Data protection

We take the protection of your personal data very seriously and adhere strictly to the applicable data protection laws.
It is normally possible to use our website without providing personal data. Personal data is only collected on this website to the extent that is technically necessary. This data is not passed on to third parties.

Name and contact details of the controller

This data protection information applies to data processing by 

Heinrich-Hertz-Straße 2
64295 Darmstadt
T +49 6151 885-0

The data protection officer of the controller can be reached at the same postal address and as follows:

Data collection and logging

When you visit our website, you transmit data to our web server (server log files) via your internet browser for technical reasons. The following data is recorded during a connection for communication between your internet browser and our web server:

+ Date and time of the request
+ Name of the requested file, size of the file
+ Page from which the file was requested
+ Access status (file transferred, file not found, etc.)
+ Web browser and operating system used
+ Full IP address of the requesting computer
+ Amount of data transferred
For reasons of technical security, in particular to prevent attempted attacks on our web server, we store this data for a short time. In this form, the data cannot be directly assigned to specific individuals. We do not combine this data with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of illegal use. After seven days at the latest, the data is made anonymous by shortening the IP address to the domain level, so that it is no longer possible to establish a link to the individual user. In anonymised form, the data is also processed for statistical purposes (e.g. number of page views for the server statistics); it is not matched with other data or disclosed to third parties, even in parts.

Types of data processed:

  • Inventory data (e.g. names, addresses).
  • Contact data (e.g. e-mail, telephone numbers)
  • Use data (e.g. webpages visited, interest in content, access times)
  • Meta/communication data (e.g. device information, IP addresses)

No special categories of data are processed (Art. 9 (1) GDPR).

Categories of data subject:

  • Customers / interested parties / suppliers.
  • Visitors and users of the website; from now on we will refer to the data subjects collectively as “users”.

Purpose of processing:

  • Provision of the website, its contents and functions
  • Provision of contractual work, services and customer care
  • Answering contact requests and communication with users
  • Marketing, advertising and market research
  • Security measures

Relevant legal basis

In accordance with Art. 13 GDPR, we must inform you of the legal basis for our data processing. If the legal basis is not mentioned in the privacy policy, the following applies: The legal basis for obtaining consent is Art. 6 (1) (a) and Art. 7 GDPR, the legal basis for processing in order to perform our services and implement contractual measures, as well as for responding to requests is Art. 6 (1) (b) GDPR, the legal basis for processing in order perform our legal obligations is Art. 6 (1) (c) GDPR, and the legal basis for processing in order to protect our legitimate interests is Art. 6 (1) (f) GDPR. In the event that vital interests of the data subject or another natural person make processing personal data necessary, Art. 6 (1) (d) GDPR serves as the legal basis.

Security measures

We take suitable technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons; the measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access related to it, input, disclosure, safeguarding of availability and separation. We also have procedures in place to ensure the exercise of data subject rights, deletion of data and response to data compromise. Furthermore, we take into account the protection of personal data when developing and selecting hardware, software and procedures, in accordance with the principle of data protection by technical design and by default settings that facilitate data protection (Art. 25 GDPR).

Cooperation with processors and third parties

If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal authorisation you have consented to, a legal obligation to do so, or on the basis of our legitimate interests (e.g. when using agents, web hosts etc.).

If we commission third parties to process data on the basis of a what is known as a “processing contract”, this is done on the basis of Art. 28 GDPR.

Transfer to third countries

If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or of disclosure or transfer of data to third parties, this is only done in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or allow data to be processed in a third country if the special requirements of Art. 44 ff. GDPR are met. In other words, the processing takes place, for example, on the basis of special guarantees such as the officially recognised specification of a level of data protection corresponding to the EU or compliance with officially recognised special contractual obligations (“standard contractual clauses”).

Rights of data subjects

You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with Art. 15 GDPR.

According to. Art. 16 GDPR you have the right to request the completion of incomplete data or the rectification of incorrect data concerning you.

According to Art. 17 GDPR you have the right to demand that data concerning you be deleted without delay, or alternatively, according to Art. 18 GDPR, to demand restriction of the processing of the data.

According to Art. 20 GDPR, you have the right to receive data concerning you that you have provided to us, and to demand that it be transmitted to other data controllers.

You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.

For these and other questions pertaining to personal data on our website, you can contact us at any time at the following e-mail address: kuk-datenschutz(at)

Right of revocation

You have the right to revoke your consent in accordance with Art. 7 (3) GDPR with effect for the future.

Right of objection

According to Art. 21 GDPR you may object to the future processing of data concerning you at any time. The objection can be made in particular against the processing for purposes of direct marketing.

Cookies and the right of objection to direct marketing

We use temporary and permanent cookies, small files which are stored on users’ devices (for an explanation of the term and its function, see the last section of this privacy policy). Some cookies are for security or are necessary for the operation of our website (e.g. for displaying the website) or to save the user’s choice when confirming the cookie banner. In addition, we or our technology partners use cookies to measure reach and for marketing purposes, which users are informed about in the privacy policy.

A general objection to the use of cookies for online marketing can be made for many services, especially in the case of tracking, via the US site or the EU site You can also prevent the storage of cookies by deactivating them in the browser settings. Please note that if you do so, not all the functions of this website may be available.

Most of the cookies we use are what are known as “session cookies”. These are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognise your browser on your next visit.

You can set your browser to inform you about the setting of cookies and only allow cookies in individual cases, to reject cookies for certain cases or in general, and to automatically delete cookies when you close the browser. If you deactivate cookies, the functionality of this website may be restricted.

Deletion of data

The data processed by us will be deleted or its processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.

Germany: In accordance with legal requirements, data is retained in particular for 6 years pursuant to Section 257 (1) HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years pursuant to Section 147 (1) AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation etc.).

Provision of contractual services

We process inventory data (e.g. names and addresses as well as contact data of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 (1) (b) GDPR.

In the context of using our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well the users’ interest in protection from misuse and other unauthorised use. This data is never passed on to third parties unless it is necessary for the pursuit of our claims or if there is a legal obligation to do so according to Art. (6) (1) (c) GDPR.

The deletion takes place after the expiry of legal warranty and similar obligations, and the necessity of keeping the data is reviewed every three years; in the case of statutory archiving obligations, the deletion takes place after their expiry.

KREBS+KIEFER on Facebook

We have integrated the Facebook social media button on our website: Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA
We have no influence on what data an activated plug-in collects and how it is used by the provider. There is also the possibility that the service providers try to save cookies on the computer used. Please refer to Facebook's privacy policy at to find out what specific data is collected and how it is used.

Plug-ins of the Facebook social network, provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland with headquarters at Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our pages. You can recognise the Facebook plug-ins by the Facebook logo or the “Like” button on our page. You can find an overview of the Facebook plug-ins here:

When you visit our website, a direct connection is established between your browser and the Facebook server via the plug-in. Facebook then receives the information that you have visited our site with your IP address. If you click the Facebook “Like” button while you are logged into your Facebook account, you can link the content of our website on your Facebook profile. This allows Facebook to associate the visit to our website with your user account. Please note that we, as the provider of the website, have no knowledge of the content of the transmitted data or its use by Facebook. For more information see Facebook's privacy policy at

If you do not want Facebook to be able to associate your visit to our website with your Facebook user account, please log out of your Facebook user account.

We receive statistical surveys via “Facebook Insight” with anonymised data of visitors to our Facebook page. These surveys include data about gender, age, country, city and the device used. This data cannot be assigned to specific persons. We do not combine this data with other data sources.

This information also applies to the Facebook page


The XING Share Button is used on this website. When you access this website, a connection is briefly established via your browser to the servers of XING SE (“XING”) which carry out XING Share Button functions (in particular calculating and displaying the counter value). XING does not store any personal data about you when you access this website. In particular, XING does not store any IP addresses. There is also no evaluation of your user habits via the use of cookies in connection with the XING Share Button. The current data protection information on the XING Share Button and additional information can be found at the following website:


Collection of usage data.

This website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses what are known as “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website is normally transmitted to and stored by Google on servers in the United States. IP anonymisation is active on this website. This means that Google truncates your IP address in member states of the European Union and other states which are signatories to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and then truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser for Google Analytics will not be combined with other Google data.

You can stop the saving of cookies by selecting the appropriate settings on your browser, but please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting and processing data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing the browser plug-in available at the following link:

Contact form

We do not collect any data via a contact form. To contact us, please use the contact details provided on the website.

Active components

We do not use active components such as Java applets on our website. JavaScript is required to provide the search function and the option of encrypted contact. If you have deactivated JavaScript in your internet browser, these functions will not be available to you or if they are, only to a limited extent; it will still be possible to use our website.

Secure data transmission

We offer HTTPS with perfect forward secrecy and the TLS 1.2 encryption protocol as transport encryption for our website. We recommend that you keep your internet browser up to date so that secure transmission of your data is ensured during transport.


Data collection
For your application, we will process your personal

application data as follows:
+ Surname, first name;
+ Address, telephone number, e-mail address;
+ Application documents (letter of application, curriculum vitae, references, certificates etc.).

KREBS+KIEFER uses Softgarden software for the application process. Personal data is entered, processed and deleted via the Softgarden platform. Please refer to Softgarden’s privacy policy.

Purpose of data collection/transfer
Your personal application data is processed solely for the purpose of filling vacancies at our company. Your data will only be passed on to the internal units and specialist departments responsible for the application process. Your personal application data will not be passed on to other locations, branches and subsidiaries of KREBS+KIEFER without your prior express consent. Your application data will not be used for any other purpose or passed on to third parties.

Retention period of application data
Your personal application data (whether digital or in paper form) will be deleted automatically three months after the application process has been completed. This does not apply if legal regulations prevent deletion, if further retention is necessary for the purpose of providing evidence, or if you have expressly requested or agreed to longer retention.
After consenting to the transfer of your personal application data, your data will be transferred to the talent pool. Applicants can delete their data from the talent pool at any time. Your application data will be deleted from the talent pool of KREBS+KIEFER after one year at the latest.

Data security
In order to protect the data collected during your application from manipulation and unauthorised access, we have taken various state-of-the-art technical and organisational precautions.

Right to information and revocation
If you have any questions about the collection, processing or use of your personal data, or for information, correction or deletion of data and revocation of consent, please contact our data protection officer:


Data collection
In the course of this program, we process the following personal data:

+ Surname, first name;
+ telephone number, e-mail address

We use services of the company IMAGO Walldorf GmbH (Bahnhofstraße 17, 69190 Walldorf) on our website IMAGO Walldorf provides a digital platform for contacting us.
For more details, please refer to the data protection provisions and the cookie policy of IMAGO Walldorf at:
Data protection of the web agency & advertising agency " IMAGO near Heidelberg/Rhein-Neckar (

Personal data is entered, processed and deleted via this platform.

Purpose of data collection/transmission
Your personal application data is processed solely for the purpose of filling vacancies within our company. As a matter of principle, your data will only be forwarded to the internal departments and specialist departments responsible for the application process. Your application data will not be used for any other purpose or passed on to third parties.

Retention period for application data
Your personal data will be deleted after three months.

Data security
See general section on security measures

Right to information and right of revocation
See general section Rights of data subjects