Data protection

Data protection

1 Introduction

With the following information we would like to give you as an "affected person" an overview of the processing of your personal data by us and your rights under the Data Protection Law. A use of our internet pages is basically possible without the input of personal data. However, if you wish to use special services of our company through our website, it may be necessary to process your personal data. If the processing of personal data is required and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address or e-mail address, always takes place in accordance with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection regulations applicable to "Walter Kraus GmbH". By means of this privacy policy we would like to inform you about the scope and purpose of the personal data collected, used and processed by us.

We have implemented many technical and organizational measures as responsible Company in order to ensure the most complete protection possible for personal data processed through this website. Nevertheless, Internet-based data transmissions can generally have security holes, so that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us in alternative ways, such as by phone or by post.

2 Responsibilities

Responsible within the meaning of the GDPR is the:

Walter Kraus GmbH

Aindlinger Straße 13, 86167 Augsburg, Germany

Telephone: +49 (0) 821 796090

Fax: +49 (0) 821 7960926

E-Mail: zentrale@kraus.de

Head of the responsible office: Mr. Markus Kraus

3. Data Protection Officer

The data protection officer can be reached as follows:

Stephan Weiss

Telephone: +49 821 650 85 177

Fax: +49 821 650 93 470

E-Mail: DS-WalterKraus@ub-weiss.com

If you have any questions or suggestions regarding data protection, you can contact our data protection officer at any time.

4. Definitions

The privacy statement is based on the terminology used by the European Union‘s legislature in the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain in advance the terminology used.

We use the following terms in this privacy policy, including but not limited to:

a. Personal data

Personal data is any information that relates to an identified or identifiable natural person. A natural person well be considered as identifiable - either direct or indirect - in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, which does express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.

b. Affected person

Affected person is any identified or identifiable natural person whose personal data is processed by the repsonsible personsof our company.

c. Processing

Processing means performing any process related to personal data with or without automated processing related to personal data, such as collecting, organizing, storing, adapting or modifying, selecting, querying and using the data, with or without the aid of automated procedures as well as disclosure by submission, distribution or any other form of provision, reconciliation or association, restriction, deletion or destruction.

d. Restriction of processing

Restriction of the processing is the marking of filed personal data with the aim to limit its future processing.

e. Profiling

Profiling is any kind of automated processing of personal data that serves to use personal information and to evaluate certain personal aspects relating to a natural person, particulary focusing on the analysis and prediction of aspects related to job performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or relocation of that natural person.

f. Pseudonymization

Pseudonymisation is the processing of personal data in a way that personal data can no longer be attributed to a person´s specific data without using additional information, as long as such additional information is kept separatly and subjected to technical and organizational measures ensuring that the personal data can not be assigned to an identified or identifiable natural person.

g. Processors

The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the person responsible.

h. Recipient

Recipient is a natural or legal person, public authority, agency, company or other entity to whom Personal Data is disclosed, no matter if it is a third party or not. However, public authorities which may receive personal data under EU or national law as part of a particular inquiry on this are not considered receivers.

i. Third Party

A third party is a natural or legal person, public authority, agency, company or body other than the affected person, the controller, the data processor or the persons authorized under the direct responsibility of the controller or the data processor to process the personal data.

j. Consent

A consent is any voluntarily given and unambiguously expressed act by the affected person in the form of a statement or other unambiguous confirmation on the particular case, by which the affected person indicates that he/she consents and accepts the processing of the concerned personal data.

5. Legal basis of processing

Art. 6 para. 1 lit. A GDPR serves our company as the legal basis for processing operations where we obtain consent for a particular processing purpose.

If the processing of personal data is necessary to fulfill a contract of which you are a party (e.g. in processing operations necessary for the supply of goods or the provision of any other service or consideration), the processing is based on Art. 6 para. 1 lit. b GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries regarding our products or services.

If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing is based on Art. 6 para. 1 lit. c GDPR.

In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and his or her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. Then processing would be based on Art. 6 para. 1 lit. d GDPR.

Finally processing operations can be based on Art. 6 para. 1 lit. f GDPR. On this legal basis, Data will be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’). The processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights and fundamental freedoms of the person prevail. Such processing operations are particularly allowed to us since they have been specifically mentioned by the European legislator. In that regard, a legitimate interest may be assumed, if you are a customer of our company (Recital 47, second sentence, GDPR).

6 technology

6.1 SSL / TLS encryption

This Web site uses an SSL or TLS encryption to ensure the security of the data processing and to protect the transmission of confidential content, such as orders, login details or contact requests that you send to us as the operator or user. An encrypted connection can be recognized by the fact that the address bar of the browser contains an "https: //" instead of an "http: //" and the lock symbol in your browser bar.

If SSL or TLS encryption is enabled, the data you submit to us can not be read by third parties.

6.2 Data collection when visiting the website

In the case of the merely informative use of our website, if you do not register or otherwise provide us with information, we will only generate data that your browser transmits to our server (in so-called "server log files"). Our website collects a series of general data and information each time a page is accessed by you or an automated system. This general data and information is stored in the log files of the server. Recorded can be:

  1. used browser types and versions,
  2. the operating system used by the accessing system,
  3. the website from which a system accesses our website (so-called referrers),
  4. the sub-web pages, which are accessed from an accessing system on our website,
  5. the date and time of access to the website,
  6. an internet protocol address (IP address),
  7. The Internet service provider of the accessing system.

When using this general data and information, we draw no conclusions about your person. Rather, this information is needed

  1. to deliver the contents of our website correctly,
  2. to optimize the content of our website as well as to optimize the advertising for it,
  3. to ensure the long-term functionality of our IT systems and the technology of our website,
  4. to provide law enforcement with information necessary for prosecution in the event of a cyberattack.

This collected data and information is therefore on the one hand statistically evaluated by us and furthermore aims to increase data protection and data security in our company in order to ensure an optimum level of protection for the personal data we process. The data of the server log files are stored separately from all personal data provided by an affected person.

The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f GDPR. Our legitimate interest is shown in the data collection purposes listed above.

7 cookies

7.1 General information about cookies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our site. Cookies do not harm your device, do not contain viruses, Trojans or other malicious software.

In the cookie information is stored, which results from the connection with the specific terminal used. However, this does not mean that we are immediately aware of your identity.

The usage of cookies targets to improve our web based offer for you. For example, we use so-called session cookies to recognize that you have already visited individual pages on our website. These are automatically deleted after leaving our page.

In addition, to improve usability, we also use temporary cookies that are stored on your device for a specified period of time. If you visit our site again using our services, it will automatically recognize that you have already visited us and which particular inputs and settings you have made, so you do not have to re-enter them.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer. These cookies allow us to automatically recognize when you visit our site again that you have already been with us. These cookies are automatically deleted after a defined time.

The data processed by cookies is required for the purposes mentioned in order to safeguard our legitimate interests as well as third parties according to Art. 6 para. 1 sentence 1 lit. f GDPR.

Most browsers accept cookies automatically. However, you can configure your browser in the way that no cookies are stored on your computer or alternatively a hint appears any time before a new cookie is created. However, disabling cookies completely may limit your ability to use the features on our website.

8 Contents of our Website

8.1 Contact / Contact form

When contacting us (for example via contact form or e-mail), personal data is collected. The data collected throughout your Inputs is stated on the respective contact form. These data is stored and used solely for the purpose of answering your request or for establishing the contact and is stored and used for the associated technical administration. The legal basis for processing the data is our legitimate interest in answering your request in accordance with Art. 6 para. 1 lit. f GDPR. If your contact is aiming to conclude a contract with us, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR. Your data will be deleted from our Web services after the processing of your request is finalized and as long as there is no legal obligation to keep the data.

9 web analytics

9.1 Google Analytics

Our websites use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.com/intl/en/about/, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA, hereinafter "Google"). In this context, pseudonymised user profiles are created and cookies (see point 4) are used. The information about your use of this website generated by the cookie such as:

  1. Browser type / version,
  2. the used operating system,
  3. Referrer URL (the previously visited page),
  4. Host name of the accessing computer (IP address),
  5. time of server request,

is transmitted to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage for the purpose of market research and tailor-made website design. This information may also be transferred to third parties if required by law or if third parties process this data in the order. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymized, so that an assignment is not possible (IP masking).

You can prevent the installation of cookies by setting the browser software accordingly; however, we point out that in this case not all features of this website may be fully exploited.

You have given your consent to this within the meaning of Art. 6 para. 1 lit. A GDPR via our opt-in cookie banner.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data from Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent detection by Google Analytics by clicking on the following link: Deactivate Google Analytics. An opt-out cookie, that will prevent the future collection of your data when visiting this website, will be set. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

For more information about privacy related to Google Analytics, see the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=en).

9.2 Matomo

We have integrated the component Matomo on this website. Matomo is an open source software tool for web analysis. Web analysis is the recording, collection and analysis of data about the behavior of visitors to websites. Among other things, a web analysis tool collects data about the webseite, from which an affected person accessed our website (so-called referrer), which subpages of the website were accessed or how often and for which length of stay a subpage was viewed. A web analysis is mainly used to optimize the website and make a cost-benefit analysis of the Internet advertising service.

The software is operated on the server of the controller, the data protection sensitive log files are stored exclusively on this server.

The purpose of the Matomo component is to analyze visitor flows on our website. Among other things, we use the data and information obtained to evaluate the use of this website and to create online reports that show the activities on our websites.

Matomo sets a cookie on your IT system. By setting the cookie, we are enabled to analyze the use of our website. Each time you visit one of the pages on this website, the Internet browser on your IT system will automatically cause the Matomo component to submit data to our server for online analysis. In the course of this technical process, we gain knowledge of personal data, such as the IP address of the person concerned, which among other things serves to help us understanding the origin of visitors and clicks.

The cookie stores personally identifiable information, such as access time, the location from which access was made, and the frequency of visits to our website. Each time you visit our website, this personal information, including the IP address of the Internet connection you use, is transmitted to our server. These personal data are stored by us. We do not share this personal information with third parties.

You can prevent the setting of cookies through our website at any time by means of an appropriate setting of the Internet browser and thus permanently contradict the setting of cookies. Such a setting of the Internet browser used would also prevent Matomo from setting a cookie on your IT system. In addition, a cookie already set by Matomo can be deleted at any time via the Internet browser or other software programs.

Furthermore, you can decline the detection of the data generated by Matomo and related with the use of this website data. To do so, you must set an opt-out cookie. If your IT system is later deleted, formatted, or reinstalled, you must re-opt-out this cookie. By setting the opt-out cookie, however, our internet pages might be no longer fully usable to you.

You have given your consent to this within the meaning of Art. 6 para. 1 lit. a GDPR via our opt-in cookie banner.

Further information and Matomo's applicable privacy policy can be found at https://matomo.org/privacy/.

Revocation of data collection by Matomo

10 plugins and other services

10.1 Google Maps

On our website, we use Google Maps (API) from Google LLC., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google Maps is a web service for displaying interactive (land) maps to visually display geographic information. By using this service you can, for example, see our location and make it easier to get there.

When you visit any of the subpages where the Google Maps map is incorporated, information about your use of our website (such as your IP address) is transmitted to Google's servers in the United States and stored there. This is done regardless of whether Google provides a user account that you are logged in to, or if there is no user account. When you're logged in to Google, your data will be assigned directly to your account. If you do not want to associate with your profile on Google, you'll need to log out of your Google Account. Google stores your data (even for non-logged-in users) as usage profiles and evaluates them. According to Art. 6 para. 1 lit. f GDPR, such an evaluation is based on the legitimate interests of Google in the display of personalized advertising, market research and / or customized design of its website. You have the right to object to the generation of user profiles. On that account you will have to address it to Google directly.

US-based Google LLC is certified under the US Privacy Shield, which ensures compliance with the level of data protection in the EU.

If you disagree with the future transmission of your data to Google when using Google Maps, you can also disable the Google Maps web service completely by turning off the JavaScript application in your browser. Google Maps and the map display on this website might then not be usable anyore.

You have given our consent to this within the meaning of Art. 6 para. 1 lit. a GDPR via our opt-in cookie banner.

Google's Terms of Use can be viewed at https://www.google.com/intl/en/policies/terms/regional.html
and the additional Google Maps terms of service can be found at
https://www.google.com/intl/en_US/help/terms_maps.html

For details on privacy related to the use of Google Maps, please visit the Google Privacy Policy: https://www.google.com/intl/en/policies/privacy/

11 Your rights as an affected person

11.1 Right to confirm

You have the right to ask us for confirmation of your personal data being processed.

11.2 Right to information Art. 15 DS-BER

You have the right at any time to receive free information from us about the personal data stored about you and to receive a copy of this data.

11.3 Right to correction Art. 16 DS-BER

You have the right to demand the correction of incorrect personal data concerning your records. Furthermore, the affected person has the right to request the completion of incomplete personal data, taking into account the purposes of the processing.

11.4 Deletion Art. 17 GDPR

You have the right to demand that the personal data concerning you is being deleted without delays, if applicable by law and processing is not required.

11.5 Restriction of processing Art. 18 GDPR

You have the right to demand that we restrict processing, if there are no other legal requirements valid in case.

11.6 Data transferability Art. 20 GDPR

You have the right to receive your personal data record provided to us in a structured, common and machine-readable format.

You also have the right to transfer this data to another responsible entity without impediment by us (if we have been provided with the personal data from your side), if the processing is based on the consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and the processing is carried out by automated processes, unless the processing is not or no more necessary for the performance of a task in the public interest or in the exercise of official authority which has been entrusted to us.

In addition, when exercising your right to data portability under Article 20 (1) of the GDPR, you have the right to obtain that your personal data will be transmitted directly from one controller to another, where technically feasible and as long as the liberties of any others are not affected.

11.7 Contradiction Art. 21 GDPR

For reasons arising from your particular situation, you have the right to contradict against the processing of personal data related to you, which have been pursued due to Art. 6 para. 1 lit. e (data processing in the public interest) or f (data processing based on a balance of interests) GDPR at any time.

This also applies to a profiling based on these provisions within the meaning of Art. 4 No. 4 GDPR.

If you refuse the processing, we will no longer process your personal information unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing serves the asserting, exercising or defending legal claims.

In addition, you have the right, for reasons arising from your particular situation, to refuse to the processing of personal data concerning for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) of the GDPR unless such processing is necessary to fulfill a public interest task.

Feel free, in the context of using any services of information societies, not withstanding Directive 2002/58 / EC, to exercise your right of refusal through automated procedures where technical specifications are used.

11.8 Revocation of a data protection consent

You have the right to withdraw your consent to the processing of personal data at any time with future effect.

11.9 Complaint to a regulatory authority

You have the right to complain to the Bayerisches Landesamt für Datenschutzaufsicht (BayLDA), Promenade 27 in 91522 Ansbach (www.lda.bayern.de) about our processing of personal data.

12 Routine storage, deletion and blocking of personal data

We process and store your personal data only for the period required to achieve the purpose of the storage or as provided by the legislation and laws to which our company is subject.

If the purpose of the storage is omitted or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

13 Duration of storage of personal data

The criteria for the duration of the storage of personal data is the respective statutory retention period. After the deadline is passed, the corresponding data will be routinely deleted, if the data is no longer required to fulfill the contract or to initiate a contract.

14 Updating and changing the privacy policy

This privacy policy is currently valid and is valid as of September 2018.

Due to the further development of our websites and offers or due to changed legal or official requirements, it may be necessary to change this privacy policy. You can always retrieve and print out the current data protection declaration on the website under https://www.kraus.de/en/data-protection.html.