Data privacy protection according to the specifications of the DSGVO

Thank you for visiting our website or otherwise contacting us.

For us, personal data protection has a particularly high priority. A use of the website is possible without any indication of personal data. However, if you want to use one of our enterprise’s offers online, processing of personal data could become necessary. If the processing of personal data is necessary and if there is no legal basis for such processing, we will generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the current German Federal Data Protection Act (BDSG), the EU General Data Protection Regulation (GDPR) effective as of 25 May 2018, and the Telecommunications Digital Services Data Protection Act (TDDDG).

With this data protection declaration, our company would like to inform you about the type, scope and purpose of the personal data we process and inform data subjects about the rights to which they are entitled.

Our company has implemented numerous technical and organizational measures in order to ensure the most complete protection of the personal data processed. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed.

I. Definitions

II. responsible person

III. data protection officer

IV. Provision of the Website

V. Logfiles

VI. cookies

VII. Consent Management Tool

VIII. WordPress Download Manager

IX. Email Contact

X. Google Maps

XI. Product configurator

XII. Application procedure

XIII. data subject rights

I. Definitions

The data protection declaration of our company is based on the DSGVO. Our data protection declaration should be easy to read and understand. To ensure this, we explain the terms used in advance:

1. Personal data
Personal data is «any information relating to an identified or identifiable natural person (hereinafter ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person» (Art. 4(1) GDPR).
2. Data subject
Data subject is any identified or identifiable natural person whose personal data are processed by the controller.
3. Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
5. Profiling
Profiling is any form of automated processing of personal data where such personal data is used to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
6. Pseudonymization
Pseudonymization is the processing of personal data in which the personal data can no longer be assigned to a specific data subject without the use of additional information. This additional information is kept separately, subject to technical and organizational measures, thus ensuring that the personal data cannot be attributed to an identified or identifiable natural person.
7. Controller or person responsible for processing
The controller or data controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
8. Processor
Processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.
9. Recipient
A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law are not considered recipients.
10. Third Party
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
11. Einwilligung
Einwilligung ist jede von der betroffenen Person freiwillig für den bestimmten Fall in informierter Weise und unmissverständlich abgegebene Willensbekundung in Form einer Erklärung oder einer sonstigen eindeutigen bestätigenden Handlung, mit der die betroffene Person zu verstehen gibt, dass sie mit der Verarbeitung der sie betreffenden personenbezogenen Daten einverstanden ist.

II. RESPONSIBLE

The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

Krapf & Lex Nachf. Verkehrstechnik GmbH & Co. KG
New Gstettenweg 2
D-93426 Roding

Phone: +49 (0) 94 61 / 91 23 72
Fax: +49 (0) 94 61 / 91 12 75
Internet: http://www.krapf-lex.de
E-Mail: contact(at)krapf-lex(dot)de

III. DATA PROTECTION OFFICER

BCCO GmbH
Hermann-Köhl-Strasse 14
93049 Regensburg

Phone: +49 941 69800800
E-Mail: datenschutz@bcco.de

IV. PROVISION OF THE WEBSITE

1. Hosting of the website
For the operation of this website, a so-called hosting service provider is used, on whose European servers the contents of the Internet presence are stored.
The hosting service provider was carefully selected; in addition, all necessary measures were taken to ensure data processing that is permissible under data protection law (for example, the conclusion of a contract on order processing, AVV). Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

— The operating system of the user
— The Internet service provider of the user
— The IP address of the user
— Date and time of access
— Websites from which the user’s system accesses our website
— Websites that are accessed by the user’s system via our website
— File retrieved
— Amount of data sent
The legal basis for the temporary storage of the data is Art. 6 para. 1 lit f. DSGVO.
2. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session. In these purposes lies our legitimate interest according to Art. 6 para. 1 lit. f DSGVO.
3. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
4. The collection of data for the provision of the website is mandatory for the operation of the website, therefore there is no possibility for the user to object.

V. LOGFILES

1. The data is also stored in the log files of our system. Storage of this data together with other personal data of the user does not take place. The legal basis for the creation of the log files is Art. 6 para. 1 lit. f DSGVO.
2. The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f DSGVO.
3. The data in the log files are deleted after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.
4. The storage of data in log files is absolutely necessary for the operation of the website. Therefore, the user has no right to object.

VI. COOKIES

1. Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.The following data is stored and transmitted in the cookies:
— Language settings
— Login information
2. If you have given us your consent, the legal basis for the processing of personal data using cookies is Art. 6 (1) a DSGVO and § 25 (1) TDDDG. You can revoke your consent at any time with future effect by deactivating the relevant category in the «Privacy settings» on this page.
Insofar as the processing is based on our legitimate interests, the legal basis is Art. 6 para. 1 lit. f DSGVO.
3. Cookies are used for the purpose of simplifying the use of the website for our users. The use of analysis cookies is carried out for the purpose of improving the quality of the website so that our offer can be constantly optimized based on the knowledge gained about the exact course of website use. This is also our legitimate interest in processing personal data according to Art. 6 para. 1 lit. f DSGVO.
4. Cookies are stored on the user’s computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

VII. Consent Management Tool

This website uses «Borlabs Cookie» for consent management, which sets a technically necessary cookie (borlabs-cookie) to store your consents. «Borlabs Cookie» does not process any personal data.

The borlabs-cookie cookie stores the consents you have given when entering the website. You can revoke a given consent at any time with effect for the future by deactivating the corresponding category in the «Privacy settings» on this page.

You can also delete the borlabs-cookie cookie in your browser at any time. If you subsequently re-enter/reload the website, you will be asked again for your consent.

VIII. WordPress Download Manager

Our website uses WordPress Download Manager to allow our visitors to download files such as PDFs, images, or videos. When you click on a download link, we may collect information about how many times the file was downloaded and from which IP address the download was made. It is important to note that the download manager does not collect any other personal data unless you voluntarily provide it in order to access the file.

The legal basis for the processing of personal data in connection with the Download Manager is our legitimate interest pursuant to Art. 6 (1) lit. f DSGVO. Our interest is to provide our visitors with a useful function and the ability to quickly and easily access needed files.

For more information, please visit https://www.wpdownloadmanager.com/cookie-policy/

IX. E-mail contact

1. You can contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.
In this context, the data will not be passed on to third parties. The data is used exclusively for processing the conversation.
2. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f DSGVO. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b DSGVO.
3. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data.
The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter concerned has been conclusively clarified.

If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored in the course of contacting us will be deleted in this case.

X. Google Maps

In order to display geographical information, we use the Google Maps API. When using Google Maps, Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) also collects, processes and uses data about the use of the Maps functions by visitors to the websites. Your data will only be forwarded if you have given us your consent in accordance with Art. 6 Para. 1 lit a) DSGVO and § 25 Para. 1 TDDDG for the transfer.
When you call up our website, we display a note on «Data protection settings». You already have the option there to consent to data processing by clicking «Accept all». If you only accept essential cookies there, Google Maps will only be displayed to you if you consent to data processing by clicking on the information text in the map window. You can revoke your consent at any time with effect for the future by deactivating the corresponding category in the «Privacy settings» on this page. If you do not wish to be directly associated with your Google profile, you should log out of your user account before activating it.

Based on the legitimate interest (Art. 6 para. 1 lit. f DSGVO) in personalized advertising, market analysis or also the adapted design of Google websites, Google collects and stores data as analyzable user profiles even for users who are not logged in. To exercise your right to object to the creation of these user profiles, please contact Google directly.
By turning off the JavaScript application in your browser, you can completely disable the service. However, the map display on this website can then no longer be used.
For the transfer of data from the EU to the USA, Google invokes so-called standard data protection clauses of the European Commission, which are intended to ensure compliance with the European level of data protection in the USA.
For more information on data processing by Google, please refer to Google’s privacy policy: https://policies.google.com/privacy?hl=de.
The terms of use of Google can be found at https://www.google.de/intl/de/policies/terms/regional.html, the additional terms of use for Google Maps at https://www.google.com/intl/de_US/help/terms_maps.html.

XI. Product configurator

1. Our website offers the possibility to call up our product configurator.
When you call up the configurator, technically necessary cookies are set on the end device you are using for the function of the configurator. In order to receive an offer for a created configuration, it is necessary to enter contact data.

If a user takes advantage of this opportunity to obtain a quote, the data entered in the input mask is transmitted to us and stored. These data are: Company, first name, last name, e-mail address, telephone number.

In this context, the data will not be disclosed to third parties. The data is used exclusively for the processing of the conversation as well as the creation of the desired offer.

2. The legal basis for the processing of the data is Art. 6 para. 1 lit. b DSGVO (implementation of pre-contractual measures, which take place at the request of the data subject).
3. The processing of the personal data from the input mask serves us solely to process the request.

The other personal data processed during the submission process serve to prevent misuse of the form and to ensure the security of our information technology systems.

4. The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
Additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

XII. Application procedure

We offer you the opportunity to apply to us (e.g. by mail or via online application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.

If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is Art. 6 (1) lit. b DSGVO (general contract initiation) and — if you have given your consent — Art. 6 (1) lit. a DSGVO. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

1. Online application
a) Our website uses the WordPress plugin Quform to provide forms. When you fill out and submit one of these forms, the data you enter is stored on the web server. Depending on the form, the data processed by Quform may include various personal data such as name, email address, phone number and other information from documents uploaded by you, specific requests or comments.
b) The processing of your personal data in connection with Quform is based on your consent pursuant to Article 6(1)(a) DSGVO, which you have given voluntarily, in an informed and unambiguous manner, by filling out and submitting the relevant form. Insofar as the processing of the above data is carried out for the purpose of initiating contractual relationships, Article 6 (1) (b) DSGVO is also the legal basis.
c) The purpose of data processing is to make the application process more effective and faster. Please note that we will only process your personal data for the purpose for which you have provided it to us, unless we are required or authorized by law to use it in another way.

2. Retention of records
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the event that an employment relationship, training relationship, internship or other service relationship is established following the application process, the data will initially continue to be stored and transferred to the personnel file.
Otherwise, the application procedure ends with the receipt of a rejection. In this case, the data will be deleted once the position has been filled. Deletion does not take place if further processing and storage of your personal data is necessary in individual cases for the assertion, exercise or defense of legal claims. In this case, we have a legitimate interest in the further processing and storage of your personal data. The legal basis is Art. 6 para. 1 lit. f DSGVO. Deletion will also not take place if we are required by law to continue storing your personal data.If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to store the data you have provided with us for up to 6 months from the end of the application process (rejection or withdrawal of the application) on the basis of our legitimate interests (Art. 6 para. 1 lit. f DSGVO). The data is then deleted and the physical application documents destroyed. Retention serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will not be deleted until the purpose for continued storage no longer applies.Longer storage may also take place if you have given your consent (Art. 6 Para. 1 lit. a DSGVO) to be included in the applicant pool or if legal storage obligations prevent deletion.

3. Inclusion in the applicant pool
If we do not make you a job offer, you may be accepted into our applicant pool. In the event of inclusion, all documents and details from the application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies. Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 Para. 1 lit. a DSGVO). The provision of consent is voluntary and is not related to the current application process. You can also revoke this consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, unless there are legal reasons for retention.
The data from the applicant pool will be irrevocably deleted no later than one year after consent has been given.

XIII. Data subject rights

We are aware that you have certain rights when it comes to the processing of your data. This privacy statement is intended to inform you about the data subject rights you have and how you can exercise them.

1. Right of access (Art. 15 DS-GVO): You have the right to request information from us about what personal data we process about you and for what purpose. In the case of a request for information that is not made in writing via a contact address already stored in our systems, we ask for your understanding that we may require proof from you that you are the person you claim to be.
2. Right to rectification (Art. 16 DS-GVO): You have the right to have inaccurate or incomplete personal data that we have stored about you corrected.
3. Right to erasure (Art. 17 DS-GVO): You have the right to request that we delete your personal data if it is no longer needed or if the processing violates data protection regulations.
4. Right to restriction of processing (Art. 18 DS-GVO): You have the right to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful or you have objected to the processing.
5. Right to data portability (Art. 20 DS-GVO): You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format and to transfer it to another controller.
6. Right to object (Art. 21 DS-GVO): You have the right to object to the processing of your personal data if the processing is based on legitimate interests on our part or for direct marketing purposes.
7. Right to revoke your declaration of consent under data protection law (Art. 7, para. 3 DS-GVO): You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
8. Right to complain to a supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, pursuant to Art. 77 GDPR, if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.