Data Protection Statement

§ 1 INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA

(1) The following information concerns the collection of personal data while using this website. Personal data are all data that can be personally related to you, e.g. name, address, email addresses, user behaviour.

(2) The responsible officer pursuant to Article 4 (7) EU General Data Protection Regulation (GDPR) is Kistenmacher Auto + Technik GmbH & Co. KG, Lindenstraße 2-10, 21244 Buchholz, Tel. +49 (0)4181 990540, Mail: kat@kat-germany.de . You can contact our data protection officer Jens Borchardt, LL.M. (IT&T) at j.borchardt@schlutius-privacy.de or at our postal address with the addition "Data protection officer".

(3) When you contact us by email or using a contact form, the data you give us (your email address, your name and phone number if applicable) is stored by us in order to answer your question. When storage is no longer necessary, we will delete the applicable data or restrict the processing of it if legal retention requirements apply.

(4) If we use contracted service providers for individual functions of our web-based services, or if we wish to use your data for advertising purposes, we will inform you below in detail about the respective processes, naming the defined criteria for storage duration.

§ 2 YOUR RIGHTS

(1) You have the following rights towards us with regard to your personal data:

· Right to information,

· Right to correction or deletion,

· Right to restriction of processing,

· Right to refusal of processing,

· Right to data portability.

(2) You also have the right to lodge a complaint about our processing of your personal data with a data protection authority.

§ 3 COLLECTION OF PERSONAL DATA WHEN YOU VISIT OUR WEBSITE

1. Visiting our website

If you are only using the website for information and do not register or transmit information to us in any other way, we only collect the personal data which your browser transmits to our server. If you wish to view our website, we collect the following data that are technically necessary for us to display our website to you and guarantee its stability and security (the legal basis is Article 6 (1) sentence 1 lit. f GDPR):

· IP address – Date and time of the enquiry

· Time zone difference from Greenwich Mean Time (GMT)

· Content of the request (specific page)

· Access status / HTTP status code

· Quantity of data transferred in each case

· The website from which the request comes

· Browser

· Operating system and its interface

· Language and version of the browser software.

2. Cookies

(1) Cookies are stored on your computer system whenever you use our website. Cookies are text files that are stored in the internet browser or by the internet browser in your computer system. A cookie can be stored in your operating system whenever you access a website. This cookie contains a characteristic string of characters that allow your browser to be identified when you visit the website again in the future.

(2) Cookies can be differentiated in different ways:

First, we can differentiate between first-party cookies and third-party cookies, depending on the origin of the cookie:

First-party cookies are cookies that are placed and retrieved by the website operator as the controller or a processor commissioned by the website operator. Third-party cookies are cookies that are placed and retrieved by parties that are controllers other than the website operator which do not act as processors on behalf of the website operator.

We can also differentiate between transient and persistent cookies, depending on their duration:

Transient cookies (session cookies) are cookies that are deleted automatically when you close your browser. Persistent cookies are cookies that remain stored on your end device for a certain period of time after you have closed your browser.

Furthermore, we can differentiate between cookies that do not require consent and cookies that require consent:

Depending on their function and purpose, the use of certain cookies may require the user’s consent. In this respect, cookies can be differentiated depending on whether their use requires the user’s consent.

(3) You can give your consent using a “cookie banner”:

When you access our website, we display a “cookie banner”. Our cookie banner allows you to declare that you consent to the use of all cookies requiring consent on this website by clicking on “Accept”. If you do not provide such consent, we do not enable any cookies requiring consent. By clicking on “Reject”, you can completely reject the use of cookies that require consent. This decision is stored in a cookie. Alternatively, you can click on “Individual settings” to get to our “Cookie Dashboard”. On the cookie dashboard, you can individually select cookies and individually adjust these selections at a later time. We store your cookie settings on your end device in the form of a cookie to determine whether you have already made decisions regarding cookies from our website when you visit our website again.

Cookies that are required for the operation of the website cannot be disabled using the cookie management feature of this website. However, you can disable such cookies in general in your browser at any time. Different browsers provide different options for the configuration of cookie settings in the browser. Additional comprehensive information on this subject can be found on http://www.allaboutcookies.org/ge/cookies-verwalten, for example. Please note, however, that some features of the website may not properly work (anymore) if you disable cookies in your browser in general.

(4) Individual cookies

Google Analytics (statistics cookie)

Where you have given your consent to this, we use the web analysis tool Google Analytics on our website. Google Analytics allows us to analyse the user behaviour of visitors to our website in pseudonymised and anonymised form.

You can disable data processing by Google Analytics at any time on our “Cookie Dashboard”. Alternatively, you can install a browser plug-in provided by Google that prevents the data collection by Google Analytics: http://tools.google.com/dlpage/gaoptout?hl=de. Alternatively, you can adjust the settings of your browser to prohibit the storage of cookies.

(a) The purpose of data processing is to increase the efficiency of our use of resources for our website and our advertising activities, the revenue from our online shop and the satisfaction of our visitors and (potential) customers. To achieve this, we strive to optimise our website (based on use) by measuring the use of our website and to optimise our advertising activities (based on use) by measuring the success of the advertising media used by us in our advertising activities (monitoring of the success of the advertising media used).

(b) The data processed is:

• Google Analytics HTTP data

This is log data that is generated through the Hypertext Transfer Protocol (Secure) (HTTP(S)) for technical reasons when we use the web analysis tool Google Analytics that is used on the website: This data includes the IP address, type and version of your internet browser, the operating system used, the page that is accessed, the website visited prior to accessing our website (Referrer URL), date and time of access.

• Google Analytics end device data

Data that is generated and assigned to your end device by the web analysis tool Google Analytics: This data includes a unique ID to recognise returning visitors (referred to as “Client ID”), as well as certain technical parameters for managing the data that is collected for the web analysis.

• Google Analytics measurement data

Device-related raw data (referred to as “dimensions” and “measurement values”) that are collected and analysed by the web analysis tool Google Analytics when users use our website: this data mainly includes information regarding the sources used by visitors to get to our website, information regarding the location, the browser and the end device used, information regarding use of the website (in particular page access, frequency of page access and the time spent there), as well as information on achieving certain targets (in particular transactions carried out in the online shop). The data is allocated to the Client ID assigned to your device. Ultimately, this information gives rise to device-related usage profiles containing the collection of all device-related raw data for a given Client ID. The data collected by us using Google Analytics does not allow us to directly personally (i.e. by your real name) identify you. We will not combine the device-related raw data and the arising device-related usage profiles with data that directly personally identifies you without your consent.

• Google Analytics report data

Data contained in aggregated segment- or device-related reports which are generated by the web analysis tool Google Analytics based on the analysis of device-related raw data.

Google Analytics offers four different categories of reports: Target group (location, browser, devices used and other device-related data), acquisition (sources used by visitors to get to the website), behaviour (information regarding the content accessed on the website, in particular website pages accessed, visit duration, bounce rate), conversions (information on targets that are configured in advance).

(d) Data is automatically provided by the user’s browser.

(e) The recipients of the data, all of which act as processors, are Google Ireland Limited (Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) and analysis and support providers based in the EU.

(f) We have enabled “IP anonymisation” for the use of the web analysis tool Google Analytics on this website. This means that the IP address transmitted by the browser for technical reasons is anonymised by shortening it (removing the final octet of the IPv4 address or the final 80 bits of the IPv6 address) before it is stored.

(g) There is no legal or contractual duty to provide data and the provision of data is not required for entering into a contract either. Data subjects are under no obligation to provide data. If the data is not provided, we are unable to conduct a web analysis using Google Analytics.

(h) There is no automated decision making.

§ 4 OTHER FUNCTIONS AND OFFERS ON OUR WEBSITE

(1) As well as the purely informational use of our website, we offer various services that you may use if they interest you. To do so, you must generally provide further personal data, which we use in order to provide the respective service and to which the above-mentioned principles of data processing apply.

(2) We sometimes use external service providers to process your data. They have been carefully selected and commissioned by us, are bound to our instructions and are regularly monitored.

(3) We can also pass your personal data on to third parties if we offer special offer participation, lotteries, contract conclusions or similar services together with partners. You can find more information about this if you enter your personal data or below in the description of the offer.

(4) If our service providers or partners are located in a country outside the European Economic Area (EEA), we will inform you about the consequences of this in the description of the offer.

§ 5 REVOCATION OR WITHDRAWAL OF CONSENT TO THE PROCESSING OF YOUR DATA

(1) If you have agreed to the processing of your data, you can revoke this at any time. After you have pronounced it to us, the revocation influences the permissibility of processing your personal data.

(2) If we base the processing of your personal information on consideration of interests, you can revoke your consent to processing. This is the case, in particular, if processing is not necessary for fulfilment of a contract with you, which is always outlined by us in the subsequent description of the functions. When exercising the right of revocation, we ask you to cite the reasons why we should not process your personal information as we have previously done. In the case of a justified revocation, we will examine the situation and either stop or adjust the data processing or convey to you our protection-worthy and necessary reasons for continuing the processing.

(3) Of course, you can revoke consent to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your advertising revocation at the following contact points: info@schlutius-privacy.de.

§ 6 USE OF YOUTUBE

(1) We have embedded YouTube videos on the website which are stored on YouTube.com and can be played directly from our website. They are all embedded in “privacy-enhanced mode”, which means that the website will not transmit any data about you, as the user, to YouTube if you do not play the videos. The data specified in (2) is only transmitted if you play the videos. We have no control over this data transmission. The legal basis for displaying the videos is Art. 6 (1) clause 1 (a) GDPR, i.e. videos are only embedded with your consent.

(2) When you visit the website, YouTube will be notified that you accessed the respective page of our website. In addition, the basic data specified above, such as IP address and time stamp, is transmitted to YouTube. This happens regardless of whether you are logged into a YouTube user account or whether no such account exists. If you are logged into Google, your data is allocated to your account directly. If you do not want your data to be allocated to your YouTube profile, you need to log out before clicking on the button. YouTube stores your data as a user profile and uses this data for advertising, market research and/or for configuring its website in a way that meets the user’s needs. This data (including data relating to users who are not logged in) is analysed mainly for the purpose of delivering advertising that meets the user’s needs and informing other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. If you wish to exercise this right, you need to contact YouTube.

(3) The information collected is stored on servers owned by Google, also in the United States. For such cases, the provider, according to its own statements, has subscribed to a standard that corresponds to the former EU-US Privacy Shield and has committed to compliance with applicable data protection laws for the international transmission of data.

(4) Further information on the purpose and scope of the collection and processing of data by YouTube is provided in the privacy policy. It also includes further information on your rights and how you can change your settings to protect your privacy: www.google.de/intl/de/policies/privacy.

§ 7 USE OF DATA WHEN USING OUR SOCIAL MEDIA CHANNELS

When you our profiles in social networks to contact us, we process the following personal data: your name, your IP address, the date and time of the request, the time zone difference to Greenwich Mean Time (GMT).

The legal basis for processing this data is Art. 6 Para. 1 lit. b, f GDPR.

If you use our profiles in social networks to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), the data you provide to us will be used by us exclusively for this purpose processed to be able to contact you. The legal basis for data collection is therefore Article 6 Paragraph 1 lit. a) and b) GDPR. We delete stored data as soon as it is no longer necessary to store it or you ask us to delete it; In the case of statutory retention requirements, we limit the processing of the stored data accordingly.

Wenn Sie über unsere Profile in sozialen Netzwerken Kontakt zu uns aufnehmen, verarbeiten wir folgende personenbezogenen Daten: Ihr Name, Ihre IP-Adresse, das Datum und die Uhrzeit der Anfrage, die Zeitzonendifferenz zur Greenwich Mean Time (GMT).

Rechtsgrundlage für die Verarbeitung dieser Daten ist Art. 6 Abs. 1 lit. b, f DSGVO.

Sofern Sie unsere Profile in sozialen Netzwerken nutzen, um mit uns Kontakt aufzunehmen (bspw. durch die Erstellung eigener Beiträge, die Reaktion auf einen unserer Beiträge oder durch private Nachrichten an uns), werden die uns von Ihnen mitgeteilten Daten von uns ausschließlich zu dem Zweck verarbeitet, mit Ihnen in Kontakt treten zu können. Rechtsgrundlage für die Datenerhebung ist damit Art. 6 Abs. 1 lit. a) und b) DS-GVO. Wir löschen gespeicherte Daten, sobald deren Speicherung nicht mehr erforderlich ist oder Sie uns zu deren Löschung auffordern; im Falle gesetzlicher Aufbewahrungspflichten beschränken wir die Verarbeitung der gespeicherten Daten entsprechend.

§ 8 USE OF APPLICANT AND EMPLOYEE DATA

(1) In order to establish, conduct and terminate the employment relationship, we collect and process information (both in paper format and in digital form).

a) These data may essentially include:

· Master data (name, academic title, address, date and place of birth, gender, personnel number)

· marital status, children, religion and nationality

· contract data (type of employment, level of employment, start / end of employment)

· organizational data (job title, supervisor, location, management level)

· wage and salary payment data (basic salary, variable salary components, surcharges, tariff classification, tax code, payslip data, bank details, information on social security, information on wage garnishment)

· Performance data (assessments)

· Business contact and communication data

· Profile data, certifications, information on school and vocational training, completed training courses for further education and qualification, language skills, other qualifications such as primary, disaster, fire and evacuation helpers

· working hours, absenteeism, holidays, travel and travel time, exemptions (paid, unpaid, maternity and parental leave)

· Permissions (access rights and access bookings, access rights to IT systems and data processing procedures, protocol data on the use of communication and data processing systems, photographs, video surveillance recordings)

· Ergonomic data on workplace equipment and workplace design, equipment used and company property used by you

· Applicant data (application, CV, certificates, evidence of education and training, diplomas)

· previous values of the aforementioned data (history data)

b) Rarely can information on health and occupational reintegration management, disability status and other workplace-relevant health data be included, as far as they relate to employment.

c) In addition, organizational data and administrative information about your position and the workplace as well as log data on the operation and use of data processing systems and data processing procedures are collected and processed. It is necessary to provide data for the employment relationship and the use of the IT systems. Without the processing of employee data, the employment relationship can not be carried out.

(2) We collect, process and use your personal information solely for employment purposes and for business purposes permitted by our business, which are related to your role and function in our business.

a) These include:

· Processing of applications

· justification, implementation and termination of the employment relationship

· Exercise and fulfillment of the rights and obligations of employees' interests arising from a law, collective agreement or works agreement

· detection of possible crimes committed by employees in the employment relationship

· Performance determination and performance management

· Fee calculation and payroll

· Human Resources, Personnel Planning, Personnel Management, Personnel Development and Training

· Compliance with legal requirements, eg. B. according to labor law, tax law and social security law

· Internal administrative and organizational purposes

· Ensuring the security and protection of processing methods and data from unauthorized access, falsification and unauthorized use

· Protecting the company's assets, assets and assets from theft and other damage

b) Your data will be processed for purposes other than those mentioned only to the extent that such processing is compatible with the purposes of the employment relationship. We will inform you about such processing of your data about this processing and, if necessary, obtain your consent.

Consent will not give you any disadvantages.

(3) Your personal data will only be transmitted or disclosed to external parties to the extent required by law or required to fulfill the contract of employment concluded with you (eg to tax and social security authorities, banks, auditors).

Your personal data may also be transmitted to service companies for the purpose of performing data processing tasks, e.g. B. to carry out the automated personal data processing or payroll. We will observe the data protection regulations.