Data privacy statement for Wilhelm Knepper GmbH & Co. KG
We are very pleased with your interest in our company. Data protection is rated particularly high by the Wilhelm Knepper GmbH & Co. KG management. Using the Wilhelm Knepper GmbH & Co. KG websites is basically possible without declaring any personal data. If a data subject wants to use special services of our company via our website, processing personal data might become necessary. If processing personal data is required and there is no legal basis for that kind of processing, we generally obtain consent of the data subject.
Processing personal data of a data subject, such as name, address, e-mail address or telephone number, always happens in accordance with the General Data Protection Regulation and corresponding with the country-specific data protection regulations valid for Wilhelm Knepper GmbH & Co. KG. Via this data privacy statement, our company wants to inform the public about manner, extent and purpose of the personal data gathered, used and processed by us. Moreover, data subjects are enlightened about their assigned rights via this data privacy statement.
Wilhelm Knepper GmbH & Co. KG, as person in charge of processing, implemented numerous technical and organisational measures to guarantee preferably complete protection of the personal data processed by this website. Yet, internet-based data transmission can principally show security gaps which means that absolute protection cannot be guaranteed. For that reason, each data subject is free to transmit personal data in alternative ways, for example by phone.
The Wilhelm Knepper GmbH & Co. KG data privacy statement is based on terms that were used by the European guideline and decree regulator with the enactment of the General Data Protection Regulation (GDPR). Our data privacy statement is supposed to be easily legible and understandable both to the public as well as to our clients and business partners. To guarantee that, we would like to explain the terms used beforehand.
In this data privacy statement, we use the following terms among others:
a) Personal data
Personal data implies all information that refers to an identified or identifiable natural person (henceforth referred to as “data subject”). “identifiable” indicates a natural person who is either directly or indirectly identifiable, especially via attribution to an identifier such as a name, an identification number, location data, an online identifier or one or several special features that express the natural person’s physical, physiological, genetic, psychic, economic, cultural or social identity.
b) Data subject
Data subject indicates every identified or identifiable natural person whose personal data is processed by the person in charge of processing.
Processing indicates every executed procedure or every series of procedures – with or without the help of automated proceedings – related to personal data such as collecting, gathering, organising, sorting, storage, adaption or changing, readout, call-up, usage, disclosure by transmission, spreading or another form of provision, synchronisation or connection, restriction, deletion or destruction.
d) Restriction of processing
Restriction of processing indicates marking stored personal data with the aim of restricting their future processing.
Profiling indicates every kind of automated processing of personal data that consists of using that personal data to evaluate certain personal aspects concerning a natural person, especially to analyse or predict aspects concerning work performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or change of location of that natural person.
Pseudonymisation indicates processing of personal data in a way that the personal data cannot be ascribed to a specific data subject without consulting additional information, providing the additional information is stored separately and subject to technical and organisational measures that guarantee that the personal data cannot be ascribed to an identified or identifiable natural person.
g) Person in charge or person in charge of processing
Person in charge or person in charge pf processing is the natural or legal person, agency, facility or another unit that determines, alone or collectively with others, purpose and means of processing personal data. If purposes and means of processing are provided by the Union law or the law of member states, the person in charge, respectively the certain criteria of their designation, can be provided according to the Union law or the law of the member states.
h) Order processor
Order processor indicates a natural or legal person, agency, facility or another unit that processes personal data on behalf of the person in charge.
Recipient indicates a natural or legal person, agency, facility or another unit personal data is revealed to, regardless of them being third parties or not. Agencies that might receive personal data within a certain inquiry based on the Union law or the law of the member states are not considered recipients.
j) Third party
Third party indicates a natural or legal person, agency, facility or another unit other than the person concerned, the person in charge, the order processor and the persons who are entitled to process personal data under the immediate responsibility of the person in charge or the order processor.
Consent indicates every unambiguous expression of intention provided voluntarily and in an informed manner by the data subject for the certain case in the form of a declaration or another distinctly confirming action the data subject uses to convey their consent with processing their personal data.
2. Name and address of the person in charge of processing
Person in charge in terms of the General Data Protection Regulation and other data privacy acts valid in the member states of the European Union and further regulations in terms of data protection is:
Wilhelm Knepper GmbH & Co. KG
Tel.: 02941 28410
3. Name and address of the data protection official
Data protection official of the person in charge of processing is:
Wilhelm Knepper GmbH & Co. KG
Tel.: 02941 2841-80
Every data subject may directly address our data protection official concerning all questions and suggestions referring to data protection at any time.
By using cookies, Wilhelm Knepper GmbH & Co. KG can provide user-friendly services to the users of this website that would not be possible without the cookie session.
The data subject can prevent the placing of cookies by our website at any time by applying a certain setting of the used internet browser, thus permanently objecting to the placing of cookies. Furthermore, already set cookies can be deleted via an internet browser or another software programme. This is possible with all current internet browsers. If a data subject deactivates the placing of cookies in the used browser, not all functions of our website might be comprehensively usable.
5. Gathering of general data and information
The Wilhelm Knepper GmbH & Co. KG website gathers a number of general data and information with every access by a data subject or an automated system. The general data and information are stored via server log files. Gathered can be (1) the used browser types and versions, (2) the operating system applied by the accessing system, (3) the website an accessing system uses to get to our website (so-called referrer), (4) the sub websites an accessing system uses to get to our website, (5) date and time of an access to our website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in case of attacks on our information technology systems.
When using the general data and information, Wilhelm Knepper GmbH & Co. KG does not draw conclusions about the data subject. The information is rather required to (1) deliver the content of our website correctly, (2) optimise the content of our website as well as its promotion, (3) guarantee the permanent functionality of our information technology systems and the technology of our website and (4) to provide all information required for prosecution by prosecuting authorities in case of a cyberattack. Moreover, the anonymously gathered data and information are evaluated by Wilhelm Knepper GmbH & Co. KG statistically on the one hand and on the other hand with the purpose of enhancing data protection and data security at our company to ultimately provide an optimal protection degree of protection for the personal data processed by us. The anonymous data of the server log files is stored separately from all personal data provided by a data subject.
6. Ways of contact via the website
Due to legal regulations, the Wilhelm Knepper GmbH & Co. KG website contains information that allows fast and immediate communication with us, which also involves a general address of so-called electronic mail (e-mail address). If a data subject establishes contact with the person in charge of processing via e-mail or a contact form, the personal data provided by the data subject is stored automatically. Such personal data transmitted voluntarily by the data subject to the person in charge is being stored for the purpose of processing or for contacting the data subject. The personal data is not transmitted to third parties.
7. Routinely deletion and blocking of personal data
The person in charge of processing processes and stores personal data of a data subject only for the period of time that is required for achieving the purpose of storage or if this is provided by the European guideline and decree regulator or another legislator via laws and regulations the person in charge is liable to.
If the purpose of storage does not apply or a storage deadline required by the European guideline and decree regulator or another legislator in charge expires, the personal data is blocked or deleted routinely and according to the legal regulations.
8. Rights of the data subject
a) Right to confirmation
Every data subject has the right, provided by the European guideline and decree regulator, to ask the person in charge of processing for a confirmation if their personal data is being processed. If a data subject wants to utilise this confirmation right, they can turn to an employee of the person in charge of processing at any time.
b) Right to information
Every person concerned with processing of their personal data has the right, provided by European guideline and decree regulator, to obtain gratuitous information by the person in charge of processing about the stored personal data on them and to receive a copy of that information. Furthermore, the European guideline and decree regulator has conceded disclosure about the following to the data subject:
Moreover, the data subject has the information right about whether or not personal data has been transmitted to a third country or an international organisation. If this is the case, the data subject is furthermore entitled to obtain information about appropriate guarantees related to the transmission. If a data subject wants to utilise this right to information, they can turn to an employee of the person in charge of processing at any time.
c) Right to correction
Every person concerned with processing of their personal data has the right, provided by the European guideline and decree regulator, to demand the immediate correction of their incorrect personal data. Furthermore, the data subject has the right, considering the purposes of processing, to demand the completion of incomplete personal data – also via an additional declaration. If a data subject wants to make use of this right to correction, they can turn to an employee of the person in charge of processing at any time.
d) Right to deletion (Right to being forgotten)
Every person concerned with processing of their personal data has the right, provided by the European guideline and decree regulator, to ask the person in charge to immediately delete their personal data if one of the following reasons applies and if processing is not required:
If one of the above-mentioned reasons applies and a data subject wants to induce the deletion of personal data stored by Wilhelm Knepper GmbH & Co. KG, they may turn to an employee of the person in charge at any time. The Wilhelm Knepper GmbH & Co KG employee will immediately induce the deletion.
If the personal data was made public by Wilhelm Knepper & Co. KG and our company as the person in charge is obliged to delete the personal data according to art. 17 par. 1 GDPR, Wilhelm Knepper GmbH & Co. KG takes appropriate measures, considering available technology and the costs of implementing those measures, also technically, to inform other persons in charge of processing who process the published personal data that the data subject has asked those other persons in charge of processing to delete all links to the personal data or copies or replications of the personal data provided processing is not required. The Wilhelm Knepper & Co. KG employee is going to take all steps necessary in a given case.
e) Right to restriction of processing
Every person concerned with processing of their personal data has the right, provided by the European guideline and decree regulator, to ask the person in charge for restriction of processing given one of the following preconditions:
Provided one of the above-mentioned preconditions is given and a data subject wants to demand the restriction of their personal data that is stored by Wilhelm Knepper & Co. KG, they can turn to the employee in charge of processing at any time. The Wilhelm Knepper & Co. KG employee is going to induce the restriction of processing.
f) Right to data portability
Every person concerned with processing of their personal data has the right, provided by the European guideline and decree regulator, to receive their personal data they provided to a person in charge in a structured, current and machine-readable format. Moreover, they have the right to transmit the data to another person in charge without restraint by the person in charge the data has been provided to if processing is based on the compliance according to art. 6 par. 1 letter a GDPR or on a contract according to art. 6 par. 1 letter b GDPR and processing is carried out via automated procedures, provided processing is not required for the exercise of a task with a public interest or which is carried out exercising public legislature that has been assigned to the person in charge.
Moreover, the data subject has the right – with exercising their right to data portability – according to art. 20 par. 1 GDPR to obtain that the personal data is directly transmitted from one person in charge to another person in charge if this is technically manageable and does not restrict another person’s rights and liberty.
For the enforcement of the right to data portability, the data subject may turn to a Wilhelm Knepper GmbH & Co. KG employee at any time.
g) Right to objection
Every person concerned with processing of their personal data has the right, provided by the European guideline and decree regulator, for reasons that arise from their special situation, to enter an objection against processing of their personal data that is carried out based on art. 6 par. 1 letter e or f GDPR. This is also valid for profiling based on these determinations.
Wilhelm Knepper GmbH & Co. KG no longer processes the personal data in case of an objection, unless we can prove compelling reasons worthy of protection for processing that outweigh the data subject’s interests, rights and liberties, or if processing serves the enforcement, exercise or defence of legal claims.
If Wilhelm Knepper GmbH & Co. KG processes personal data to pursue direct advertising, the data subject has the right to enter an objection against processing of their personal data for the purpose of such advertising at any time. This is also valid for profiling if it is related to such direct advertising. If the data subject enters an objection to Wilhelm Knepper GmbH & Co. KG concerning processing of their personal data for the purpose of direct advertising, Wilhelm Knepper GmbH & Co. KG is no longer going to process the personal data for those purposes.
Furthermore, the data subject has the right, for reasons that arise from their special situation, to enter an objection against processing of their personal data that is used by Wilhelm Knepper & Co. KG for scientific or historical research purposes or statistical purposes according to art. 89 par. 1 GDPR, unless such processing is required for the fulfilment of a public interest task.
For exercising the right to objection, the data subject may contact any Wilhelm Knepper GmbH & Co. KG employee or any other employee. Moreover, the data subject is free to exercise their right to objection via automated procedures that use technical specifications related to the use of services of the information society regardless of guideline 2002/58/EG.
h) Automated decisions in individual cases including profiling
Every person concerned with processing of their personal data has the right, provided by the European guideline and decree regulator, not to be subjected to a decision based on automated processing – including profiling– that unfolds a legal effect to them or restricts them significantly in a similar way, if this decision (1) is not required for contract closing or fulfilment between the data subject and the person in charge or (2) is valid based on legal provisions of the Union or member states the person in charge is liable to and these legal provisions contain appropriate measures for preserving rights and liberties as well as entitled interests of the data subject or (3) is carried out with the data subject’s explicit agreement.
If the decision (1) is required for contract closing or fulfilment between the data subject and the person in charge or (2) is carried out with the data subject’s explicit agreement, Wilhelm Knepper GmbH & Co. KG takes appropriate measures to preserve the data subject’s rights and liberties as well as their valid interests, which requires the right of obtaining the intervention of a person on behalf of the person in charge, declaration of their own point of view and refutation of the decision.
If the data subject does not want to claim rights referring to automated decisions, they can turn to an employee of the person in charge of processing on this at any time.
i) Right to revoke data protection consent
Every person concerned with processing of their personal data has the right, provided by the European guideline and decree regulator, to revoke their consent with processing of their personal data at any time.
If a data subject wants to claim their right to revoke their consent, they can turn to an employee of the person in charge of processing at any time.
9. Data protection for applications and for the application process
The person in charge of processing gathers and processes personal data of applicants for the purpose of handling application processes. Processing can also be carried out electronically. This is especially the case when an applicant transmits their application papers electronically, for example via e-mail or a webform placed on the website, to the person in charge of processing. If the person in charge of processing concludes an employment contract with the applicant, the transmitted data will be stored for the purpose of processing the employment relationship with respect to legal regulations. If the person in charge of processing does not conclude an employment contract with the applicant, the application papers will be deleted automatically two months after the announcement of the rejection decision if deleting is not opposed to other valid interests of the person in charge of processing. Another valid interest in this sense is for example the burden of proof in a process according to the General Equal Treatment Act (AGG).
10. Data protection regulations concerning the application and use of Facebook
The person in charge of processing has incorporated components of the company Facebook on this website. Facebook is a social network.
A social network is a social meeting site operated in the internet, an online community that generally allows the users to communicate among each other and interact in a virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enables the internet community to provide personal or company-related information. Facebook enables the users of the social network, among others, to create social profiles, upload photos and network via friend requests.
Operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside of the USA or Canada, the person in charge of processing personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
With every access to one of the single sites of this website that is operated by the person in charge of processing and on which a Facebook component (Facebook plugin) has been incorporated, the internet browser of the information technological system of the data subject is induced automatically by the respective Facebook component to download a display of the particular Facebook component from Facebook. An overall layout of all Facebook plugins can be accessed at developers.facebook.com/docs/plugins/. Within this technical procedure, Facebook gains knowledge about which particular subpage of our website is accessed by the data subject.
Provided the data subject is logged in to Facebook at the same time, Facebook recognizes which particular subpage of our website the data subject accesses with every access to our website by the data subject and during the entire duration of their respective stay on our website. This information is gathered by the Facebook component and attributed to the data subject’s respective Facebook account by Facebook. If the data subject presses one of the Facebook buttons incorporated on our website, for example the “Like” button, or the data subject enters a comment, Facebook ascribes the information to the private Facebook user account of the data subject and stores the personal data.
Every time the data subject visits our website and is logged in to Facebook at the same time, Facebook receives the information via the Facebook component that the data subject has accessed our website; regardless of the data subject clicking or not clicking the Facebook component. If the data subject does not want such data transmission to Facebook, they can prevent transmission by logging out of their Facebook account before accessing our website.
The data guideline published by Facebook, available at de-de.facebook.com/about/privacy/, gives information about gathering, processing and usage of personal data by Facebook. Moreover, it explicates the setting options Facebook offers for privacy protection of the data subject. Furthermore, various applications are available to allow suppression of data transmission to Facebook. The data subject may use such applications to suppress data transmission to Facebook.
11. Legal basis of processing
At our company, art. 6 I lit. a GDPR serves as the legal basis for processing procedures we obtain compliance for when fulfilling certain processing purposes. If processing of personal data is required for completion of a contract the subject data is contracting party to, for example in cases of processing procedures that are necessary for the delivery of goods or the performance of other services or considerations, processing is based on art. 6 I lit. b GDPR. The same holds true for such processing procedures that are required for the implementation of pre-contractual measures, for example in cases of requests on our products or services. If our company is subject to a legal obligation that requires processing of personal data, for example for the fulfilment of tax duties, processing is based on art. 6 I lit. c GDPR. In rare cases, processing of personal data might be required to protect essential interests of the data subject or another natural person. This would be the case if, for example, a visitor gets injured at our company and subsequently their name, age, health insurance data or other essential information must be passed on to a doctor, a hospital or to other third parties. In this case, processing would be based on art. 6 I lit. d GDPR.
Ultimately, processing procedures might be based on art. 6 I lit. f GDPR. Processing procedures that are not included by any of the above-mentioned legal bases are based on this legal foundation if processing is required to preserve a valid interest of our company or of third parties provided the interests, basic rights and basic fundamental liberties of the data subject do not overweigh. Such processing procedures are granted to us especially because they were particularly mentioned by the European legislator. Insofar, they held the opinion that a valid interest could be assumed if the data subject is a client to the person in charge (recital 47 sentence 2 GDPR).
12. Valid interests in processing that are pursued by the person in charge or a third party
If processing of personal data is based on article 6 I lit. f GDPR, our valid interest is the implementation of our business activity on behalf of the welfare of all or employees and our shareholders.
13. Duration of storage of personal data
The criteria for the duration of storage of personal data is the respective legal duty to preserve records. After expiration of the deadline, the respective data is being deleted routinely if they are no longer required for the fulfilment of a contract or contract initiation.
14. Legal or contractual regulations for providing personal data; necessity for contract closing; obligation for the data subject to provide personal data; possible consequences of not providing
We inform you that the provision of personal data is partly required by law (e. g. tax regulations) or might as well result from contractual regulations (e. g. information about the contractual partner). Conclusion of contract might occasionally require the provision of a data subject’s personal data that must subsequently be processed by us. For example, the data subject is obliged to providing personal data when our company concludes a contract with them. Not providing personal data would result in not being able to conclude the contract with the data subject. Before providing personal data by the data subject, the data subject must turn to one of our employees. In the individual case, our employee informs the data subject about whether or not the provision of personal data is legally or contractually mandatory or required for the conclusion of contract, if there is an obligation to provide the personal data and they inform the data subject about the consequences of not providing their personal data.
15. Existence of an automated decision-making
As a responsible company, we renounce an automated decision-making or profiling.
This data privacy statement was generated by the data privacy statement generator of the DGD Deutsche Gesellschaft für Datenschutz GmbH that acts as the external data protection official Bamberg in cooperation with the lawyer for IT and data privacy laws, Christian Solmecke.