1. General remarks and compulsory information
We take the protection of your personal data very seriously. We treat your personal data as confidential and pursuant to the statutory data privacy regulations as well as this data privacy statement.
If you use this website, several types of personal data will be collected. Personal data is data that you can be identified with personally. This data privacy statement explains which data we collect and what we use it for. It also explains how and for which purpose this is done.
1.1 Controllers
This data privacy statement describes the data processing for which we are the controller within the meaning of the GDPR. Please find our contact data below:
Kunststoff Vertrieb Dr. Schiffers GmbH u. Co. KG
Eiselauer Weg 4, 89081 Ulm / Germany
Phone +49 731 936 94 - 0
Fax +49 731 936 94 - 15
E-mail: info@kvs-ulm.info
Website: www.kvsulm.com
If you have any questions regarding data privacy, please do not hesitate to address our data privacy coordinator at any time. Our data privacy coordinator’s name and address are as follows:
Nicole Dick
Kunststoff Vertrieb Dr. Schiffers GmbH u. Co. KG
Eiselauer Weg 4, 89081 Ulm / Germany
E-mail: nicole.dick@kvs-ulm.info
Our data privacy officer is:
Sabina Hrnjica-Ceman
EOS GmbH Electro Optical Systems
Robert-Stirling-Ring 1, 82152 Krailling / Germany
E-mail: datenschutz@eos.info
Our regulatory authority for data privacy is:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
[The state officer for data privacy and freedom of information in Baden-Württemberg]
Königstraße 10a, 70173 Stuttgart / Germany or P.O. box 10 29 32, 70025 Stuttgart / Germany
Phone: + 49 0711/61 55 41 - 0
Fax: + 49 0711/61 55 41 - 15
E-mail: poststelle@lfdi.bwl.de
If you would like to submit a complaint, you can also use the complaint form provided at https://www.baden-wuerttemberg.datenschutz.de/online-beschwerde/.
1.2 How do we collect your data?
Your data will firstly be collected if you provide us with it. This can e.g. be data that you provide via e-mail.
Other data will be collected automatically by our IT systems when you visit our website. This is mainly technical data (e.g. internet browser, operating system or time of the page view). This data will be collected automatically as soon as you access our website.
1.3 What do we use your data for?
Part of the data will be collected to ensure a provision of the website that is free of faults. Other data can be used to analyse your user behaviour.
2. Processing within the scope of our website
2.1 Server log files
The provider of the sites collects and stores information automatically in the so-called server log files that your browser transmits automatically to us. These are:
• browser type and browser version
• operating system used
• referrer URL
• host name of the accessing computer
• time of the server request
• IP address
There will be no combination of this data with other data sources.
The basis for the data processing is Art. 6 para. 1(b) GDPR which allows the processing of data to fulfil an order or pre-contractual measures.
2.2 SSL or TLS encryption
For reasons of safety and for the protection of the transmission of confidential content such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can identify an encrypted connection if the address line of the browser changes from "http://" to "https://" and a lock symbol is shown in your browser line.
As soon as the SSL or TLS encryption is activated, data that you transmit to us cannot be read by third parties.
2.3 Cookie files
This website uses cookie files. We use cookie files to personalise content and displays and to analyse the access to our website. In addition and for analysis purposes, we transfer information about your use of our website to our partners.
Cookie files are small text files that are used by websites to make the user experience more efficient. Pursuant to law, we are allowed to store cookie files on your device if these cookie files are absolutely necessary to operate the site. For all other types of cookie files, we need your consent.
This site uses different types of cookie files. Some cookie files are placed by third parties that appear on our sites.
At any time, you may change or revoke your consent to the cookie file declaration on our website.
With the exception of the use of Google Analytics (Clause 2.4), we exclusively use cookie files that enable us to track your activities during this one browser session and that are necessary for the technical processing of the website use and that are not third-party cookie files.
You can impede or restrict the storage of cookie files on your hard drive by adjusting your browser in a way that it does not accept cookie files or that - before placing a cookie file - it asks you if you agree to cookie files being set. You can delete any cookie files set at any time. To find out how this works, please refer to your browser manual. If you do not accept cookie files, this can lead to restrictions in the use of our service.
2.4 Google Analytics
Insofar as you have given your consent, this website will use Google Analytics; this is a web analysis service of Google LLC. The competent service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (“Google”).
2.4.1 Scope of the processing
Google Analytics uses cookie files that allow an analysis of your use of our website. The information about your use of this website collected by the cookie files will normally be transmitted to a Google server in the USA and will be stored there.
We use the function 'anonymizelP' (so-called IP masking): Due to the activation of the IP anonymisation on this website, Google will shorten your IP address within the member states of the European Union or in other state parties to the Agreement on the European Economic Area. Only in exceptional cases will your complete IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by your browser within the context of Google Analytics will not be combined with other Google data.
2.4.2 Among others, the following data will be collected during your visit to the website:
• the sites you visited, your “click path”
• the achievement of “website objectives” (conversions, e.g. subscriptions to newsletters, downloads, purchases)
• your user behaviour (such as clicks, time spent on the site, bounce rates)
• your approximate location (region)
• your IP address (in shortened form)
• technical information on your browser and the terminals used by you (e.g. language settings, screen resolution)
• your internet provider
• the referrer URL (via which website / which promotional tool you accessed the website)
2.4.3 Processing purposes
We use Google Analytics to evaluate your (pseudonymised) use of the website and to compile reports about the website activities. The reports provided by Google Analytics facilitate the analysis of the performance of our website.
2.4.4 Recipient
The recipient of the data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland as the order processor. For this purpose, we have concluded a contract on order processing with Google.
Google LLC with its registered office in California, USA, and, if necessary, the US authorities may access the data stored at Google.
2.4.5 Transmission to third countries
A transmission of data to the USA cannot be excluded.
2.4.6 Duration of storage
The data sent by us and connected to cookie files will be deleted automatically after 14 months. If the retention period of data has been reached, the respective data will be deleted automatically once a month.
In addition, you can block Google’s collection of the data generated by the cookie file and related to your use of the website (incl. your IP address) as well as the processing of this data by Google by
a. not giving your consent to the placing of the cookie file or
b. downloading and installing the browser add-on to deactivate Google Analytics HERE.
You can also avoid the storage of cookie files by setting your browser software in an appropriate way. However, if you configure your browser in a way that all cookie files are rejected, this may lead to a restriction in features on this and other websites.
2.4.7 Legal basis and possibility of revocation
The legal basis for this data processing is your consent, Art. 6 para. 1 sent. 1(a) GDPR. You may revoke your consent at any time and with future effect by calling up the cookie settings and changing your selection there.
You will find more detailed information on the terms of use of Google Analytics and data privacy at Google at https://marketingplatform.google.com/about/analytics/terms/us/.
2.5 Google Maps
Via an API, this site uses the cartographic service Google Maps. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
To use the features of Google Maps, it is necessary to store your IP address. In general, this information will be transmitted to a Google server in the USA and will be stored there. We do not have any influence on this data transmission.
The use of Google Maps is done in the interest of an appealing presentation of our service offers and an easy traceability of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1(f) GDPR.
You can find more information on how to handle user data in Google’s data privacy statement.
3. Processing outside our website
If you provide us with personal data in person, by e-mail or telephone for a purpose that goes beyond the use of the website or the web service, such as the sending of an offer or product information, we will also store and process this data for this purpose. In this respect, it is not the information in Section 2 that applies to further processing, but rather that stated in the section of this data privacy statement that is relevant for the corresponding purpose.
3.1 Processing of the data of interested parties
In this section, we inform you how we handle personal data regarding your person that we collect if you express your interest in our products or services and which rights you have in this regard.
If you express interest in our products or services by an enquiry (e.g. at a trade fair or conference, via e-mail, via telephone), we store your contact data and the subject matter of your interest.
We store and process this data to handle your enquiry and - in addition - to protect our legitimate interest to improve our deliveries and services with regard to your concern and according to your individual requirements and hence to further the sale of our products and services and, if necessary, to offer you further products or services that match your interest (legal basis: Art. 6 para. 1(f) GDPR and Art. 6 para 1(b) GDPR).
We store and process personal data of interested parties to carry out screenings and matchings for reasons of transparency to avoid corruption, money laundering or, financing of terrorism, for reasons of export control and to carry out other compliance checks that are either required by law or designated in our company policies. This is firstly based on the adherence to statutory obligations (legal basis: Art. 6 para. 1(c) GDPR) and, insofar as our company policies go beyond the statutory requirements, to protect our legitimate interest to avoid business relationships that do not meet our ethical standards (legal basis: Art. 6 para. 1(f) GDPR).
If your enquiry leads to a customer relationship, your data will be transferred to our customer database (cf. Clause 3.2). If it does not lead to a customer relationship, the data will be deleted pursuant to the statutory retention periods after the last correspondence has been conducted with you.
For further possible recipients and retention periods of the afore-mentioned information, we refer in addition to Clauses 4 et seqq.
3.2 Processing of customer data
In this section, we inform you how we handle personal data regarding your person that we store in our customer database and which rights you have in this regard.
If there is a customer relationship with you or if it is established, we will set up a customer account in our customer database. The customer account comprises your master data (name, address, account etc.). Within the scope of the customer relationship, all processes and documents (correspondence, orders, contracts, complaints etc.) will then be connected with this customer account.
On the one hand, we store and process the afore-mentioned information to comply with the respective contractual relationship with regard to our products and services that you use (legal basis: Art. 6 para. 1(b) GDPR), and, on the other hand, to protect our legitimate interest to improve our deliveries and services with regard to your concerns and interests and according to your individual requirements and hence to further the sale of our products and services, to offer you further products or services (if required) that meet your interests, to document contractual agreements and correspondence to assert, exercise and defend against legal claims and, if necessary, to fulfil our product monitoring obligation with regard to our products and services (legal basis: Art. 6 para 1(f) GDPR) as well as to fulfil our statutory documentation and retention obligations (legal basis: Art. 6 para. 1(c) GDPR).
In the event of an establishment of a customer relationship and also during its term, we store and process personal customer data to carry out screenings and matchings for reasons of transparency to avoid corruption, money laundering or, financing of terrorism, for reasons of export control and to carry out other compliance checks that are either required by law or designated in our company policies. This is firstly based on the adherence to statutory obligations (legal basis: Art. 6 para. 1(c) GDPR) and, insofar as our company policies go beyond the statutory requirements, to protect our legitimate interest to avoid business relationships that do not meet our ethical standards (legal basis: Art. 6 para. 1(f) GDPR).
For further possible recipients and retention periods of the afore-mentioned information, we refer in addition to Clauses 4 et seqq.
3.3 Processing of data of other business partners
In this section, we inform you how we handle personal data regarding your person that we collect in connection with the establishment and execution of the business relationship with our other business partners and which rights you have in this regard. In doing so, we understand the term “business partner” in the broadest sense as all contractual partners that are not customers or employees, but suppliers, contractors, freelancers, consultants etc.
In general, we process and store personal data with regard to actual or possible business partners in the same database in which we store data with regard to interested parties and customers and also in the same way. Hence, the explanations regarding interested parties and customers in this data privacy statement apply accordingly to our business partners.
On the one hand and to fulfil the correspondingly existing contractual relationship with you, we store and process the master data and all processes and all documents that are linked to the database account (correspondence, orders, contracts, complaints etc.) in connection with actual or possible business partners (legal basis: Art. 6 para. 1(b) GDPR), and on the other hand, we store and process the data to protect our legitimate interest to document contractual agreements and correspondence to assert, exercise or defend against legal claims and, if necessary, to fulfil our product monitoring obligation with regard to the business partners’ products and services (legal basis: Art. 6 para. 1(f) GDPR) as well as to fulfil statutory documentation and retention obligations (legal basis: Art. 6 para. 1(c) GDPR).
In the event of an establishment of the business relationship and also during its term, we store and process personal data with regard to our business partners to carry out screenings and matchings for reasons of transparency to avoid corruption, money laundering or, financing of terrorism, for reasons of export control and to carry out other compliance checks that are either required by law or designated in our company policies. This is firstly based on the adherence to statutory obligations (legal basis: Art. 6 para. 1(c) GDPR) and, insofar as our company policies go beyond the statutory requirements, to protect our legitimate interest to avoid business relationships that do not meet our ethical standards (legal basis: Art. 6 para. 1(f) GDPR).
For further possible recipients and retention periods of the afore-mentioned information, we refer in addition to Clauses 4 et seqq.
3.4 Processing of data in the event of visits to our company
In this section, we inform you how we handle personal data regarding your person that we collect in connection with visits to our company and business premises and which rights you have in this regard.
When you visit our company and business premises, you are asked to register before your visit or during your visit at our reception desk. Generally, name, company, date and time of the visit are recorded. If necessary, you are asked to sign a non-disclosure declaration.
We store and process the afore-mentioned information and documents to protect our legitimate interest to exercise our domiciliary rights, to prevent or pursue abusive behaviour and to document visits to assert, exercise or defend against legal claims (legal basis: Art. 6 para. 1(f) GDPR). Insofar as not one of the longer retention periods that are stated below applies, this information will be deleted after expiration of one year after the visit.
3.5 Processing of applicant data
In this section, we inform you how we handle personal data regarding your person that we collect in connection with applications for a job at our company or the group of companies and which rights you have in this regard.
If you contact us as an applicant and send us application documents in printed or electronic format, we store and process your contact data, your application documents (in printed or electronic format) and all documents and records that are prepared regarding your person within the scope of the application process (all these data and documents are hereinafter summarised as “applicant data”) during the term and the execution of the application process (legal basis: Art. 6 para. 1(b) GDPR).
As a general rule, we do not need any special categories of personal data for the application process. We kindly ask you to not send us any such information beforehand. If, in exceptional cases, such information is relevant for the application process, we will process it together with your other Applicant Data. This can comprise information regarding prohibited activities with reference to a pregnancy or health restriction or information regarding a severe disability to fulfil our special obligations with respect to severely disabled persons. In these cases, the processing helps to execute rights or to fulfil legal obligations arising out of labour law, social security legislation and social protection (legal basis: Art. 9 para. 2(b) GDPR in association with Sect. 26 German Federal Data Protection Act [BDSG]) or to evaluate your ability to work (legal basis: Art. 9 para 2(h) in association with Sect. 22 para. 1 b BDSG).
We store and process personal data of applicants to carry out screenings and matchings for reasons of transparency to avoid corruption, money laundering or, financing of terrorism, for reasons of export control and to carry out other compliance checks that are either required by law or designated in our company policies. This is firstly based on the adherence to statutory obligations (legal basis: Art. 6 para. 1(c) GDPR) and, insofar as our company policies go beyond the statutory requirements, to protect our legitimate interest to avoid business relationships that do not meet our ethical standards (legal basis: Art. 6 para. 1(f) GDPR).
Insofar as, within the scope of the application process, you provide us with documents or information that are not necessary for the application process, we process these documents and information within the scope of your consent (legal basis: Art. 6 para. 1(a) GDPR).
If the application process is successful, the Applicant Data will be stored and used as part of your personnel file to fulfil the employment contract existing with you and will only be deleted or anonymised at the end of the employment relationship and a subsequent retention period, if necessary, to facilitate the assertion, exercise or defence against legal claims and to make the administration of storage and deletion deadlines feasible.
If the application process is not successful, we will return the printed application documents to you and will store copies of these documents and all other Applicant Data for another six months after conclusion of the application process. Afterwards we will delete these documents and data. The retention of these data and documents helps to protect our legitimate interest to assert, exercise or defend against legal claims in connection with the application process, in particular in the event that we need these documents and data as evidence against alleged discrimination within the selection process (legal basis: Art. 6 para. 1(f) GDPR).
For further possible recipients and retention periods of the afore-mentioned information, we refer in addition to Clauses 4 et seqq.
4. General information regarding recipients, categories of recipients and transmissions
4.1 Within the necessary scope of the fulfilment of his/her statutory obligations, our data privacy officer has access to your personal data. The data privacy officer is subject to a statutory obligation to secrecy.
4.2 If necessary, all our databases are operated, maintained and developed further by additional order processors or other contractors. These persons may have access to your data. We have concluded order processing agreements with order processors to ensure that personal data will only be processed within the scope of our order and according to our instructions. With the remaining service providers we have concluded agreements that ensure confidential treatment unless any other obligation to secrecy is required by law.
4.3 We use third-party service providers to archive and destroy documents and data. These persons have access to your data.
4.4 Insofar as we store and process data to handle contractual relationships, we transfer this data to vicarious agents, if necessary, within the scope of the execution of the contracts (e.g. forwarding agents). If we resell third-party products, we may transfer your contact data and information on the product to the manufacturer or supplier, e.g. within the scope of a product registration, for invoicing purposes or with regard to the manufacturer’s maintenance or support services.
4.5 If we use data to contact you, we may use additional order processors or other contractors (e.g. letter shops) for this correspondence. These persons then have access to your data.
4.6 We collaborate with external consultants such as business consultants, lawyers or tax advisers. These persons have access to your data.
4.7 We have concluded (and will conclude in the event of future orders) order processing agreements with order processors of the afore-mentioned type to ensure that personal data will only be processed within the scope of our order and according to our instructions. We have concluded (and will conclude in the event of further orders) agreements with service providers or consultants who do not process data on our account that ensure confidential treatment unless any other obligation to secrecy is required by law.
4.8 We will then transmit your personal data to competent prosecution, regulatory or other authorities if we are obliged by law to do so (legal basis: Art. 6 para. 1(c) GDPR) or if we have - by the transmission of the data - a legitimate interest to prevent coercive measures of such authorities, institutions or bodies within the scope of their statutory responsibilities (legal basis: Art. 6 para. 1(f) GDPR). Such legally stipulated or necessary transmissions are not the subject of this data privacy statement.
5. General information regarding the duration of storage and anonymisation
5.1 We have a deletion concept that aims to ensure that personal data is only stored for as long as this is necessary for the purpose of the storage.
5.2 Our deletion concept takes into consideration that personal data should be stored even after cessation of the purpose for the storage for a short period to avoid accidental deletions, if necessary, to facilitate the assertion, exercise or defence against legal claims and to make the administration of storage and deletion deadlines feasible. We assume that your interests do not conflict with the retention because the subsequent storage period is appropriate with regard to the interests to be protected.
5.3 Unless detailed information regarding deletion deadlines has been stated above, the following general deletion deadlines shall apply according to our deletion concept. If information is subject to several deletion deadlines, the longest deadline is decisive:
5.3.1 We store customer data for the duration of the customer relationship. Even afterwards, this data will be stored for the following terms if it is necessary to maintain the customer account and if it helps to allocate documents or data of the following types. Otherwise, it will be deleted after one year.
5.3.2 With regard to the statutory retention period for commercial letters and tax documents, we retain correspondence for seven years and vouchers and invoices for eleven years.
5.3.3 With regard to the statutory limitation of claims and the statutory duties of retention for vouchers, we retain contract-related data and documents for eleven years after the contractual relationship has ended.
5.3.4 In order to meet our statutory product monitoring obligation and to assert, exercise or defend against legal claims within the statutory limitation periods, we retain all product safety documents and product data including information on safety-sensitive incidents and accidents or customer complaints for 31 years after the end of the product distribution.
5.4. Insofar as in this data privacy statement “deletion” is mentioned, we reserve the right to anonymise the relevant data record instead of completely deleting it so that it cannot be assigned to you any longer.
5.5. Anonymised data will be further processed and used by us and our order processors for an unlimited period of time. The processing and use of anonymised data are not subject to the GDPR and are not the subject of this data privacy statement.
6. Security
To protect your personal data that is stored at our company against unauthorised access and misuse, we have taken comprehensive technical and organisational measures that are state of the art.
7. What are your rights regarding your data?
7.1 Information, blocking, deletion
At any time, you have the right to obtain information free of charge about the origin, recipient and purpose of your stored personal data. In addition, you have the right to demand the correction, blocking or deletion of this data. For this purpose and for further questions regarding data privacy, please do not hesitate to contact us at any time (Clause 1.1). In addition, you have the right to complain to the competent regulatory authority. Among others, this can be the regulatory authority that is responsible for your place of residence or the regulatory authority that is responsible for us in general (Clause 1.1).
7.2 Revocation of your consent to data processing
Numerous data processing procedures are only possible if you give your explicit consent. You have the right to revoke a consent that you have already given at any time. To do so, an informal notification via e-mail to us is sufficient. The legitimacy of the data that has been processed until the revocation remains unaffected by such revocation.
7.3 Right to data portability
You have the right that data that we process in an automated way on the basis of your consent or to fulfil a contract is handed over to you or a third party in a usual, machine-readable format. If you request that the data is directly transmitted to another controller, this will only be done if it is technically feasible.
7.4 Other recipients and guarantees
7.4.1 Our website is exclusively stored on servers in the European Economic Area.
7.4.2 With the exception of the transmission stated below for which the guarantees apply that are stated there, we do not transmit to insecure third countries in connection with the website.
7.4.3 Our website may contain references to third-party offers in the form of links, ad banners or the like. If you follow these references (in general by clicking on the link or ad banner), this will lead you to third-party offers. Please note that providers of such offers may be located in an insecure third country and that clicking on such references may thus lead to a transmission into such a country. Please also note that we are not the controller for such offers and have not agreed to any guarantees regarding data privacy with the controller and that these offers are governed by the data privacy regulations of the third party as the controller. Even though we ourselves do not transmit any personal data to such companies or their service providers, they can - if you click on an advertisement - draw conclusions from the fact that you come from our website.