In the following, we would like to inform you (in accordance with Art. 12 ff. GDPR) which personal data (hereinafter also referred to as "data") we collect in the course of providing our website, its contents and functions and for what purposes we process this data.
WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?
Keitgen GmbH, Goldguldenweg 11, 53489 Sinzig, Germany
Authorized representative: Joseph Keitgen
E-mail address: firstname.lastname@example.org
Further information about the company, as well as further contact details can be found in our imprint above.
WHICH DATA DO WE PROCESS?
In the course of providing our website we process various types of data:
- General data (e.g. name, address)
- Content data (e.g. messages transmitted, text entries)
- Contact details (e.g. e-mail address, telephone number)
- Communication data (e.g. device information, IP addresses)
- Usage data (e.g. visited sub-pages, content interests, access durations/times)
We process this data from different categories of data:
- Interested parties and users (e.g. visitors to the website)
- Employees (e.g. salaried employees, applicants)
- Business partners (e.g. prospects, customers, suppliers)
- Communication partners
WHY AND FOR WHAT PURPOSE DO WE PROCESS THIS DATA?
Through our website we have the possibility to offer visitors more information about our company, products and services. This offering of information is based on a legitimate interest (Art. 6 (1f) GDPR).
If we receive data from you, we will only process this data for the purposes for which we received or collected it.
Data processing for other purposes will only be considered if the necessary legal requirements according to Article 6 (4) GDPR are met. In this case we will of course comply with any information obligations pursuant to Article 13 (3) GDPR and Article 14 (4) GDPR.
We process this data for the following purposes:
- Provision of the website, its functions and contents
- Replying to inquiries and communication
- Security measures
- Reach measurement, marketing and direct marketing
- Fulfilment of (pre-)contractual obligations, performance and service
PROVISION OF THE ONLINE OFFER AND WEB HOSTING
We use a web hosting service provider to provide our online services securely and efficiently. We rely on its infrastructure and platform services, computing capacity, storage space, databases, technical maintenance and security services.
Through the mere use of our website, a number of data are automatically collected by the systems within the context of web hosting. This data is technically necessary to ensure the stability and security of the systems. The processing is carried out on the legal basis of legitimate interest (Art. 6 (1f) GDPR).
Such data (in the context of access/log files) may include IP address, date/time of the request, content of the requested page, transmitted content, transmitted data volumes, referring website, browser, operating system, language, etc. This collected data is automatically deleted or made anonymous after one week.
To furthermore secure the users privacy, we also use additional security measures such as shortening the IP address or SSL encryption of the website.
Web hosting providers used:
DigitalOcean LLC, 101 Avenue of the Americas, 10th Floor New York, NY 10013, U.S.A.
Our web hosting server is however located in their datacenter in Frankfurt Germany.
ON WHAT LEGAL BASIS IS THE DATA PROCESSING BASED?
The legal basis for the processing of personal data is in principle - insofar as there are no specific legal provisions - Article 6 GDPR. The following possibilities are particularly relevant here:
- Data processing for the performance of contracts or pre-contractual measures (Article 6(1b) GDPR)
- Data processing based on a balancing of interests (Article 6(1f) GDPR)
If we process data on the basis of a weighing of interests, you as the data subject have the right to object to the processing of personal data, taking into account the provisions of Article 21 GDPR.
HOW LONG IS THE DATA STORED?
We process the data as long as this is necessary for the respective purpose.
Insofar as there are legal storage obligations - e.g. in commercial law or tax law - the personal data concerned will be stored for the duration of the storage obligation. After expiry of the obligation to retain data, we will check whether there is any further need for processing. If a necessity no longer exists, the data will be deleted.
As a matter of principle, towards the end of a calendar year, we examine data with regard to the need for further processing. Due to the volume of data, this examination is carried out with regard to specific types of data or the purpose of processing.
Of course, you can at any time (see "Your rights as a data subject") request information about the data we have stored about you and, if not necessary, request that the data be deleted or processing be restricted.
TO WHICH RECIPIENTS WILL THE DATA BE PASSED ON?
Your personal data will only be passed on to third parties if this is necessary for the execution of the contract with you, if the passing on is permitted on the basis of a weighing of interests within the meaning of Article 6 (1f) GDPR, if we are legally obliged to pass on the data or if you have given your consent. In the run-up to a possible disclosure of your data, we make sure that the protection of your data is also guaranteed with the third party.
WHERE DO WE PROCESS YOUR DATA?
Your personal data is processed by us in computer centres in the Federal Republic of Germany, the European Union or the European Economic Area.
YOUR RIGHTS AS A "DATA SUBJECT"
You have the right to be informed about the personal data we process about you and have access to this data.
In the case of a request for information that is not made in writing, we ask for your understanding that we may then require you to provide evidence that proves that you are the person you claim to be.
When requesting information/access, we would like to point out that we do not have access to the metadata that is/was processed by the hosting provider. Therefore, we cannot provide you with any information on this. Only the respective provider in itself has access to the data that is stored about its users in order to provide information and only this provider has access to take appropriate measures if necessary.
Should you nevertheless require assistance, please do not hesitate to contact us.
Furthermore, you have the right to correction or deletion or to restriction of processing, as far as you are legally entitled to do so.
Furthermore, you have the right to object to the processing within the framework of the legal requirements. The same applies to a right to data transferability.
In particular, you have a right of objection in accordance with Article 21 (1 and 2) GDPR against the processing of your data in connection with a direct advertising campaign, if this is based on a weighing of interests.
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. You can find an overview of the data protection officers for Germany, as well as their contact details, by clicking on the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
HOW TO REACH OUR DATA PROTECTION OFFICER
Due to our company size, we are not required by law to appoint a data protection officer. Any inquiries can however be sent to the person responsible for the website to email@example.com.
In the event that we process your data on the basis of your consent, we will automatically inform you about changes to our data protection declaration.
Version: January 2020