- Name and contact details of the controller or processor and of the company’s Data Protection Officer
Name and contact details of the Data Processor: KMH-KAMMANN METALLBAU GMBH, Managing Director: Mrs. Martina Kammann, Industriestraße 13, D-27211 Bassum, Germany, Email: email@example.com, Tel.: +49 (0) 42 41 9390 0, Fax: +49 (0) 42 41 9390 90.
Company Data Protection Officer: Mr. Johannes Kolb, Rosenboom Menges Klindwort Rechtsanwälte in Partnerschaft mbB, Slevogtstraße 48, D – 28209 Bremen, Germany, Email: firstname.lastname@example.org, Phone: +49 (0) 421-33392267, Fax: +49 (0) 421-33392250.
- Collection and storage of personal data and nature and purpose of its use
When you visit our website www.kmh.net the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in a log file. The following information is collected without your intervention and stored until automatically deleted:
- IP address of the requesting computer;
- Date and time of access;
- Name and URL of the retrieved file;
- Referrer URL;
- Browser used and in some cases your computer’s operating system, and the name of your access provider.
We process the above data for the following purposes:
- Ensuring unimpeded communication with the website;
- Ensuring convenient use of our website;
- Analysis of system security and stability;
- Other administrative purposes.
The legal basis for the data processing is Article 6(1)(f ) of the GDPR. Our legitimate interest follows from the above-listed purposes of data collection. In no circumstances do we use the collected data for the purpose of inferring your identity.
- Disclosure of data
We do not transfer your personal data to any third party other than for the purposes listed in the following. We only disclose your personal data to third parties if:
- You have given your express consent to it in accordance with Article 6(1)(a) of the GDPR;
- disclosure is necessary in accordance with Article 6(1)(f) of the GDPR for the establishment, exercise and defence of legal claims and there is no reason to assume that you have an overriding compelling interest in the non-disclosure of your data;
- the disclosure is necessary in accordance with Article 6(1)(c) of the GDPR for compliance with a legal obligation;
- it is lawful and is necessary in accordance with Article 6(1)(b) of the GDPR for the performance of a contract to which you are party.
In addition, to improve usability, we also use temporary cookies that are stored on your device for a set period of time. If you return to our site to use our services again, these cookies make it possible to see automatically that you have visited before and any inputs and settings you have made so you do not have to repeat them.
The data processed by way of cookies is needed for the purposes stated in order to safeguard our legitimate interests and those of third parties in accordance with Article 6(1)(f) of the GDPR. Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or so that you are always asked before a new cookie is created. Please note that disabling cookies completely may mean that you cannot use all features of our website.
- Analysis tools/tracking tools
We use the tracking tools listed in the following on the basis of Article 6(1)(f) of the GDPR. Our use of these tracking tools serves the purposes of personalisation and ongoing improvement of our website. We also use the tracking tools to keep statistics on the use of our website and analyse them for the purpose of improving our content. These are to be considered as legitimate interests within the meaning of the aforementioned provision. Please see the tracking tools for the respective purposes of processing and categories of data.
- a) Google Analytics1
- Browser type/version;
- Operating system used;
- Referrer URL (the previous page visited);
- Host name of the requesting computer (IP address);
- Time of the server request.
This information is used for the purpose of evaluating website activity, in order to compile reports on website activity, and to provide other services relating to website activity and internet usage for the purposes of market research and personalisation of this website. The information may also be transferred to third parties if required by law or if third parties process the data under contract. Under no circumstances does Google combine your IP address with other data. IP addresses are anonymised so that identification is not possible (IP masking).
You may refuse the installation of cookies by selecting the appropriate settings in your browser; however, please note that if you do this you may not be able to use the full functionality of this website.
You can also prevent Google from collecting information (including your IP address) via cookies and from processing this information by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout).
As an alternative to the browser add-on, particularly for browsers on mobile devices, you can prevent data collection by Google Analytics by following this link. You will then receive an opt-out cookie that prevents the collection of your data when you visit this website in the future. The opt-out cookie is only valid in the specific browser and only for our website, and is stored on your device. If you delete the cookies in this browser, you will have to re-install the opt-out cookie.
For more information about privacy related to Google Analytics, see the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=en).
- b) Google Adwords Conversion Tracking
We also use the Google Conversion Tracking to keep statistics on website activity and analyse them for the purpose of improving our website. In this connection, Google AdWords stores a cookie (see under heading 4) on your computer if you arrive at our website by following a Google AdWords advertisement.
These cookies expire after 30 days and do not serve the purpose of personal identification. If the user visits certain pages of an AdWords customer’s website and the cookie has not yet expired, Google and the customer can see that the user clicked on the advertisement and was redirected to this page.
Each AdWords customer has a different cookie. This means that cookies cannot be tracked across AdWords customer websites. The information collected using the conversion cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. In this way, AdWords customers can find out the total number of users who clicked on their advertisement and were redirected to a page containing a conversion tracking tag. They do not, however, receive any information from which they can personally identify users.
If you want to opt out of tracking, you can refuse the storing of the required cookie – for example by disabling the browser setting that allows cookies to be stored automatically. Alternatively, you can disable cookies for conversion tracking by setting your browser to block cookies from the domain www.googleadservices.com. Google’s privacy notice on conversion tracking can be found here (https://services.google.com/sitestats/en.html).
- Social media plugins
On the basis of Article 6(1)(f) of the GDPR, we use social plugins provided by the social networks Facebook, Twitter and Instagram to make our company better known by this means. The promotional purpose on which this is based is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for operation compliant with data protection law lies with the respective providers. We have integrated these plugins with the so-called two-click method in order to provide the best possible protection for visitors to our website.
Our website uses social media plugins provided by Facebook for a more personalised user experience. For this purpose, we use the Like or Share button. This is provided by Facebook. If you visit a page on our website that contains such a plugin, your browser establishes a direct connection with Facebook’s servers. The plugin content is transmitted by Facebook directly to your browser, which incorporates it into the website.
As a result of the plugins being integrated, Facebook receives the information that your browser has requested the corresponding page of our website, even if you do have no Facebook account or are not currently logged in on Facebook. This information (including your IP address) is sent from your browser directly to and stored on a Facebook server in the USA.
If you are logged into Facebook, Facebook can link the visit to our website directly to your Facebook account. If you interact with the plugins, for example by selecting the Like or Share button, the corresponding information is likewise sent directly to and stored on a Facebook server. The information is also posted on Facebook and displayed to your Facebook friends.
Facebook can use this information for the purpose of advertising, market research and personalisation of Facebook pages. For this purpose, Facebook compiles user, interest and relationship profiles in order, for example, to evaluate your use of our website in relation to advertisements shown on Facebook, to let other Facebook users know about your activities on our website, and to provide other services associated with the use of Facebook.
Our website uses plugins provided by Twitter Inc. (Twitter), the Twitter messaging service. The Twitter plugins (Tweet button) can be recognised by the Twitter logo on our website. An overview of the Tweet buttons is available here (https://about.twitter.com/resources/buttons).
If you visit a page on our website that contains such a plugin, a direct connection is established between your browser and the Twitter server. In this way, Twitter receives the information that you visited our website with your IP address. If you click on the Twitter Tweet button while you are logged into your Twitter account, you can link the content of our website to your Twitter profile. Twitter can thus track the visit to our website back to your user account. Please note that as the provider of these pages we do not receive any knowledge of the content of the transmitted data or of its use by Twitter.
Our website also uses Instagram social plugins (“plugins”) operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). The plugins can be recognised from an Instagram logo such as in the form of an Instagram “camera”.
If you visit a page on our website that contains such a plugin, your browser establishes a direct connection with Instagram’s servers. The plugin content is transmitted by Instagram directly to your browser, which incorporates it into the page. As a result of the plugins being integrated, Instagram receives the information that your browser has requested the corresponding page of our website, even if you do have no Instagram profile or are not currently logged in on Instagram.
This information (including your IP address) is sent from your browser directly to and stored on an Instagram server in the USA. If you are logged into Instagram, Instagram can directly link the visit to our website directly to your Instagram account. If you interact with the plugins, for example by selecting the Instagram button, the corresponding information is likewise sent directly to and stored on an Instagram server. The information will also be posted on your Instagram account and displayed there to your contacts.
- Third-party providers
- Social media profiles
We maintain online profiles on various social networks in order to communicate with customers, prospective customers and users who are active on those networks and to inform them about our services. There, we point out that the social network providers collect data on users when they visit one of our social network profiles. The social network providers generally use such data for market research and advertising purposes; in this connection, it may occur that a provider compiles activity profiles from users’ activity and inferred interests and uses such profiles to place advertising that matches users’ interests. For a detailed description of data processing performed by the various providers, please see their respective privacy policies. Similarly, if you wish to request information and exercise your user rights, it is most effective to do so with the respective provider as only the provider has access to user data and can take action and provide information accordingly. For further information, please see:
- Your rights as a data subject
Your rights are as follows:
- Under Article 15 of the GDPR read in conjunction with Section 34 of the German Federal Data Protection Act (BDSG), you have the right to obtain access to the personal data concerning you that we process;
- under Article 16 of the GDPR, you have the right to obtain rectification or completion of personal data stored with us;
- under Article 17 of the GDPR read in conjunction with Section 35 of the BDSG, you have the right to obtain erasure of your personal data stored with us;
- under Article 18 of the GDPR, you have the right to obtain restriction of processing of your data;
- under Article 20 of the GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to have the data transmitted to another controller;
- under Article 21 of the GDPR, you have the right to object to the processing of your data;
- under Article 77 of the GDPR read in conjunction with Section 19 of the BDSG, you have the right to lodge a complaint with a supervisory authority.
To the extent that your data is processed on the basis of legitimate interests in accordance with Article 6(1)(f) of the GDPR, you additionally have the right under Article 21 of the GDPR to object to the processing of your personal data, in the event of grounds relating to your particular situation or of objection to direct marketing. In the case of direct marketing, you have a general right to object that we abide by without reference to any particular situation.
If the processing of your data is based on consent, you may withdraw your consent at any time. Your right of withdrawal also applies if you gave your consent before the entry into force of the GDPR, meaning before 25 May 2018. Please note that any withdrawal of your consent only has effect for the future. It does not affect processing operations prior to the withdrawal of consent. If you wish to exercise your right to withdraw consent or your right to object, you can direct your withdrawal of consent or your objection to us in writing (KMH-Kammann Metallbau GmbH, Industriestraße 13, D-27211 Bassum, Germany) or by email (email@example.com).
- Data security
When you visit our website, we use the widespread secure socket layer (SSL) protocol in conjunction with the highest level of encryption supported by your browser. This is generally 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit SSL v3 encryption instead. You can tell if a specific page of our website is transferred in encrypted form by the closed key or padlock icon in your browser address bar.
In all other respects, we use suitable technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or total loss, destruction or unauthorised access by third parties. Our security measures are continually improved in line with technological developments.