Privacy Notice

Thank you for your interest in our company. Data protection is of a particularly high priority for the management of k-tech Konstruktion – Automation – Produktion GmbH. The internet pages of k-tech Konstruktion – Automation – Produktion GmbH can be used without providing any personal data. However, if a concerned person wishes to make use of our company’s special services via our website, it may be necessary to process personal data. If the processing of personal data is necessary and, there is no legal basis for such processing, we generally obtain the consent of the data subject.

 

The processing of personal data, e.g. name, address, email address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to k-tech Konstruktion – Automation – Produktion GmbH. By means of this Privacy Policy, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, the data subjects are informed about their rights by means of this Privacy Policy.

 

As the controller, k-tech Konstruktion – Automation – Produktion GmbH has implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website. Nevertheless, internet-based data transmissions can generally have security gaps so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us in alternative ways, e.g. by telephone.

 

Definitions of terms
The Privacy Policy of k-tech Konstruktion – Automation – Produktion GmbH is based on the terms used by the European regulators when adopting the General Data Protection Regulation (GDPR). Our Privacy Policy should be easily readable and understandable for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms in this Privacy Policy:

 

a) Personal data

Personal data is all information that relates to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural, or social identity of this natural person.

 

b) Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

 

c) Processing

Processing is any process carried out with or without the help of automated procedures or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or changing, reading, querying, use, disclosure through transfer, distribution or any other form of provision, comparison or linking, restriction, deletion, or destruction.

 

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

 

e) Profiling

Profiling is any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse and evaluate aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or relocation of this natural person.

 

f) Pseudonymisation

Pseudonymisation is the processing of personal data in a way in which the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.

 

g) Controller

The controller is the natural or legal person, authority, institution, or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the member states, the controller or the specific criteria for his appointment can be provided for in accordance with Union law or the law of the member states.

 

h) Processor

The processor is a natural or legal person, authority, institution, or other body that processes personal data on behalf of the controller.

 

i) Recipient

The recipient is a natural or legal person, authority, institution, or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation according to Union law or the law of the member states are not considered recipients.

 

j) Third party

A third party is a natural or legal person, authority, institution, or body other than the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or the processor.

 

k) Consent

The consent is any declaration of intent voluntarily given by the data subject in an informed manner and unambiguously in the form of a declaration or other unambiguous affirmative action with which the data subject indicates that they consent to the processing of their personal data.

 

Name and address of the controller
The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions relating to data protection is:

 

k-tech Konstruktion – Automation – Produktion GmbH

Jakob-Stadler-Platz 11

78467 Konstanz

Phone: +497531/94218-0

Mail: info@k-tech.de

Website: www.k-tech.de

 

Name and address of the data protection officer
The data protection officer of the controller is:

machCon Deutschland GmbH

Kai Hartwig

Robert-Bosch-Strasse 1

DE 78234 Engen

Phone: +49 (0)176 4581 5435 | +49 (0) 7733 360 3540

Mail: kai.hartwig@machcon.de

Website: www.machcon.de

 

Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

 

Collection of general data and information
The website of k-tech Konstruktion – Automation – Produktion GmbH collects a series of general data and information every time the website is accessed by a data subject or an automated system. These general data and information are stored in the server’s log files. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-websites that are accessed on our website via an accessing system, (5) the date and time of access to the website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and, (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

 

When using this general data and information, k-tech Konstruktion – Automation – Produktion GmbH does not draw any conclusions about the data subject. Rather, this information is required to (1) correctly deliver the contents of our website, (2) to optimize the contents of our website and advertising, (3) to ensure the long-term functionality of our information technology systems and the technology of our website and, (4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber attack. This anonymously collected data and information is therefore statistically evaluated by k-tech Konstruktion – Automation – Produktion GmbH on the one hand and, also with the aim of increasing data protection and data security in our company to ultimately provide an optimal level of protection for the personal data processed by us. The anonymous data in the server log files are stored separately from all personal data provided by a data subject.

 

Routine deletion and blocking of personal data
The controller processes and stores personal data of the data subject only for the period of time that is necessary to achieve the storage purpose or if this has been provided by the European regulators or another legislator in laws or regulations, which the controller is subject to.

 

If the storage purpose no longer applies or if a storage period prescribed by the European regulators or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the legal provisions.

 

Rights of the data subject
a) Right to obtain confirmation

Every data subject has the right granted by the European regulators to request confirmation from the controller as to whether personal data concerning them are being processed. If a data subject wishes to exercise this right to obtain confirmation, they can contact an employee of the controller at any time.

 

b) Right of access to information

Every data subject by the processing of personal data has the right granted by the European regulators to have free access to the personal data stored about them and a copy of this information from the controller at any time. Furthermore, the European regulators will grant the data subject access to the following information:

 

the purposes of the processing
the categories of personal data that are being processed
the recipients or categories of recipients to whom the personal data have been disclosed or are still being disclosed, in particular to recipients in third countries or to international organizations
if possible, the planned duration of storage of the personal data or, if this is not possible, the criteria for determining this duration
the existence of a right of correction or deletion of personal data concerning you or a right of restriction of the processing by the controller or a right of opposition to this processing
the existence of a right of appeal with regulatory authority
if the personal data are not collected from the data subject: Any available information about the origin of the data
the existence of automated decision-making including profiling in accordance with Article 22 paragraph 1 and 4 GDPR and, – at least in these cases – meaningful information about the logic involved and the scope and intended effects of such processing for the data subject
Furthermore, the data subject has a right to obtain information as to whether personal data has been transmitted to a third country or to an international organization. If so, the data subject has the right to receive information about the appropriate guarantees in connection with the transmission.

If a data subject wishes to exercise this right to information, they can contact an employee of the controller at any time.

 

c) Right of rectification

Every person affected by the processing of personal data has the right granted by the European regulators to request the immediate rectification of incorrect personal data concerning them. Furthermore, the data subject has the right, considering the purposes of the processing, to request the completion of incomplete personal data – also by means of a supplementary declaration.

If a data subject wishes to exercise this right of rectification, they can contact an employee of the controller at any time.

 

d) Right of deletion (right to be forgotten)

Every person affected by the processing of personal data has the right granted by the European regulators to request the controller to delete the personal data concerning them immediately, provided that one of the following reasons applies and, insofar as the processing is not necessary:

The personal data were collected or otherwise processed for purposes for which they are no longer necessary.

The data subject revokes their consent, on which the processing was based in accordance with Article 6 paragraph 1, letter a of the GDPR or Article 9 paragraph 2, letter a of the GDPR, and there is no other legal basis for the processing.

The data subject objects to the processing in accordance with Art. 21 paragraph 1 of GDPR, and there are no overriding legitimate reasons for the processing, or the data subject objects in accordance with Art. 21 paragraph 2 of GDPR to the processing.

The personal data was processed unlawfully.

The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the member states to which the controller is subject.

The personal data was collected in relation to the information society services offered in accordance with Art. 8 paragraph 1 of GDPR.

If one of the above-mentioned reasons applies and a data subject would like to have deleted personal data stored at k-tech Konstruktion – Automation – Produktion GmbH, they can contact an employee of controller at any time. The employee of k-tech Konstruktion – Automation – Produktion GmbH will arrange for the deletion request to be complied with immediately.

If the personal data has been made public by k-tech Konstruktion – Automation – Produktion GmbH and our company, as controller, is obliged to delete the personal data in accordance with Art. 17 paragraph 1 of GDPR, k-tech Konstruktion – Automation – Produktion GmbH will take, considering the available technology and the implementation costs, appropriate measures, including technical ones, to inform other data controllers processing the published personal data that the data subject has requested from these other data controllers the deletion of all links to this personal data or copies or replications of this personal data, insofar as the processing is not necessary. The employee of k-tech Konstruktion – Automation – Produktion GmbH will take the necessary steps in individual cases.

 

e) Right to restriction of processing

Any person affected by the processing of personal data has the right, granted by the European regulators, to require the controller to restrict processing if one of the following conditions is met:

The correctness of the personal data is contested by the data subject for a period that enables the controller to check the correctness of the personal data.

The processing is unlawful, the data subject refuses the deletion of personal data and instead requests that the use of the personal data will be restricted.

The controller no longer needs the personal data for the purposes of processing, but the data subject needs them to assert, exercise or defend legal claims.

The data subject objects to the processing in accordance with Art. 21 paragraph 1 of GDPR and, it has not yet been determined whether the legitimate reasons of the controller outweigh those of the data subject.

If one of the above-mentioned prerequisites applies and a data subject would like to request the restriction of the personal data stored at k-tech Konstruktion – Automation – Produktion GmbH, they can contact an employee of controller at any time. The employee of k-tech Konstruktion – Automation – Produktion GmbH will arrange for the restriction of the processing.

 

f) Right to data portability

Every person affected by the processing of personal data has the right, granted by the European regulators, to receive the personal data concerning them, which have been made available to a controller by the data subject, in a structured, common, and machine-readable format. They also have the right to transfer this data to another controller without being hindered by the controller to whom the personal data was provided, provided that the processing is based on the consent in accordance with Art. 6 paragraph 1 letter of GDPR or Art. 9 paragraph 2 letter a of GDPR or on a contract in accordance with Art. 6 paragraph 1 letter b of GDPR and, the processing is carried out using automated procedures, unless the processing is necessary for the performance of a task that is in the public interest or takes place in the exercise of official authority that has been transferred to the controller.

When exercising their right to data portability in accordance with Art. 20 paragraph 1 of GDPR, the data subject also has the right to have the personal data transmitted directly from one controller to another, insofar as this is technically feasible and if this does not affect the rights and freedoms of other persons.

To assert the right to data portability, the data subject can contact an employee of k-tech Konstruktion – Automation – Produktion GmbH.

 

g) Right to object

Any person affected by the processing of personal data has the right, granted by the European regulators, to object, at any time and for reasons relating to their situation, to the processing of personal data relating to them in accordance with Art. 6 paragraph 1 letter e or f of GDPR. This also applies to profiling based on these provisions.

In the event of an objection, k-tech Konstruktion – Automation – Produktion GmbH will no longer process the personal data, unless we can prove compelling legitimate reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

If k-tech Konstruktion – Automation – Produktion GmbH processes personal data for the purposes of direct advertising, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is associated with such direct advertising. If the data subject objects to processing by k-tech Konstruktion – Automation – Produktion GmbH for direct marketing purposes, k-tech Konstruktion – Automation – Produktion GmbH will no longer process the personal data for these purposes.

In addition, the data subject has the right, for reasons relating to their particular situation, to object to the processing of personal data concerning them that is carried out by k-tech Konstruktion – Automation – Produktion GmbH for scientific or historical research or statistical purposes in accordance with Art 89 paragraph 1 of GDPR, to object, unless such processing is necessary to fulfil a task in the public interest.

To assert the right to objection the data subject can contact an employee of k-tech Konstruktion – Automation – Produktion GmbH or any other employee. In connection with the use of services of the information society and, regardless of Directive 2002/58/EC, the data subject is also free to exercise their right to object by means of automated procedures using technical specifications.

 

h) Automated decisions in individual cases including profiling

Any data subject affected by the processing of personal data has the right, granted by the European regulators, not to be subjected to a decision based solely on automated processing – including profiling – which has legal effects on them or similarly significantly affects them, if the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is permissible on the basis of Union or Member State law to which the data subject is subject and these legal provisions include appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject or (3) is made with the express consent of the data subject.

If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the person responsible or (2) it is made with the express consent of the data subject, k-tech Konstruktion – Automation – Produktion GmbH takes appropriate measures to protect the rights and freedoms as well as the legitimate interests of the data subject, including at least the right to obtain intervention by a person on the part of the data subject, to express their own point of view and to contest the decision.

If the data subject wishes to assert rights relating to automated decisions, they can contact an employee of the controller at any time.

 

i) Right to cancel the consent to data processing

Every person affected by the processing of personal data has the right, granted by the European regulators, to cancel the consent to data processing at any time.

If the data subject wishes to assert their right to cancel a consent, they can contact an employee of the controller at any time.

 

 

Data protection in recruitment and during the recruitment process
The controller collects and processes the personal data of candidates for the purpose of handling the recruitment process. The processing can also be done electronically. This applies particularly if a candidate sends the relevant application documents electronically, for example by mail or via a web form on the website, to the controller. If the controller concludes an employment contract with a candidate, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the legal provisions. If the controller does not conclude an employment contract with the candidate, the application documents will be automatically deleted two months after notification of the rejection decision, provided that deletion does not conflict with other legitimate interests of the controller. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (GETA).

 

Data protection regulations on the application and use of Facebook and Instagram
The controller has integrated components of Facebook and Instagram on this website. Facebook and Instagram are social networks.

A social network is a social meeting point operated on the Internet, an online community that usually enables users to communicate with one another and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enables the internet community to provide personal or company-related information. Among other things, Facebook enables users of the social network to create private profiles, upload photos or videos and network via friend requests or follows.

The operating company of Facebook and Instagram is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller of personal data is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.

Upon each access to the individual pages of this website which is operated by the controller and on which a Facebook & Instagram component (Facebook & Instagram plug-in) has been integrated, the Internet browser on the information technology system of the data subject will be automatically required by the respective Facebook and Instagram component to download a representation of the corresponding Facebook and Instagram component from Facebook. A complete overview of all Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. As part of this technical process, Facebook will get knowledge of which specific subpage of our website is accessed by the data subject.

If the data subject is logged into Facebook or Instagram at the same time, Facebook recognizes upon each access to our website by the data subject and for the entire duration of the respective visit on our website, which specific subpage of our website is visited by the data subject. This information is collected by the Facebook & Instagram component and assigned to the respective Facebook or Instagram account of the data subject by Facebook. If the data subject activates one of the Facebook or Instagram buttons integrated on our website, for example the “Like” button, or if the data subject makes a comment, Facebook assigns this information to the data subject’s personal Facebook or Instagram user account and saves this personal data.

If the data subject is logged into Facebook or Instagram at the same time as accessing our website, Facebook will always receive information via the Facebook or Instagram component that the data subject has visited our website; this takes place regardless of whether the data subject clicks on the Facebook or Instagram component or not. If the data subject does not want this information to be transmitted to Facebook, they can prevent the transmission by logging out of their Facebook or Instagram account before calling up our website.

The privacy policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/, provides information on the collection, processing and use of personal data by Facebook. It also explains which setting options are offered by Facebook to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress data transmission to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.

 

Data protection regulations on the application and use of Youtube
The controller has integrated Youtube components on this website. Youtube is a  video sharing service where users can watch, like, share, comment and upload their own videos.

Youtube’s operating company is Google LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. If a data subject lives outside the USA or Canada, the controller of personal data is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland.

Upon each access to the individual pages of this website which is operated by the controller and on which a Youtube component (Youtube button) has been integrated, the Internet browser on the information technology system of the data subject will be automatically required by the respective Youtube component to download a representation of the corresponding Youtube component from Google. Further information on the Youtube buttons is available at https://adssettings.google.com/authenticated. As part of this technical process, Google will get knowledge of which specific subpage of our website is accessed by the data subject. The purpose of integrating the Youtube component is to enable our users to redistribute the contents of this website, to make this website known in the digital world and to increase our visitor numbers.

If the data subject is logged into Youtube at the same time, Google recognizes upon each access to our website by the data subject and for the entire duration of the respective visit on our website, which specific subpage of our website is visited by the data subject. This information is collected by the Youtube component and assigned to the respective Youtube account of the data subject by Google. If the data subject is logged in to Youtube at the same time, Google recognizes with each visit to our website by the person concerned and for the entire duration of their stay on our website, which specific subpage of our website the person concerned is visiting. This information is collected by the Youtube component and assigned to the respective Youtube account of the data subject.

If the data subject is logged into Youtube at the same time as accessing our website, Google will always receive information via the Youtube component that the data subject has visited our website; this takes place regardless of whether the data subject clicks on the Youtube component or not. If the data subject does not want this information to be transmitted to Google, they can prevent the transmission by logging out of their Youtube account before calling up our website.

The applicable data protection regulations of Youtube can be found at https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

 

Data protection regulations on the application and use of Twitter
The controller has integrated Twitter components on this website. Twitter is a multilingual, publicly accessible microblogging service where users can publish and distribute so-called tweets, i.e. short messages that are limited to 280 characters. These short messages are available to everyone, including people who are not logged on to Twitter. The tweets are also displayed to the so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Twitter also enables a broad audience to be addressed via hashtags, links or retweets.

Twitter’s operating company is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

Upon each access to the individual pages of this website which is operated by the controller and on which a Twitter component (Twitter button) has been integrated, the Internet browser on the information technology system of the data subject will be automatically required by the respective Twitter component to download a representation of the corresponding Twitter component from Twitter. Further information on the Twitter buttons is available at https://about.twitter.com/de/resources/buttons. As part of this technical process, Twitter will get knowledge of which specific subpage of our website is accessed by the data subject. The purpose of integrating the Twitter component is to enable our users to redistribute the contents of this website, to make this website known in the digital world and to increase our visitor numbers.

If the data subject is logged into Twitter at the same time, Twitter recognizes upon each access to our website by the data subject and for the entire duration of the respective visit on our website, which specific subpage of our website is visited by the data subject. This information is collected by the Twitter component and assigned to the respective Twitter account of the data subject by Twitter. If the data subject is logged in to Twitter at the same time, Twitter recognizes with each visit to our website by the person concerned and for the entire duration of their stay on our website, which specific subpage of our website the person concerned is visiting. This information is collected by the Twitter component and assigned to the respective Twitter account of the data subject.

If the data subject is logged into Twitter at the same time as accessing our website, Twitter will always receive information via the Twitter component that the data subject has visited our website; this takes place regardless of whether the data subject clicks on the Twitter component or not. If the data subject does not want this information to be transmitted to Twitter, they can prevent the transmission by logging out of their Twitter account before calling up our website.

The applicable data protection regulations of Twitter can be found at https://twitter.com/privacy?lang=de.

 

Legal basis for processing
Art. 6 I lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary to fulfil a contract to which the data subject is a party, as e.g. for processing operations that are necessary for the delivery of goods or the provision of other services or consideration, the processing is based on Art. 6 I lit. b of GDPR. The same applies to processing operations that are required to carry out pre-contractual measures, e.g. in case of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, for example to fulfil tax obligations, the processing is based on Art. 6 I lit. c of GDPR. In rare cases, it may be necessary to process personal data to protect the vital interests of the data subject or another natural person. This would apply e.g. if a visitor to our company were injured and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d of GDPR. Finally, the processing could be based on Art. 6 I lit. d of GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, insofar as the interests, fundamental rights and freedoms of the data subject do not outweigh the interests. We are particularly permitted to carry out such processing operations because they have been specifically mentioned by the European legislator. In this respect, he took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 paragraph 2 GDPR).

 

Legitimate interests in the processing that are being pursued by the controller or a third party
If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the conduct of our business activities for the benefit of all our employees and our shareholders.

 

Duration of the storage of the personal data
The criterion for the duration of the storage of personal data is the respective legal retention period. After the period has expired, the relevant data is routinely deleted, provided that it is no longer required to fulfil or initiate a contract.

 

Legal or contractual regulations for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision
We inform you that the provision of personal data is in part required by law (e.g. tax regulations) or can also result from contractual regulations (e.g. information on the contractual partner). In order to conclude a contract, it may sometimes be necessary for a data subject to provide us with personal data that we subsequently have to process. For example, the data subject is obliged to provide us with personal data when our company concludes a contract with them. Failure to provide personal data would mean that the contract could not be concluded with the data subject. Before the data subject provides personal data, they must contact one of our employees. Our employee explains to the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what consequences the failure to provide the personal data would have.

 

Existence of automated decision-making
As a responsible company, we do not use automatic decision-making or profiling.

This sample data privacy statement was created by the data privacy statement generator of DGD Deutsche Gesellschaft für Datenschutz GmbH, which carries out data protection audits, in cooperation with the media law firm WILDE BEUGER SOLMECKE.