kunstmann.de

 

II .      Name and address of the Data Protection Officer

The Data Controller’s Data Protection Officer is:

Solvation GmbH
Telephone: 07071 – 568 1- 900
DSB.Kunstmann@solvation-gmbh.de

III .    General information on data processing

1.        What is personal data?

Personal data refers to any individual information concerning the personal or material circumstances of an identified or identifiable individual person. This includes, for example, your civil name, your address, your telephone number or your date of birth. Generally, you can use our website without providing any personal data. Where personal data (such as your name, address or email address) is collected on our website, this will always be done on a voluntary basis as far as possible.

2.        Scope of personal data processing

We collect and process our users’ personal data only insofar as this is necessary for the provision of an operational site and of our content and services. The processing of our users’ personal data is only carried out periodically with the user’s consent. An exception applies in those cases where prior consent cannot be obtained for legal or circumstantial reasons and the processing of the data is permitted by law.

3.        Legal basis for the processing of personal data

Whenever we obtain the consent of the Data Subject to the processing of his or her personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the requisite legal basis.

Where the processing of personal data is necessary in order to perform a contract to which the Data Subject is a party, Art. 6 para. 1 lit. b DSGVO serves as the requisite legal basis. This also applies to processing operations that are necessary for the performance of precontractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c DSGVO serves as the requisite legal basis.

In the event that the vital interests of the Data Subject or of another natural person require the processing of personal data, Art. 6 para. 1 lit. d DSGVO as the requisite legal basis.

If processing is necessary to safeguard the legitimate interests of our company or of a third party, and if the interests, fundamental rights and freedoms of the Data Subject do not prevail over the interests previously mentioned, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

4.        Data deletion and duration of data storage

The personal data of a Data Subject will be deleted or blocked as soon as the purpose for the storage of the data ceases to exist. Furthermore, data may be stored if this has been stipulated by the European or national legislation in EU regulations, laws or other provisions to which the Data Controller is subject. Blocking or erasing of data will also be carried out if a storage deadline prescribed by the above-mentioned legal norms expires, unless storage of the data is a necessity for concluding or performing a contract.

5.        SSL encryption

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the enquiries you send to us as the site operator. You can recognise an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and by the lock icon in your browser line.
If SSL encryption is activated, the data which you transfer to us cannot be read by third parties.

6.        Webhoster

This website is hosted by a German web host, DomainFactory GmbH. The web host also has to comply with the GDPR and all other data protection laws or regulations in member states of the EU with regard to data protection. The operator of this website has also concluded an order processing contract with the web host. This is a contract in which the web host undertakes to protect the transmitted data, to process it in accordance with the data protection provisions on behalf of the operator of this website  and in particular not to pass it on to third parties. Further information on data processing by the web host can be found at: https://www.df.eu/de/support/df-faq/service-infos/datensicherheit/

IV .   Provision of the website and creation of log files

1.        Description and scope of data processing

When accessing our website, no data or information are collected automatically by the computer system of the calling computer.

V .     Use of cookies

1.        Description and scope of data processing

Our website uses cookies. Cookies are text files that are either stored in the Internet browser itself or are stored on the user’s computer system by the Internet browser.
This cookie contains a distinctive character string that enables unique identification of the browser when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the requesting browser can be identified even after changing pages.

The data is not stored together with users’ other personal data.

When accessing our website, users are informed by an information banner on the use of cookies for analytical purposes and referred to this data protection declaration. A note is also included in this context explaining how the user can disable the storage of cookies in the browser settings.

2.        Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f DSGVO.

3.        Purpose of data processing

The purpose of using cookies is to simplify use of websites for users. Some features of our website will not be available without the use of cookies. In this case, it is necessary for the browser to be recognised even after the page is changed.

The user data collected by cookies will not be used to create user profiles.

4.        Duration of storage, objection and removal options

Cookies are stored on the user’s computer. Therefore, as a user you have full control of the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all of the website’s features.

VI .   Registration

1.        Description and scope of data processing

On our website, we offer users the option of registering by entering personal data. This data is entered into an input form and then transmitted to us and stored. This data will not be transferred to third parties. The following data is collected during the registration process:

Name, first name, address, company, position, telephone number, email address

The user’s consent to processing this data is obtained during the registration process.

2.        Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 (a) GDPR, provided the user has given his consent.

If registration serves to fulfil a contract to which the user is a party or to implement pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 para. 1 (b) GDPR.

3.        Purpose of data processing

On registration, the respective user is given access to our Trog database or to our Kunstmann-Easy. Both tools are used to search online and to configure application-specific hardware for both traction and stationary applications.

Registration is necessary because the relevant online calculations are carried out depending on the customer’s specifications and are not used to conclude a contract.

4.        Duration of storage

The user has the option of revoking his or her consent to the processing of personal data at any time. In such a case, the accesses described above can not be used after deletion.

5.        Objection and removal options

As an administrator, it is always possible to delete the respective contact person / user on request.

VII . Contact form and e-mail contact

1.        Description and scope of data processing

Our website features a contact form, which you can use to get in touch with us online. If a user makes use of this option, the data entered in the input screen will be transmitted to us and stored.

During the transmission process, your consent is obtained for processing data and reference is made to this data protection declaration.

Alternatively, you can contact us via the e-mail addresses provided. In this case, the user’s personal data that is transmitted together with the email will be stored.

This data will not be disclosed to third parties in this context. The data is used exclusively for processing the conversation.

2.        Legal basis for data processing

The legal basis for the processing of data is Art. 6 para. 1 (a) GDPR, provided the user has given his consent.

The legal basis for processing the data transferred in the course of sending an email is Article 6 paragraph 1 lit. f DSGVO. If the e-mail contact intends to conclude a contract, then additional legal basis for the processing is Art. 6 exp. 1 lit. b DSGVO.

3.        Purpose of data processing

The processing of personal data from the input filter is only used by us to handle the contact event. In the case of contact via e-mail, this also includes a necessary legitimate interest in processing the data concerned.

The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our computer systems.

4.        Duration of storage

Data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For personal data from the input filter of the contact form and personal data sent by e-mail, this will be the case once the respective conversation with the user has ended. The conversation will have ended when it is evident from the circumstances that the matter at hand has been conclusively resolved.

5.        Objection and removal options

The user has the option of revoking his or her consent to the processing of personal data, at any time. A user who has contacted us by e-mail can object at any time to the storage of his or her personal data. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted as a result.

VIII .        Analytics and third-party tools

1.        Social Media Share  Buttons

We offer you the ability to use social media buttons on our website. To protect your data, that is, to prevent data from being transferred to service providers in the USA without the user’s knowledge, we implement the “Shariff” solution. As a result, social media buttons are integrated into the website in the form of a graphic only. This contains a link to the corresponding website of the button provider. By clicking on the image, you will therefore be forwarded to the services of the provider. Only after you have been forwarded, will your data will be sent to the respective provider. If you do not click on the graphic, there will be no exchange between you and the providers of the social media buttons.

More information about the Shariff solution can be found here:http://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

If you have been forwarded to the provider of the respective social media service after clicking on the graphic, the provider receives the information that you have accessed the corresponding subpage on our website. You do not need to have an account with the provider or be logged in there. If you are logged in to Google, your information will be associated with your account directly.

If you do not want to associate your profile with the provider of the social media service, you must log out before clicking on one of the social media buttons.

As a website operator, we have no influence on whether and to what extent the service providers collect personal data. Nor are we aware of the scope, purpose and retention period of any such data collection. It must be assumed that at least the IP address and device-related information will be collected and used. It is also possible that the service providers will use cookies.

We have included social media buttons from the following companies on our site:

Facebook Inc. (1601 S. California Ave – Palo Alto – CA 94304 – United States)
LinkedIn Ireland Unlimited Company (LinkedIn Ireland Unlimited Company – Wilton Place, Dublin 2 – Ireland)
Xing SE (Dammtorstrasse 30 – 20354 Hamburg – Germany)

Information about the collection and use of your data in social networks can be found in the respective terms of use of the providers named.

IX .    Rights of the Data Subject

If your personal data is processed, you are a Data Subject within the meaning of the GDPR and you have the following rights with regard to the Data Controller:

1.        Right to information

You can request the Data Controller to confirm whether we will process personal data that concerns you.

If that is the case, you can request information from the Data Controller about the following data:

(1)           the purposes for which the personal data is being processed;

(2)           the categories of personal data that are being processed;

(3)           the recipients or categories of recipients to whom the personal data relating to you has been disclosed or is still being disclosed;

(4)           the planned duration of any storage of personal data concerning you or, if specific information is not available, the criteria for determining the duration of such storage;

(5)           the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the Data Controller or a right to object to such processing;

(6)          Existence of a right of appeal to a supervisory authority

(7)           all information available on the source of the data if the personal data is not collected from the Data Subject;

You have the right to request information about whether personal data concerning you is being transmitted to a third country or to an international organisation. In this connection, you can request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with such transmission.

2.        The right to rectification

You have a right to rectification and/or completion with respect to the Data Controller if the personal data processed concerning you is incorrect or incomplete. The Data Controller must implement the correction immediately.

3.        The right to restriction of processing

Under the following conditions, you may request that the processing of your personal data be restricted:

(1)           if you   contest the accuracy of                 your personal data for a period of time that enables the               Data Controller to verify the accuracy of         your personal data;

(2)           the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data is restricted;

(3)           the        Data Controller no longer needs the personal data for processing purposes , but you need it in order to assert, exercise or defend legal claims; or

(4)           if you have objected to the processing pursuant to Art. 21 (1)   GDPR and it is not yet certain whether the legitimate reasons of the Data Controller outweigh the grounds of your objection.

Where processing of the personal data that concerns you has been restricted, such data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising or defending rights or protecting the rights of another natural or legal person or on the grounds of an important public interest of the European Union or of a Member State thereof.
If the restriction on processing has been implemented in accordance with the above conditions, you will be informed by the Data Controller before the restriction is lifted.

4.        Right to deletion

  1. Duty to delete

You have the right to demand the deletion of your personal data from the Data Controller without undue delay and the Data Controller has a duty to delete personal data without undue delay, where one of the following grounds applies:

(1)           The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

You withdraw your consent, on which the processing is based under point (a) of Article 6(1) of the GDPR, or point (a) of Article 9(2) of the GDPR, and there is no other legal ground for the processing.

(3)           You submit an objection to the processing under Art. 21 para. 1 DSGVO and there are no prior justifiable reasons for the processing, or you submit an objection under to the processing under Art. 21 para. 2 DSGVO.

(4)           The personal data concerning you has been processed unlawfully.

(5)           The personal data concerning you must be deleted in order to fulfill a legal obligation under European Union law or the law of the Member States to which the Data Controller is subject.

(6)            The personal data concerning you was collected in relation to information society services offered pursuant to Article 8 (1) GDPR.

  1. Transfer of data to third parties

If the Data Controller made the personal data concerning you public and is subject to a duty to delete it under Article 17 (1) of the GDPR, it must, taking into account the available technology and implementation costs, take appropriate steps, including the relevant technical steps, to inform the Data Controllers who process the personal data that you have been identified as being the Data Subject who has requested deletion of all the links to such personal data or the deletion of all copies or replications of such personal data.

  1. Exceptions

The right to deletion does not exist insofar as processing is necessary

(1)          in order to exercise the right to freedom of expression and information;

(2)           in order to fulfil a legal obligation that requires processing under European Union or Member State law to which the Data Controller is subject or for the performance of a public-interest or public-authority task transferred to the Data Controller;

(3)           for reasons of public interest in the field of public health pursuant to Article 9 (2) lit. h and i and Art. 9 (3) GDPR;

(4)          for archival purposes of public interest, scientific or historical research purposes or for statistical purposes acc. Article 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the accomplishment of the objectives of that processing, or

(5)           in order to assert, exercise or defend legal claims.

5.        Right to information

If you have exercised your right to have the Data Controller correct, delete or restrict the processing, the Data Controller is obliged to inform all recipients to whom the personal data that concerns you has been disclosed of this correction or deletion of the data or restriction on processing, unless this proves impossible or involves a disproportionate effort.
It is your right to have the Data Controller inform you regarding such recipients.

6.        The right to data portability

You have the right to obtain the personal data that you have provided to the Data Controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another Data Controller without hindrance from the Data Controller to which the personal data has been provided, insofar as

(1)           processing is based on consent in accordance with. Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a DSGVO or on a contract under. Art. 6 para. 1 lit. b DSGVO  and

(2)           the processing is carried out using automated procedures.

In exercising this right, you also have the right to ensure that the personal data relating to you is transmitted directly from one Data Controller to another, insofar as this is technically feasible. The freedoms and rights of other persons must not be affected thereby.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the Data Controller.

7.        Right of objection

You have the right at any time, for reasons that arise from your particular situation, to raise an objection against the processing of your personal data, which takes place pursuant to Art. 6 para. 1 lit. e or f DSGVO; this also applies to profiling based on these provisions.

The Data Controller will no longer process the personal data that concerns you, unless the party can prove compelling legitimate reasons for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data that concerns you is being processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data that concerns you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to processing your data for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58 / EC, you have the option, in the context of the use of information society services, to exercise your right to object in the case of automated procedures that follow certain technical specifications.

8.        The right to revoke the declaration of consent pursuant to data protection rights

You have the right at any time to revoke your data protection-related declaration of consent. The revocation of consent shall not affect the legality of any processing undertaken on the basis of this consent before its withdrawal.

9.        Automated decision in individual cases, including profiling

You have the right not to be subjected to a decision based solely on automated processing – including profiling – that would have some legal effect or would significantly affect you in a similar manner. This does not apply if the decision:

(1)          is necessary for the conclusion or performance of a contract between you and the          Data Controller,

(2)          is permitted by European Union or Member State legislation to which the Data Controller is subject, and where such legislation contains appropriate measures to safeguard your rights and freedoms and legitimate interests, or

(3)           is carried out with your express consent.

However, these decisions must not be based on special categories of personal data under Art. 9 (1) GDPR, unless Art. 9 (2) lit. a or g and reasonable measures have been taken to protect rights and freedoms and your legitimate interests.

In the cases referred to in (1) and (3), the Data Controller shall take reasonable measures to safeguard your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person on the part of the Data Controller, to state his or her own position and to challenge the decision.

10.    Right to lodge a legal complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have a right of appeal to a supervisory authority, in particular in the Member State where you reside, work or where the infringement is suspected, if you believe that the processing of personal data that concerns you is in contravention of the GDPR.

The supervisory authority to which the complaint has been submitted must inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.