Data Protection: Kannegiesser

Privacy Policy

Forewords

We take the protection of your personal data seriously and would like to take this opportunity to inform you about data protection.
As part of our responsibility under data protection law, additional obligations have been imposed on us by the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: "GDPR") in order to ensure the protection of personal data of the person affected by processing (we also refer to you as the data subject hereinafter as "customer", "user", "you", "you" or "data subject").
Our privacy policy has a modular structure. In order to find the parts relevant to you, please refer to the following overview of the subdivision of the privacy policy:

I. GENERAL INFORMATION

1)   Definitions
2)   Legal basis for the processing of personal data
3)   Legal basis for storage in the user's terminal device
4)   Name and address of the controller
5)   Contact details of the data protection officer
6)   Responsible data protection supervisory authority
7)   Your rights
8)   Changes to privacy policy

II. WEBSITE

1)   Processing when visiting the website
2)   myKannegiesser Account
3)   Contact form
4)   Cookies
5)   Social media
6)   Data transmission
7)   No obligation to provide personal data
8)   Data storage
9)   Profiling
10)   Links on the website

III. APPLICATION (APP)

1)   Information on the processing of your data
2)   Creation of a user account (registration) and login
3)   Deletion of the user account
4)   Use of the app
5)   Disclosure and transfer of data
6)   Data transfers to third countries
7)   Changes of purpose
8)   Data storage period

IV. BUSINESS PARTNERS (INTERESTED PARTIES, CUSTOMERS, SUPPLIERS)

1)   Why are we allowed to do this?
2)   Disclosure and transfer of data
3)   Data transfer to third countries
4)   Data storage period
5)   Provision of your data
6)   Automated decision making / profiling

_ _ _ _

I. General information

1) Definitions

In accordance with Art. 4 GDPR, this privacy policy is based on the following definitions:

a) "Personal data" (Art. 4 No. 1 GDPR) are all Information that relates to an identified or identifiable person natural person ("data subject"). An identifiable person is person I they are directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, an online identifier, location data or with the help of information about their physical, physiological, genetic, psychological, economic, cultural or social identity characteristics can be identified. Identifiability can also be achieved by means of a Linking of such information or other additional knowledge be given. The formation, the form or the Embodiment of the information is not important (also photos, video or Sound recordings may contain personal data).

b) "Processing" (Art. 4 No. 2 GDPR) means any operation which involves personal data is handled, whether with or without with the help of automated (i.e. technology-supported) processes. This includes in particular the collection (i.e. the procurement), recording, the organizing, arranging, storing, adapting, or Modification, reading out, querying, use, disclosure Disclosure by transmission, dissemination or otherwise provision, the comparison, the linking, the restriction, the the deletion or destruction of personal data and the Change in an objective or purpose that is subject to a data processing was originally used as a basis.

c) "Controller" (Art. 4 No. 7 GDPR) is the natural or legal person who legal person, public authority, agency or other body which alone or jointly with others on the purposes and means of the processing of personal data.

d) "Third party" (Art. 4 No. 10 GDPR) means any natural or legal person Person, authority, institution or body other than the data subject, the data controller, the data processor and the persons who under the direct responsibility of the person responsible or processor are authorized to process the personal data process; this also includes other legal entities belonging to the Group.

e) "Processor" (Art. 4 No. 8 GDPR) is a natural or legal person who legal person, public authority, agency or other body which personal data on behalf of the controller, in particular in accordance with its instructions (e.g. IT service provider). In particular, a processor is not a third party in terms of data protection law.

f) "Consent" (Art. 4 No. 11 GDPR) of the data subject means each voluntarily for the specific case, in an informed manner and unequivocal expression of intent in the form of a declaration or any other unambiguous confirmatory act, with which the data subject indicates that he or she does not agree with the Processing of personal data concerning you agrees.

2) Legal basis for the processing of personal data

According to the provisions of the GDPR, any processing of personal data is prohibited in principle and is only permitted if the data processing falls under at least one of the following legal bases:

a) "Consent" pursuant to Art. 6 para. 1 lit. a GDPR: If the data subject has voluntarily, in an informed and unambiguous manner, by means of a statement or other unambiguous confirmatory act, indicated that they consent to the processing of their personal data for one or more specific purposes;

b) "Contract fulfillment" pursuant to Art. 6 para. 1 lit. b GDPR: If the processing
is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

c) "Fulfillment of legal obligations" pursuant to Art. 6 para. 1 lit. c GDPR: If processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a legal obligation to retain data);

d) "Legitimate interest" pursuant to Art. 6 para. 1 lit. f GDPR: If processing is necessary for the purposes of the legitimate (in particular legal or economic) interests pursued by the controller or by a third party, except where such interests are overridden by the interests or rights of the data subject which require protection of personal data.

The applicable legal basis for the processing operations carried out by us is specified below. It should be noted that processing can also be based on several legal bases.

3) Legal basis for storage in the user's terminal device

The storage of information in the terminal equipment of the end user or the
Access to information that is already stored in the terminal equipment is only
Permitted if they are covered by one of the following justifications:

a) § Section 25 (1) GERMAN TELECOMMUNICATIONS DIGITAL SERVICES DATA PROTECTION ACT (TDDDG): If the end user has consented on the basis of clear and comprehensive information. Consent must be given in accordance with Art. 6 para. 1 lit. a GDPR;

b) § Section 25 (2) no. 1 GERMAN TELECOMMUNICATIONS DIGITAL SERVICES DATA PROTECTION ACT (TDDDG): If the sole purpose is the transmission of a message via a public telecommunications network or

c) § Section 25 (2) no. 2 GERMAN TELECOMMUNICATIONS DIGITAL SERVICES DATA PROTECTION ACT (TDDDG): If the storage or access is absolutely necessary so that the provider of a telemedia service can provide a telemedia service expressly requested by the user.

The applicable legal basis for the processing operations carried out by us is specified below. It should be noted that processing can also be based on several legal bases.

4) Name and address of the controller

Responsible for data processing:
Herbert Kannegiesser GmbH
Kannegiesserring 8
32602 Vlotho, Germany

E-mail: info@kannegiesser.de

5) Contact details of the data protection officer

The data protection officer can be contacted as follows:
Herbert Kannegiesser GmbH
Attn. Data privacy
Kannegiesserring 8
32602 Vlotho, Germany

E-mail: datenschutz@kannegiesser.de

6) Responsible data protection supervisory authority

Landesbeauftragte für Datenschutz und Informationsfreiheit
Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf, Germany

Phone: 0211/38424-0
Fax: 0211/38424-10

E-mail: poststelle@ldi.nrw.de

7) Your rights

You can assert your rights as a data subject with regard to your processed personal data at any time using the contact details provided at the beginning under "I( 2 or 3). As the data subject, you have the right to

a) to request information about your data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;

b) in accordance with Art. 16 GDPR, to immediately request the correction of incorrect data or the completion of your data stored by us;

c) in accordance with Art. 17 GDPR, to demand the deletion of your data stored by us, unless the processing is necessary to fulfill a legal obligation or to assert, exercise or defend legal claims;

d) in accordance with Art. 18 GDPR, to demand the restriction of the processing of your data if the accuracy of the data is disputed by you or the processing is unlawful;

e) in accordance with Art. 20 GDPR, to receive your data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller ("data portability")

f) In accordance with Art. 21 GDPR, an objection to the processing can be lodged if the processing is based on Art. 6 para. 1 lit. f GDPR. If it is not an objection to direct marketing, when exercising such an objection it is necessary to state the specific reasons why we should not process the data. In such a case, the situation will be examined, after which either the data processing will be adjusted if the reasons you have given are justified, or the data processing will continue.

g) in accordance with Art. 77 GDPR, you can complain to a data protection supervisory authority about the processing of your personal data in our company, for example to the data protection supervisory authority responsible for us, see Section I No. 6

The rights described apply to all processing listed in this privacy policy. They are not mentioned again in the other sections.

8) Changes to privacy policy

As part of the further development of data protection law as well as technological or organizational changes, our privacy policy will be reviewed to determine whether it needs to be adapted or supplemented. You will be informed of any changes on our website (https://www.kannegiesser.com/de/de/datenschutz.html).
This privacy policy has the status 05.2025

II. Website

1) Processing when visiting the website

We require the following data to provide our website. The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR, as our company has a legitimate interest in a website.

a)   Web server
When you visit our website, your browser automatically transmits the following data to the web server on which our website is operated (hosted):
•   IP address in anonymized form is used to determine the location of access
•   Referrer (previously visited website)
•   Requested web page or file
•   Browser type and browser version
•   Operating system used
•   Device type used
•   Time of access

b) Statistics
Our website provider provides us with the following anonymized statistics. We do not use or evaluate the statistics and cannot currently deactivate the creation of statistics:

•   Visitor numbers: Visitors, sessions, page views and search engine robots.
•   Visitor behavior: Duration per session, page views per session and bounce rate.
•   Page analysis: entry pages, exit pages, error pages, most visited pages, pages with a high bounce rate and search terms.
•   Pages of origin: All source pages and referring pages.
•   Visitor locations
•   Browsers & systems: Browsers, browser versions, operating systems and operating system versions.

2) myKannegiesser Account

a) myKannegiesser account creation
In order to provide you with the greatest possible convenience, we offer you the permanent storage of personal data in a password-protected customer account. When you create a myKannegiesser account, your access data will be used to grant you access to your myKannegiesser account and to manage it. The mandatory information for creating an account is marked with an asterisk. Registration is not possible without providing this data.
Creating a myKannegiesser account is voluntary.
To set up a myKannegiesser account, you must enter a password of your choice. This, together with your e-mail address, is used to access your myKannegiesser account. Our password policy stipulates that you use a secure password containing at least 12 characters, upper/lower case, numbers and special characters.
If you create a myKannegiesser account, your personal data will be processed on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke this consent at any time with effect for the future by requesting us to delete your myKannegiesser account.
b) myKannegiesser account deletion
You have the option of deleting your myKannegiesser account at any time. To do so, please send your request for deletion to the following e-mail address: datenschutz@kannnegiesser.de
Please note, however, that this does not mean that all data that can be viewed in the myKannegiesser account will be deleted once you have placed an order with us. For example, we must continue to store data about orders placed if guarantees have been granted with regard to the goods you have purchased and these have not yet expired. Your data will be deleted automatically after expiry of the retention obligations applicable to us under commercial and tax law. The legal basis for this further data processing is Article 6(1)(c) GDPR and Article 6(1)(f) GDPR

3) Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. This data will not be passed on to third parties without your express consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request serves the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR), provided that this has been obtained; consent can be revoked at any time.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.

4) Cookies

A We use cookies on our website. Cookies are small text files that are assigned to the browser you are using and stored on your hard disk by means of a characteristic string of characters and through which sends certain information to the site that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They serve to make the website more user-friendly and effective overall, i.e. more enjoyable
Cookies can contain data that makes it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that are not personally identifiable. However, cookies cannot directly identify a user.

For information on which cookies we use, on what legal basis and how you can manage your cookie settings and disable certain types of tracking, please refer to our Cookie Policy

Use of Matomo
This website uses Matomo, an open source web analysis service, in the cookie-based version to record and analyze usage behavior on our website.
To collect and analyze data, we use Matomo in the so-called cookie variant, i.e. Matomo places cookies on the user's device for this purpose. These cookies enable us to recognize returning visitors and analyse their behaviour on the website - for example, which pages were accessed when and from which region the access was made. In addition, technical data such as the IP address (truncated by 2 bytes), referrer URL, browser used, operating system and interactions (e.g. clicks or purchases) are recorded.
The processing of data through the use of Matomo takes place exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 GERMAN TELECOMMUNICATIONS DIGITAL SERVICES DATA PROTECTION ACT (TDDDG). You can revoke your consent at any time with effect for the future.

5) Social media

We maintain online presences on various social media platforms. If we have included links to our social media platforms on our website, these are pure links and not so-called plugins (requiring consent). When you click on the links, you will be redirected to the websites of the respective social media platforms.
However, as users of the various social media platforms, we have no influence whatsoever on the processing of your data by the providers of the social media platforms. It cannot be ruled out that the providers of the social media platforms may use your data for their own purposes and/or pass it on to third parties. This may concern your habits, personal relationships, preferences and other aspects. We would also like to point out that your data may also be processed outside the European Union, which may make it more difficult or even impossible to enforce your rights. Only access our social media platforms if you are aware of these effects and are willing to accept the risks mentioned

a) LinkedIN
We use the "LinkedIn" platform for the purpose of presenting our company there and drawing your attention to current trends, products and services from us via posts and videos. The following information also serves as data protection information for our online presence there.
The services for the EU are provided by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. The headquarters of LinkedIn Inc. is located in Sunnyvale, California, USA. The company belongs to Microsoft. A hyperlink to LinkedIn is integrated into our website and identified by a logo. Clicking on the logo opens the LinkedIn website.
When you access LinkedIn services, LinkedIn may receive personal data from you.

Details can be found in LinkedIn's privacy policy at the following link: https://www.linkedin.com/legal/privacy-policy
You can find LinkedIn's cookie policy at the following link: https://www.linkedin.com/legal/cookie-policy

As part of the maintenance of our basic company profile, we have limited access to statistical evaluations from LinkedIn, e.g. about the number of page views of our online presence. LinkedIn provides this data in aggregated and anonymized form for certain periods of time, but does not allow any conclusions to be drawn about identifiable visitors to our company page.
We have no influence on the means and purposes of the processing of personal data by LinkedIn, insofar as these are collected in connection with a visit to the LinkedIn website and our LinkedIn online presence. We would like to point out that you use LinkedIn and its functions on your own responsibility. If we process your personal data, this is done on the basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR), as we assume that your fundamental rights to the protection of your personal data do not prevail here.
According to LinkedIn, the data centers for your members (who, like us, are registered with LinkedIn and have an account) are located in the USA. There is a so-called adequacy decision for the transfer to the USA in the form of the Data Privacy Framework. With the adequacy decision, the European Commission has certified that the USA has an adequate level of data protection for personal data compared to the EU.
LinkedIn services require data to be transferred from the European Union (EU) to the United States of America (USA) and back. This also applies to you as a visitor if you use LinkedIn services and certain functions, e.g. if you post a comment on one of our posts.
The data transfer to the USA is based on the Data Privacy Framework and standard contractual clauses. Information from LinkedIn can be found at the following link:
https://www.linkedin.com/help/linkedin/answer/62533?trk=microsites-frontend_legal_privacy-policy&lang=de
https://de.linkedin.com/legal/l/dpa

The LinkedIn user agreement (applies to members and visitors) can be found at the following link: de.linkedin.com/legal/user-agreement. 

Please note the following when using LinkedIn:
Your data will be transferred to the USA. When personal data is transferred, there are risks under data protection law for the person whose data is transferred to the USA. US authorities (in particular intelligence agencies) are entitled to examination rights (in particular pursuant to Section 702 of the Foreign Intelligence Surveillance Act (FISA 702) and Executive Order 12 333) without EU citizens being able to defend themselves against this. These US legal bases allow data access to electronic communications services of non-US citizens even without a court order and legal protection.
As far as judicial protection is concerned, EU citizens do not have the same legal options (legal remedies) as American citizens to defend themselves against the processing of personal data by American authorities.
The United States carries out mass data processing without guaranteeing protection equivalent to that guaranteed by Art. 7 (respect for private and family life) and Art. 8 (protection of personal data) of the EU Charter of Fundamental Rights. Since 2018, there has also been the Cloud Act, which allows US authorities to access data stored by American companies (and their subsidiaries in Europe) that is not stored in the USA.

b) Instagram
We use the "Instagram" platform. Instagram is an online service for sharing photos and videos that belongs to the Meta Group, formerly Facebook.
We use the technical platform and services of Facebook Ireland Ltd, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland for the information service offered here
We would like to point out that you use the Instagram page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, rating).
When you visit this Instagram page, Facebook collects, among other things, your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with anonymized statistical information about the use of the Instagram page.
The data collected about you in this context will be processed by Facebook Ltd. and, if necessary, transferred to countries outside the European Union . Facebook describes what information Facebook receives and how it is used in its data usage guidelines. There you will also find information on how to contact Facebook and the settings options for advertisements. The data usage guidelines are available at the following link: help.instagram.com/519522125107875. The complete data guidelines of the Instagram service can be found here: https://help.instagram.com/581066165581870/?helpref=hc_fnav

Facebook provides information about the use of cookies as part of the cookie policy for the Instagram service: https://help.instagram.com/1896641480634370/?helpref=hc_fnav.

We would like to point out that Facebook Ireland is able to track your user behavior (across devices for registered users) beyond the Instagram service on other websites by means of the cookies used. This applies both to those registered with the Instagram service and to those not registered there.
According to its own information, Facebook stores data until it is no longer needed to provide the services and Facebook products or until the user's account is deleted, whichever comes first. This depends on the circumstances of the individual case, in particular the type of data, why it is collected and processed and the relevant legal or operational storage requirements. You can find more information on the storage of data at: https://de-de.facebook.com/about/privacy

Facebook processes a range of personal data of page visitors in its so-called Page Insights for its own purposes. The processing takes place regardless of whether page visitors are registered with Facebook or Instagram or not and regardless of whether page visitors are members of the Facebook or Instagram network. Users who access the Instagram pages without being registered or logged in to Instagram also have the option of influencing the scope of data processing by means of a cookie banner set by Facebook. You can find more information about Facebook cookies at: https://www.facebook.com/policies/cookies/

Page Insights are summarized, anonymized statistics. Site operators themselves do not have access to the personal data processed in this context, but only to the summarized, anonymized Page Insights. You can find more information at: https://www.facebook.com/help/instagram/788388387972460

The Instagram page offers you the opportunity to react to our posts, comment on them and send us private messages. Please check carefully what personal data you share with us via our Instagram page. If you would like to prevent Facebook from processing personal data that you have transmitted to us, please contact us by other means, for example via our contact options.
If users' personal data is processed, they have the right to information, correction, objection, transferability and deletion of the data in accordance with the EU General Data Protection Regulation. Facebook Ireland is obliged to respond to requests from data subjects. Facebook provides further information on the rights of data subjects here: https://www.facebook.com/help/2069235856423257

Inquiries from users about data processing when visiting an Instagram page, which is the sole responsibility of Facebook Ireland, will be forwarded by us to Facebook Ireland. Users can contact Facebook's data protection officer themselves at the following link: https://www.facebook.com/help/contact/540977946302970

Facebook also provides information about privacy-friendly profile settings for Instagram profiles: https://help.instagram.com/811572406418223/?helpref=hc_fnav

6) Data transmission

As part of the processing, your data may be transmitted to:
• Persons within our company who are directly involved in data processing:

• Service providers who are contractually bound and obliged to maintain confidentiality and who perform parts of the data processing tasks, e.g. by our website provider

Your data will not be transferred to third parties unless we are legally obliged to do so.

7) No obligation to provide personal data

We do not make the conclusion of contracts with us dependent on you providing us with personal data beforehand. As a customer, you are under no legal or contractual obligation to provide us with your personal data; however, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data, e.g. sending the newsletter

8) Data storage

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies.
You can find out more about the storage period for the individual cookies in the Cookie Policy under Section II No. 3.

9) Profiling

We do not intend to use personal data collected from you for automated decision-making (including profiling).

10) Links on the website

Our website contains links to other websites that are not under our control. We are not responsible for the privacy practices of these other sites. We encourage you to familiarize yourself with the privacy policies of all sites you visit when you leave our site. This privacy policy applies solely to information collected through our website.

III. Application (APP)

This app is provided by Herbert Kannegiesser GmbH (hereinafter "we" or "us") as the controller.
As part of the app, we enable you to access and display the following information: Webshop, My Machines, Video Center, Help, download area if applicable. When you use the app, we process personal data about you and our app accesses information on your end device. With the following information, we would like to inform you which personal data we process and which information from your end device we access when you use the app and how we handle this data.

You can access this privacy policy at any time under the menu item "Settings" via the user profile within the app.

1) Information on the processing of your data

a) Information collected during the download: When downloading the app, certain required information is transmitted to the app store you have selected (e.g. Google Play or Apple App Store), in particular the user name, e-mail address, customer number of your account, time of download, payment information and individual device identification number may be processed. This data is processed exclusively by the respective app store and is beyond our control.

b) Information that is collected automatically: As part of your use of the app, we collect certain data automatically that is required for the use of the app. This includes:

•   User ID/username
•   Name
•   E-mail address
•   Client list
•   Preferred language
•   Telephone model
•   Platform used (e.g. cell phone, tablet, desktop)
•   Telephone version
•   Phone manufacturer

This data is not stored, but is automatically transmitted to us:
•   to provide you with the service and the associated functions;
•   improve the functions and features of the app and
•   prevent and eliminate misuse and malfunctions.

This data processing is justified by the fact that you have consented to the storage of and access to information that is already stored in your terminal device on the basis of the information provided in accordance with Section 25 (1) GERMAN TELECOMMUNICATIONS DIGITAL SERVICES DATA PROTECTION ACT (TDDDG) or access to the information stored in the terminal device in accordance with Section 25 (2) no. 2 GERMAN TELECOMMUNICATIONS DIGITAL SERVICES DATA PROTECTION ACT (TDDDG) is absolutely necessary so that we as the provider can provide the app service you have expressly requested or the processing is necessary for the performance of the contract between you as the data subject and us pursuant to Art. 6 para. 1 lit. b GDPR for the use of the app, or we have a legitimate interest in ensuring the functionality and error-free operation of the app and in being able to offer a service in line with the market and our interests pursuant to Art. 6 para. 1 lit. f GDPR.

2) Creation of a user account (registration) and login

When you create a user account or register, your access data (e-mail address and password) will be used to grant you access to your user account and to manage it. This information is mandatory and is marked with an asterisk. Registration is not possible without providing this data.

We use the mandatory information to authenticate you when you log in and to follow up requests to reset your password. We process and use the data you enter when registering or logging in in order to
•   to verify your authorization to manage the user account;
•   enforce the terms of use of the app and all associated rights and obligations, and
•   to contact you in order to send you technical or legal information, updates, security messages or other messages relating to the management of the user account, for example.

This data processing is justified by the fact that:
•   you have consented to the storage of and access to information that is already stored on your device on the basis of the information provided in accordance with Section 25 (1) GERMAN TELECOMMUNICATIONS DIGITAL SERVICES DATA PROTECTION ACT (TDDDG),
•   the storage of information or access to information within the meaning of Section 25 (2) No. 2 GERMAN TELECOMMUNICATIONS DIGITAL SERVICES DATA PROTECTION ACT (TDDDG) is absolutely necessary in order to provide you with the desired service of the app,
•   the processing is necessary for the performance of the contract between you as the data subject and us pursuant to Art. 6 para. 1 lit. b GDPR for the use of the app
•   we have a legitimate interest in ensuring the functionality and error-free operation of the app, which outweighs your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f GDPR.

3) Deletion of the user account

You have the option of deleting your user account at any time. Please note, however, that this does not mean that all data that can be viewed in the user account will be deleted if you have placed an order with us. For example, we must continue to store data on orders placed if guarantees have been granted with regard to the goods you have purchased and these have not yet expired. Your data will be deleted automatically after expiry of the retention obligations applicable to us under commercial and tax law. The legal basis for this further data processing is Article 6(1)(c) GDPR and Article 6(1)(f) GDPR.

4) Use of the app

You can enter, manage and edit various information, tasks and activities in the app.
The app also requires the following authorizations:
• Internet access: This is required to establish a connection to the app.
• Camera access: This is required so that you can scan QR codes and barcodes if necessary.

• the processing is necessary for the performance of the contract between you as the data subject and us pursuant to Art. 6 para. 1 lit. b GDPR for the use of the app

• we have a legitimate interest in ensuring the functionality and error-free operation of the app, which outweighs your rights and interests in the protection of your personal data within the meaning of Art. 6 para. 1 lit. f GDPR.

5) Disclosure and transfer of data

Your personal data will only be passed on without your express prior consent in addition to the cases explicitly mentioned in this data protection declaration if it is legally permissible or required.
• The data you provide during registration will be passed on within our group of companies for internal administrative purposes, including joint customer support, to the extent necessary. The legal basis is Art. 6 para. 1 lit. f GDPR, as we have a legitimate interest in passing on the data for administrative purposes within our group of companies and your rights and interests in the protection of your personal data in the sense of do not outweigh this.

• If it is necessary to investigate unlawful or improper use of the app or for legal prosecution, personal data will be forwarded to law enforcement authorities or other authorities and, if necessary, to injured third parties or legal advisors. However, this only happens if there are indications of unlawful or abusive behavior. Disclosure may also take place if this serves to enforce terms of use or other legal claims. We are also legally obliged to provide information to certain public authorities on request. These are law enforcement authorities, authorities that prosecute administrative offenses subject to fines and the tax authorities. The legal basis is the legal obligation pursuant to Art. 6 para. 1 lit. c GDPR in conjunction with national legal requirements to pass on data to law enforcement authorities and Art. 6 para. 1 lit. f a legitimate interest in passing on the data in the event of indications of abusive behavior or to enforce our terms of use, other conditions or legal claims named third parties and your rights and interests in the protection of your personal data do not prevail.

• We rely on the external service provider for the provision of our service: network.publishing GmbH, Berrenrather Str. 188b, 50937 Cologne (DE). The transfer of personal data is justified by the fact that we have carefully selected our external service provider as a processor in accordance with Art. 28 para. 1 GDPR and have contractually obliged them to process all personal data exclusively in accordance with our instructions.

6) Data transfers to third countries

Your data will not be transferred to third countries when you use our app.

7) Changes of purpose

Your personal data will only be processed for purposes other than those described if this is permitted by law or if you have consented to the changed purpose of the data processing. If your data is to be processed for purposes other than those for which it was originally collected, we will inform you of this in advance and provide you with all other relevant information.

8) Data storage period

Your personal data will be deleted or anonymized as soon as it is no longer required for the purposes for which we collected or used it in accordance with the above paragraphs. Unless otherwise stated, your personal data will only be stored for the duration of the usage or contractual relationship via the app, unless this data is required for longer for criminal prosecution or to secure, assert or enforce legal claims.
Specific information in this privacy policy as well as legal requirements for the storage and deletion of personal data, in particular those that must be stored for tax reasons, remain unaffected by this regulation.

IV. Business partners (interested parties, customers, suppliers)

We primarily process personal data that you provide to us yourself in the context of contractual and business relationships or that we receive from the respective contractual and business partners (e.g. from your colleagues with whom we are already in contact), for example in the context of processing an inquiry or an order. We also process personal data that we collect from publicly accessible sources (e.g. commercial register, press, internet) or receive from third parties (e.g. credit agencies, business partners). We will make separate reference to the collection of personal data from third-party sources.
Relevant personal data are in particular identity data (e.g. surname, first name, date of birth, tax number / VAT ID) as well as contact and address data (e.g. address, billing address, telephone number, e-mail address). In addition, this may also include contract or order data (e.g. sales data, volumes, planned quantities), data from the fulfillment of our contractual obligations, information about your financial situation (e.g. creditworthiness data), personal data (e.g. business interests, profession, industry, position, tasks and powers) and other data comparable to the categories mentioned.
The scope of the data processed about a person varies depending on the function in which the person appears to us, such as the position they hold with the respective business partner.

1) Why are we allowed to do this?

Data protection law allows us (pursuant to Art. 6 para. 1 lit. b GDPR) to process data that is necessary for the performance of a contract or for the implementation of pre-contractual measures. If you voluntarily provide us with personal data beyond what is necessary, data protection law allows us to process this information on the basis of consent (pursuant to Art. 6 para. 1 lit. a GDPR). Data protection law also allows us to process your data in accordance with Art. 6 para. 1 lit. c GDPR if there is a legal obligation to do so. We may process your data if we have a legitimate interest (e.g. company security, securing our receivables and other economic interests, external presentation of the company) and your conflicting interest does not prevail (Art. 6 para. 1 lit. f GDPR).
As part of business interactions with business partners, we also use digital communication options such as the video conferencing tool "MS TEAMS". We process the following personal data: User data (name, pseudonym, user ID), meeting metadata (topic, participant IP addresses, device information), meeting content data: Text, audio and video data as well as any shared documents.
The purpose of using these services is to enable our business partners and us to meet virtually via these digital communication platforms in a fast, environmentally friendly and cost-efficient manner as part of our business activities, without having to visit one of the partners on site each time (especially if several meetings are required).
When using the aforementioned application, no audio or video recordings are usually made. Your data will not be forwarded to third parties.
The legal basis for processing your data "IP address" and "name" (as well as "image" if the camera is activated) in the context of an online meeting (virtual meeting) via the video conferencing tool described above is based on your consent pursuant to Art. 6 para. 1 lit. a & f GDPR (consent of the data subject & legitimate interest of the controller) if you accept our offer or appointment proposal. The legal basis for the processing of the other data communicated during the online meetings is Article 6 (1) (b) GDPR (performance of a contract).
Further data processing is carried out on the basis of legal requirements (Art. 6 para. 1 lit. c GDPR): for example, to fulfill tax and other legal control and reporting obligations, as well as audits by tax or other authorities and to comply with legal retention periods.

2) Disclosure and transfer of data

As part of the processing, your data may be transmitted to:
•   Persons within our company who are directly involved in data processing (e.g. sales, purchasing)
•   Service providers who are contractually bound and obliged to maintain confidentiality and who perform sub-tasks of data processing as well as other external bodies (companies, authorities, credit agencies, etc.) if this is necessary.
•   If it is necessary to clarify or prosecute unlawful or abusive incidents, personal data will be forwarded to our legal advisors, the law enforcement authorities and, if necessary, to injured third parties. However, this only happens if there are concrete indications of unlawful or abusive behavior. Data may also be passed on if this serves to enforce contractual regulations between us and our contractual and business partners.

3) Data transfer to third countries

This is not planned by us. An exception to this would only be conceivable if you were to initiate this or if this were necessary for (pre-)contractual measures. Legal basis: Art. 6 para. 1 lit. b GDPR, Art. 49 para. 1 lit. b GDPR.
Furthermore, it cannot be ruled out that parts of your data may be transferred to a third country when using the above-mentioned video conferencing tools.

4) Data storage period

We process your personal data for the duration of your employment with one of our business partners, but no longer than until the final termination of the respective business relationship between us and your employing company. We delete transaction-related information (e.g. relating to a specific contractual or order relationship) after completion of the respective transaction, e.g. fulfillment of a supply contract, with a period of three years after the end of the respective calendar year, unless it is subject to longer statutory retention obligations (such as the six or ten-year retention period pursuant to Section 257 of the German Commercial Code); in such a case, the data concerned will be blocked for any further processing.

5) Provision of your data

In order to achieve the purposes described above, it is necessary for you to provide us with your personal data. This is absolutely necessary or legally required for the fulfillment of the contract with you. With
We cannot fulfill the contract with you if the data is not provided.

6) Automated decision making / profiling

There is no automated decision-making / profiling.