Privacy Policy

Privacy Policy – Information on the Processing of Personal Data

This document informs you about how we process personal data.

INTRODUCTION AND STRUCTURE OF THE DOCUMENT

We, the company Kurz Kunststoffe GmbH (hereinafter “the company”, “we” or “us”), thank you for visiting our website and your interest in our company and our services. Your personal data will only be processed in accordance with the provisions of German and European data protection law.
Data protection law obliges us as the responsible party for data processing to ensure the protection of your personal data through a variety of measures. One of these obligations is to inform you transparently about the nature, scope, purpose, duration and legal basis of the data processing (cf. Art. 13 and 14 EU GDPR). We also address you as the person affected by the data processing below as “customer”, “user”, “you” or “affected person”. In this privacy policy, we inform you about how your personal data is processed by us.
Our privacy policy is modular in structure. It consists of a general part for any processing of personal data and processing situations that come into play, and a special part, the content of which relates only to the processing situation specified there. It is possible that we use this online document to inform you about processing processes that do not primarily take place on the website. You can find these in the special part of the document. If you want to navigate quickly through the document, many browsers offer a search function via the key combination “CTRL key + f”.

DEFINITIONS

Following the example of Art. 4 of the EU General Data Protection Regulation (GDPR), this document is based on the following definitions:

“Personal data” (Art. 4 No. 1 GDPR) means any information relating to an identified or identifiable natural person (“data subject”). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data, or by information relating to their physical, physiological, genetic, mental, economic, cultural or social identity. Identifiability may also be given by linking such information or other additional knowledge. The form or embodiment of the information is irrelevant (including photos, video or audio recordings that may contain personal data).

“Processing” (Art. 4 No. 2 GDPR) means any operation or set of operations which is performed on personal data, whether or not by automated means. This includes, in particular, the collection (i.e. acquisition), recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data, as well as the modification of a target or purpose originally underlying the processing of data.

“Controller” (Art. 4 No. 7 GDPR) means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

“Third party” (Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

“Processor” (Art. 4 No. 8 GDPR) means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, in particular on the basis of its instructions (e.g. IT service provider). In terms of data protection law, a processor is not a third party.

“Consent” (Art. 4 No. 11 GDPR) of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

NAME AND ADDRESS OF THE CONTROLLER

The controller responsible for the processing of your personal data within the meaning of Art. 4 No. 7 GDPR, as well as contact details and further information about our company, can be found in the imprint on our website.

CONTACT DETAILS OF THE DATA PROTECTION OFFICER

For any questions and as a contact person regarding data protection at our company, our data protection team consisting of data protection coordinators and our data protection officer are available at all times.
You can reach the data protection team:
– By mail at the address provided in the imprint with the addition “Data Protection Team”
– By email at datenschutz@kurz-gruppe.com

YOUR RIGHTS

You can assert your rights as a data subject regarding your processed personal data at any time by contacting us using the contact details provided at the beginning. It would be helpful if you could contact the data protection team directly. As a data subject, you have the right to:

  • request information about your processed data from us in accordance with Art. 15 of the EU General Data Protection Regulation (EU-GDPR). In particular, you can request information about the purposes of processing, the categories of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data, if it was not collected by us, and about the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
  • request the immediate correction of incorrect or incomplete data stored by us in accordance with Art. 16 EU-GDPR;
  • request the deletion of your data stored by us in accordance with Art. 17 EU-GDPR, provided that processing is not necessary for exercising the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
  • request the restriction of processing of your data in accordance with Art. 18 EU-GDPR, if the accuracy of the data is contested by you or the processing is unlawful;
  • receive your data that you have provided to us in a structured, commonly used and machine-readable format or to request the transmission to another controller in accordance with Art. 20 EU-GDPR (“data portability”);
  • object to processing in accordance with Art. 21 EU-GDPR, if processing is based on Art. 6 (1) lit. e or lit. f EU-GDPR. This is particularly the case if processing is not necessary for the performance of a contract with you. If it is not an objection to direct marketing, we ask you to explain the reasons why we should not process your data as we have done. In the event of a justified objection, we will examine the situation and either discontinue or adjust the data processing or show you our compelling legitimate grounds for continuing the processing. In many services on our websites that process personal data based on Art. 6 (1) lit. f EU-GDPR, the objection can be technically implemented using technologies available in the browser or to be installed, such as blocking JavaScripts or cookies;
  • revoke your consent given to us once (also before the EU-GDPR came into effect, i.e. before May 25, 2018) in accordance with Art. 7 (3) EU-GDPR – i.e. your voluntary, informed and unambiguous expression of will, made clear by a statement or other unequivocal affirmative action, that you agree to the processing of the personal data concerned for one or more specific purposes – at any time, if you have given such consent. This means that we may no longer continue the data processing based on this consent for the future; and
  • lodge a complaint with the data protection supervisory authority responsible for us in accordance with Art. 77 EU-GDPR regarding the processing of your personal data in our company.

LEGAL BASIS FOR DATA PROGRESSING

By law, in principle, every processing of personal data is only allowed if the data processing falls under one of the following justifications:

Art. 6 para. 1 lit. a GDPR (“consent”): If the data subject has voluntarily, informed and unambiguously indicated by a statement or other clear affirmative action that he or she agrees to the processing of personal data concerning him or her for one or more specific purposes;
Art. 6 para. 1 lit. b GDPR (“contract”): If the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject;
Art. 6 para. 1 lit. c GDPR (“legal obligation”): If the processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a legal retention obligation);
Art. 6 para. 1 lit. d GDPR: If the processing is necessary to protect the vital interests of the data subject or of another natural person;
Art. 6 para. 1 lit. e GDPR: If the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
or Art. 6 para. 1 lit. f GDPR (“legitimate interests”): If the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, in particular where the data subject is a child. To the extent that the processing of personal data is based on Art. 6 para. 1 lit. f GDPR, the aforementioned purposes also represent our legitimate interests.

For the processing processes carried out by us, we will indicate the applicable legal basis below. Processing may also be based on several legal bases.

DATA DELETION AND STORAGE PERIOD

For the processing procedures we carry out, we will indicate below how long the data will be stored with us and when it will be deleted or blocked. In the case of consents, the data deletion and storage period specified in the consent request shall be binding. If no explicit storage period is indicated below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies. Your data will generally only be stored within the territory of the Federal Republic of Germany, a member state of the European Union (EU), or another contracting state of the Agreement on the European Economic Area (EEA). Possible exceptions to this will be explained in the following sections and processing procedures.

However, storage may continue beyond the specified time in the event of an (imminent) legal dispute with you or other legal proceedings, or if storage is required by legal provisions to which we, as the responsible party, are subject (e.g. § 257 Commercial Code, § 147 Tax Code). When the storage period prescribed by legal provisions expires, personal data will be blocked or deleted, unless further storage by us is necessary and there is a legal basis for it.

DATA SECURITY: WEBSITE, EMAIL, FAX

We use technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties (e.g. TLS encryption for our website), taking into account the state of the art, implementation costs, and the scope, context, and purpose of the processing, as well as the existing risks (including their likelihood and impact) for the data subject. Our security measures are continuously improved in line with technological developments.

For secure data transmission over the internet, we use the hybrid encryption protocol Transport Layer Security (TLS), widely known as the predecessor Secure Sockets Layer Software (SSL). This software encrypts the information you transmit. All data protection relevant information is stored in encrypted form in a protected database.
We would like to point out that the confidentiality of email cannot be guaranteed. Although we offer transport encryption (TLS) via our mail servers, confidentiality may depend on various mail relay servers over which we have no control: whether they also use TLS and whether they evaluate the emails is beyond our influence.

If you send us a fax, the transmission takes place via the Internet Protocol (FoIP). The transmission is technically identical to sending an email or website data. We do not know whether an IP-based service encrypts data, so the confidentiality of the transmitted data is not guaranteed. We do not recommend sending sensitive data by fax.

We will gladly provide you with more information on this upon request. Please contact our data protection team for this.

COOPERATION WITH DATA PROCESSORS

As with any larger company, we also use external service providers to handle our business transactions, such as IT, logistics, and telecommunications: package delivery, sending letters or emails, analyzing our databases, advertising, payment processing, sales, and marketing. These service providers have access to personal data that is necessary to fulfill their tasks. However, they are not allowed to use this data for other purposes. Data processors only act on our instructions and have been contractually obligated to comply with data protection regulations in accordance with Article 28 of the EU GDPR. Data processors are not third parties.

CONDITIONS FOR THE TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

As part of our business relationships, your personal data may be transferred or disclosed to third-party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing is carried out exclusively to fulfill contractual and business obligations and to maintain your business relationship with us. We will inform you about the specific details of the transfer at the relevant points. The European Commission certifies some third countries with so-called adequacy decisions, which provide a level of data protection comparable to the EEA standard. However, in other third countries to which personal data may be transferred, there may be no consistently high level of data protection due to the lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This can be achieved through binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data, certificates, or recognized codes of conduct. Please contact our data protection team if you would like more information on this.

AUTOMATED DECISION MAKING

We do not intend to use personal data collected from you for any automated decision-making process (including profiling).

OBLIGATION TO PROVIDE PERSONAL DATA

We do not make the conclusion of contracts with us dependent on you providing us with personal data beforehand. As a customer, you are generally not legally or contractually obliged to provide us with your personal data. However, it may be the case that we can only provide certain offers to you to a limited extent or not at all if you do not provide us with the necessary data. If this should be the case within the scope of the products or processing processes presented below, you will be notified separately.

LEGAL OBLIGATION TO TRANSMIT CERTAIN DATA

Under certain circumstances, we may be subject to a special legal or regulatory obligation to provide lawfully processed personal data to third parties, particularly public authorities (Art. 6 para. 1 lit. c EU GDPR).

CHANGES TO THE PRIVACY POLICY

As part of the development of data protection law, as well as technological or organizational changes, this document is regularly reviewed for the need for adaptation or supplementation. We reserve the right to change this privacy policy at any time in compliance with applicable data protection regulations with effect for the future. We will publish the changes at this point. Current status: 22.03.2022.

INFORMATION ON THE PROCESSING OF PERSONAL DATA IN SPECIAL PROCESSING PROCESSES

The following sections describe processing processes grouped by different categories of persons whose data is processed (“data subjects”).

VISITORS TO WEBSITES

You can find information about our companies and the services we offer, in particular at https://www.kurz-gruppe.com/ and the associated subpages (hereinafter collectively referred to as “websites”). When you visit our websites, we process personal data about you.

Your data will only be processed for as long as it is necessary to achieve the processing purposes mentioned above; the legal bases specified within the scope of the processing purposes apply accordingly. Third parties employed by us will store your data on their systems for as long as it is necessary in connection with the provision of services to us in accordance with the respective order. The following categories of recipients, who are usually processors, may have access to your personal data:

  • service providers for the operation of our website and the processing of data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the transfer is then Art. 6 para. 1 lit. b or lit. f EU-GDPR, unless it concerns processors;
  • government agencies/authorities, if this is necessary to fulfill a legal obligation. The legal basis for the transfer is then Art. 6 para. 1 lit. c EU-GDPR;
  • persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors, supervisory authorities, parties involved in company acquisitions or the establishment of joint ventures). The legal basis for the transfer is then Art. 6 para. 1 lit. b or lit. f EU-GDPR.

In addition, we will only disclose your personal data to third parties if you have given express consent to this in accordance with Art. 6 para. 1 lit. a EU-GDPR.

PROCESSED PERSONAL DATA ON THE WEBSITE/LOG DATA

When using our website for informational purposes, the following categories of personal data are collected, stored, and further processed by us. When you visit our website, a so-called server log file is temporarily and anonymously stored on our web server. This consists in particular of:

  • the page from which the page was requested (so-called referrer URL)
  • the name and URL of the requested page
  • the date and time of the call
  • the description of the type, language, and version of the web browser used
  • the IP address of the requesting computer
  • the amount of data transmitted
  • the operating system
  • the message whether the call was successful (access status / HTTP status code)
  • the GMT time zone difference

The processing of log data serves statistical purposes and the improvement of the quality of our website, in particular the stability and security of the connection (legal basis is Art. 6 para. 1 lit. f EU-GDPR).
It is possible that we may process further information that your operating system, browser, and / or other technologies provide to our web servers for a short period of time to provide the websites. The legal basis for this is also Art. 6 para. 1 lit. f EU-GDPR.

SERVICES FOR STORING INFORMATION ON YOUR DEVICE OR ACCESSING INFORMATION ALREADY STORED ON YOUR DEVICE (COOKIES, PLUGINS, JAVASCRIPT…)

On our websites, we use services and technologies for storing information on your device and / or accessing information already stored on your device. These technologies may include cookies, for example. Cookies are text files and / or entries in the browser’s own database that associate the browser you are using with a characteristic string. Certain information flows between the site that sets the cookie and your device.

Cookies and other services may contain data that allows recognition of the device being used. Some cookies and other technologies contain only information about certain settings that are not personally identifiable.
Some services can be declined or technically blocked if your browser allows it. However, we would like to point out that in this case you may not be able to use all the functions of our website to their full extent.
The help function in the menu bar of most web browsers explains, for example, how to prevent your browser from accepting new cookies, how to be notified when you receive a new cookie, or how to delete all cookies received. You can also change your browser so that special technologies that the services require are not executed in your browser (e.g. JavaScript). If the services on our websites process personal data on the basis of Art. 6 para. 1 lit. f EU-GDPR, the objection can be technically implemented via these browser functions and technologies.
With regard to their function, services are again distinguished between:

  • Technical services: These are essential for navigating the website, using basic functions, and ensuring the security of the website; they do not collect information about you for marketing purposes or store which websites you have visited;
  • Performance services: These collect information about how you use our website, which pages you visit, and whether errors occur during website use; they do not collect information that could identify you – all collected information is anonymous and is only used to improve our website and find out what interests our users;
  • Advertising, targeting & sharing services, social media plugins: These are used to offer website users tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers. These services can also be used to improve the interactivity of our website with other services (e.g. social networks).

All services have in common that they store information on your device and / or access information already stored on your device. In contrast to the functional distinction of services, the legislator distinguishes only between two purposes of services:

  1. Services that are necessary for the transmission of a message over a public telecommunications network and / or are absolutely necessary for the provider of a telemedia service to provide a telemedia service expressly requested by the user. The necessity may be based on technical, legal, economic, operational and / or contractual reasons.
  2. Services for all other purposes.

Any use of services that are absolutely necessary for providing an expressly requested service may be based on a legal basis other than consent under Art. 6 para. 1 lit. a EU-GDPR.

GENERAL SERVICES ON THE WEBSITE

Currently, we use the following services described above. If the processing is based on consent pursuant to Art. 6 para. 1 lit. a EU GDPR, we also indicate the manner in which consent is obtained.

SERVICE: CONTACT FORM

When using contact forms, the data you provide (e.g. gender, name and surname, address, company, email address, and the time of transmission) will be processed. The processing of contact form data is carried out to process inquiries, and the legal basis for this is based on Art. 6 para. 1 lit. b or lit. f EU GDPR.

GOOGLE (AND POSSIBLY ALPHABET) SERVICES, PRODUCTS, AND TECHNOLOGIES

In this area, we have summarized services offered by Alphabet Inc. (a publicly traded US holding company) and in particular by Google, which is part of the holding.

SERVICE: GOOGLE WEB FONTS / EXTERNAL FONTS

We use the Google Web Fonts service on our websites, operated by Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland. Processing only takes place once you have given your consent pursuant to Art. 6 para. 1 lit. a EU GDPR. Additional information on this possible processing can be found in the consent request in the consent management tool. If consent is given, Google Web Fonts can provide a uniform display of fonts. When a page is accessed, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. For this purpose, the browser you are using must establish a connection to Google’s servers. Google thereby becomes aware that our website has been accessed via your IP address.

APPLICANTS

You can apply to us in various ways. Regardless of how you apply to us, your applicant data will be processed exclusively for the purpose of processing your application and will be stored for a maximum of six months after the end of the selection process and then deleted, unless you give us your consent to further processing in a talent pool.

In the context of an application, we process the following personal data from you:

  • all data that you have transmitted to us during the application process (e.g. in your application documents or job interviews)
  • if applicable, additional data that we have lawfully collected during the application process (e.g. from public sources such as professional networks)
  • this may also include special categories of personal data (e.g. severe disability status, racial and ethnic origin, religious or philosophical beliefs, or union membership), if they have been transmitted to us through one of the two mentioned ways.

The legal basis is the decision on the establishment of an employment relationship or, after the establishment of the employment relationship, for its implementation pursuant to §26 para. 1 of the new Federal Data Protection Act and Art. 6 para. 1 lit. b EU GDPR. After the end of the selection process, we keep all data for a further six months in order to be able to legally respond to any disputes regarding the application process. This time-limited storage is based on Art. 6 para. 1 lit. f EU GDPR.

SERVICE: APPLICATION BY EMAIL

You have the option to apply to us via email. Please send your application documents to bewerbung@kurz-gruppe.com. We would like to inform you that we cannot guarantee the confidentiality of your data when applying by email. Although we offer transport encryption (TLS) via our mail server, confidentiality may depend on various mail relay servers that we have no control over. We are not aware of whether these servers also use TLS and whether they evaluate emails. If you have concerns in this regard, please use postal mail for your application.

BUSINESS PARTNERS AND INFORMATION SEEKERS

You have the option to contact us by phone, fax, or email. Please also refer to the section “Data Security: Website, Email, Fax”.

When contacting us by phone, we collect information for caller identification (caller ID). If your phone number is not blocked or withheld, we will see the phone number from which you are calling us. The phone number, call date, and call time are automatically stored by our telephone system and used only to call you back if you have requested us to do so or if your call has been disconnected due to technical problems. This data will be deleted after a maximum of 4 weeks. We do not record calls.
When contacting us by email, it will be stored and used for the purpose you have communicated to us in the email (e.g. product order). The same applies to contact by fax.
If you order products from us or request information materials, we will create a customer account for you. The customer account contains the following data:

  • The name and contact details of the company for which you are placing the order
  • Your first and last name as the contact person
  • For each order processed through this customer account, we store:
    • Date of order and delivery
    • Ordered products
    • Current order status

This data is necessary for the processing of your order and / or inquiry and will only be processed for this purpose (Art. 6 para. 1 lit. b or lit. f EU-GDPR). Unless otherwise described, the retention periods for this data are based on the legal retention obligations to which we are subject.

Back To Top