We take the protection of your personal data very seriously and adhere strictly to the applicable data protection laws.
It is normally possible to use our website without providing personal data. Personal data is only collected on this website to the extent that is technically necessary. This data is not passed on to third parties.
Data collection and logging
When you visit our website, you transmit data to our web server (server log files) via your internet browser for technical reasons. The following data is recorded during a connection for communication between your internet browser and our web server:
+ Date and time of the request
+ Name of the requested file, size of the file
+ Page from which the file was requested
+ Access status (file transferred, file not found, etc.)
+ Web browser and operating system used
+ Full IP address of the requesting computer
+ Amount of data transferred
For reasons of technical security, in particular to prevent attempted attacks on our web server, we store this data for a short time. In this form, the data cannot be directly assigned to specific individuals. We do not combine this data with other data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of illegal use. After seven days at the latest, the data is made anonymous by shortening the IP address to the domain level, so that it is no longer possible to establish a link to the individual user. In anonymised form, the data is also processed for statistical purposes (e.g. number of page views for the server statistics); it is not matched with other data or disclosed to third parties, even in parts.
Types of data processed:
- Inventory data (e.g. names, addresses).
- Contact data (e.g. e-mail, telephone numbers)
- Use data (e.g. webpages visited, interest in content, access times)
- Meta/communication data (e.g. device information, IP addresses)
No special categories of data are processed (Art. 9 (1) GDPR).
Categories of data subject:
- Customers / interested parties / suppliers.
- Visitors and users of the website; from now on we will refer to the data subjects collectively as “users”.
Purpose of processing:
- Provision of the website, its contents and functions
- Provision of contractual work, services and customer care
- Answering contact requests and communication with users
- Marketing, advertising and market research
- Security measures
Relevant legal basis
We take suitable technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons; the measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access related to it, input, disclosure, safeguarding of availability and separation. We also have procedures in place to ensure the exercise of data subject rights, deletion of data and response to data compromise. Furthermore, we take into account the protection of personal data when developing and selecting hardware, software and procedures, in accordance with the principle of data protection by technical design and by default settings that facilitate data protection (Art. 25 GDPR).
Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal authorisation you have consented to, a legal obligation to do so, or on the basis of our legitimate interests (e.g. when using agents, web hosts etc.).
If we commission third parties to process data on the basis of a what is known as a “processing contract”, this is done on the basis of Art. 28 GDPR.
Transfer to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or of disclosure or transfer of data to third parties, this is only done in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we will only process or allow data to be processed in a third country if the special requirements of Art. 44 ff. GDPR are met. In other words, the processing takes place, for example, on the basis of special guarantees such as the officially recognised specification of a level of data protection corresponding to the EU (e.g. the Privacy Shield for the United States) or compliance with officially recognised special contractual obligations (“standard contractual clauses”).
Rights of data subjects
You have the right to request confirmation as to whether data in question is being processed and to information about this data, as well as further information and a copy of the data in accordance with Art. 15 GDPR.
According to. Art. 16 GDPR you have the right to request the completion of incomplete data or the rectification of incorrect data concerning you.
According to Art. 17 GDPR you have the right to demand that data concerning you be deleted without delay, or alternatively, according to Art. 18 GDPR, to demand restriction of the processing of the data.
According to Art. 20 GDPR, you have the right to receive data concerning you that you have provided to us, and to demand that it be transmitted to other data controllers.
You also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.
For these and other questions pertaining to personal data on our website, you can contact us at any time at the following e-mail address: kuk-datenschutz(at)kuk.de
Right of revocation
You have the right to revoke your consent in accordance with Art. 7 (3) GDPR with effect for the future.
Right of objection
According to Art. 21 GDPR you may object to the future processing of data concerning you at any time. The objection can be made in particular against the processing for purposes of direct marketing.
Cookies and the right of objection to direct marketing
Most of the cookies we use are what are known as “session cookies”. These are automatically deleted at the end of your visit. Other cookies remain stored on your device until you delete them. These cookies enable us to recognise your browser on your next visit.
You can set your browser to inform you about the setting of cookies and only allow cookies in individual cases, to reject cookies for certain cases or in general, and to automatically delete cookies when you close the browser. If you deactivate cookies, the functionality of this website may be restricted.
Deletion of data
Germany: In accordance with legal requirements, data is retained in particular for 6 years pursuant to Section 257 (1) HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years pursuant to Section 147 (1) AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation etc.).
Provision of contractual services
We process inventory data (e.g. names and addresses as well as contact data of users), contract data (e.g. services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 (1) (b) GDPR.
In the context of using our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well the users’ interest in protection from misuse and other unauthorised use. This data is never passed on to third parties unless it is necessary for the pursuit of our claims or if there is a legal obligation to do so according to Art. (6) (1) (c) GDPR.
The deletion takes place after the expiry of legal warranty and similar obligations, and the necessity of keeping the data is reviewed every three years; in the case of statutory archiving obligations, the deletion takes place after their expiry.
KREBS+KIEFER on Facebook
We have integrated the Facebook social media button on our website: Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA
Plug-ins of the Facebook social network, provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland with headquarters at Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our pages. You can recognise the Facebook plug-ins by the Facebook logo or the “Like” button on our page. You can find an overview of the Facebook plug-ins here: developers.facebook.com/docs/plugins/.
If you do not want Facebook to be able to associate your visit to our website with your Facebook user account, please log out of your Facebook user account.
We receive statistical surveys via “Facebook Insight” with anonymised data of visitors to our Facebook page. These surveys include data about gender, age, country, city and the device used. This data cannot be assigned to specific persons. We do not combine this data with other data sources.
This information also applies to the Facebook page www.facebook.com/KREBSundKIEFER/.
Collection of usage data.
This website uses Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses what are known as “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website is normally transmitted to and stored by Google on servers in the United States. IP anonymisation is active on this website. This means that Google truncates your IP address in member states of the European Union and other states which are signatories to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and then truncated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser for Google Analytics will not be combined with other Google data.
You can stop the saving of cookies by selecting the appropriate settings on your browser, but please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting and processing data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing the browser plug-in available at the following link: tools.google.com/dlpage/gaoptout
We do not collect any data via a contact form. To contact us, please use the contact details provided on the website.
Secure data transmission
We offer HTTPS with perfect forward secrecy and the TLS 1.2 encryption protocol as transport encryption for our website. We recommend that you keep your internet browser up to date so that secure transmission of your data is ensured during transport.
APPLICATIONS TO KREBS+KIEFER
For your application, we will process your personal
application data as follows:
+ Surname, first name;
+ Address, telephone number, e-mail address;
+ Application documents (letter of application, curriculum vitae, references, certificates etc.).
Purpose of data collection/transfer
Your personal application data is processed solely for the purpose of filling vacancies at our company. Your data will only be passed on to the internal units and specialist departments responsible for the application process. Your personal application data will not be passed on to other locations, branches and subsidiaries of KREBS+KIEFER without your prior express consent. Your application data will not be used for any other purpose or passed on to third parties.
Retention period of application data
Your personal application data (whether digital or in paper form) will be deleted automatically three months after the application process has been completed. This does not apply if legal regulations prevent deletion, if further retention is necessary for the purpose of providing evidence, or if you have expressly requested or agreed to longer retention.
After consenting to the transfer of your personal application data, your data will be transferred to the talent pool. Applicants can delete their data from the talent pool at any time. Your application data will be deleted from the talent pool of KREBS+KIEFER after one year at the latest.
In order to protect the data collected during your application from manipulation and unauthorised access, we have taken various state-of-the-art technical and organisational precautions.
Right to information and revocation
If you have any questions about the collection, processing or use of your personal data, or for information, correction or deletion of data and revocation of consent, please contact our data protection officer: E-mail: kuk-datenschutz(at)kuk.de