Data Protection

 

I. Preliminary Note

Thank you for visiting our website and for your interest in our company, our products and our services. For KVS GmbH (in the following: “we” or “us”), the protection of your data is of great importance. It is self-evident for us to treat your data confidentially and according to data protection rules as well as according to this Data Protection Policy.

 

With this present Data Protection Policy, we would like to inform you on how we process your data and the rights you have. This website might include links to other providers, on which this Data Protection Policy does not cover. By continuously using our website, you agree with the information processing of your data according to this Data Protection Policy.

 

Law changes or changes of our internal company processes require occasional adjustments of this Data Protection Policy. Please check the current version of our Data Protection Policy on our website regularly.

 

 

II. Contact Data

1. “Controller” pursuant to Art. 4 para. 7 GDPR

The controller of the data processing on this website is:

 

KVS GmbH

Niedersachsenstr. 16

48465 Schüttorf

Germany

 

Phone:   +49 (0) 5923 / 90 36-0

Email:    info@kvs-gmbh.com

 

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

 

If you decide to make contact via post or via email, please insert the addition “controller for data protection”.

 

 

2. “Processor” pursuant to Art. 37 GDPR in conjunction with § 38 BDSG (neu)

Working as a processor for KVS GmbH is the external data protection officer:

 

Mr. Guido Wenning

SIT Beratung GmbH

Liegnitzer Str. 21

48529 Nordhorn

Germany

Phone:   +49 (0) 5921 / 7888882

Email:    mail@sit-beratung.de

 

 

 

III. General and Mandatory Information

1. Purpose of Processing and Legal Basis

Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (= Bundesdatenschutzgesetz, BDSG) and other relevant data protection regulations. The processing and use of the individual data depends on the agreed or requested service.

 

a. Consent to Data Processing

If you give us consent in accordance with Art. 6 para. 1 lit. a GDPR for the processing of personal data, the respective consent is the legal basis for the processing mentioned therein. You can revoke your consent at any time with effect for the future.

 

b. Processing of Your Personal Data

We process your personal data in order to implement our contracts and agreements with you. Furthermore, your personal data are processed for the implementation of measures and activities in the context of pre-contractual relationships (Article 6 para. 1 lit. b GDPR).

 

c. Fulfilment of Legal Obligations

Pursuant to Art. 6 para. 1 lit. c GDPR, we process your personal data if this is necessary for the fulfilment of legal obligations (e.g. commercial or tax laws). If necessary, we also process your data for the fulfilment of tax control and reporting obligations as well as for the archiving of data for the purposes of data protection and data security as well as the examination by tax authorities and other authorities. In addition, the disclosure of personal data in the context of administrative / judicial action may be required for purposes of gathering evidence, prosecuting or enforcing civil claims.

 

d. Balancing of Interests

Furthermore, we may use your personal data based on balancing of interests to safeguard the legitimate interests of us or third parties (Article 6 para. 1 lit. f GDPR).

This is done for the following purposes with customers and interested parties:

–              for advertising or market research, if you have not objected to the use of your data;

–              for the limited storage of your data, if deletion due to the special nature of the storage is not possible or only with disproportionate effort;

–              for the further development of services and products as well as existing systems and processes;

–              for statistical analysis or market analysis;

–              for internal or external investigations and / or safety checks;

–              for certifications of private or official matters.

 

This is done for the following purposes with suppliers and providers:

–              for advertising or market research, if you have not objected to the use of your data;

–              for the limited storage of your data, if deletion due to the special nature of the storage is not possible or only with disproportionate effort;

–              for the further development of services and products as well as existing systems and processes;

–              for statistical analysis or market analysis;

–              for certifications under private law or regulatory affairs;

–              for the enforcement of legal claims and defence in legal disputes that are not directly attributable to the    contractual relationship;

–              to ensure and exercise our domiciliary rights through appropriate measures (such as video surveillance).

 

 

2. Personal Data Processed by Us

We receive your personal data when business relations with KVS GmbH come about.

 

The following data of customers and interested parties are processed:

–              personal data (name, occupation / industry and comparable data);

–              contact details (address, e-mail address, telephone number and comparable data);

–              customer history.

We reserve the right to process personally identifiable information from public sources (such as Internet, media, press).

 

The following data of suppliers and providers are processed:

–              personal data (name, occupation / industry and comparable data);

–              contact details (address, e-mail address, telephone number and comparable data);

–              supplier history.

We reserve the right to process personally identifiable information from public sources (such as Internet, media, press). If it is necessary for the performance of services, we also process personal data which we obtain lawfully from third parties (such as address publishers, credit agency).

 

 

3. Information Disclosure

a. Internal Disclosure

We disclose your personal data within our company to the areas which need this information to fulfil contractual and legal obligations or to implement our legitimate interests.

 

b. External Disclosure

Moreover, the following departments and offices may receive the data of our customers and interested parties:

–               contract data processor (Art. 28 GDPR), service providers for supporting activities and other responsible persons within the meaning of the GDPR, in particular in the areas of IT services, logistics, courier services, printing services, external data centres, support / maintenance of IT applications, archiving, document processing, accounting and controlling, data destruction, purchasing / procurement, customer administration, letter shops, marketing, telephony, website management, tax consulting, auditing services, credit institutions;

–               public bodies and institutions in the presence of a legal or regulatory obligation under which we are required to provide information, notification or disclosure of data;

–              other entities for which you have given us your consent to the transfer of data.

 

Moreover, the following departments and offices may receive the data of our suppliers and providers:

–               contract data processor (Art. 28 GDPR), service providers for supporting activities and other responsible persons within the meaning of the GDPR, in particular in the areas of IT services, logistics, courier services, printing services, external data centres, support / maintenance of IT applications, archiving, document processing, accounting and controlling, data destruction, purchasing / procurement, customer administration, letter shops, marketing, telephony, website management, tax consulting, auditing services, credit institutions;

–               public bodies and institutions in the presence of a legal or regulatory obligation under which we are required to provide information, notification or disclosure of data, or the disclosure of data is in the public interest;

–               bodies and institutions based on our legitimate interest or the legitimate interests of a third party (such as government agencies, credit agencies, debt collection agencies, lawyers, courts, appraisers and supervisory bodies);

–              other entities for which you have given us your consent to the transfer of data.

 

c. Further Information

Data processing outside the EU or the EEA does not happen.

 

 

4. Right to object pursuant to Art. 21 GDPR

a. General Information

In general, Art. 21 GDPR contains the right to object to the processing of personal data by us. This right of objection, however, only applies in the case of very special circumstances of your personal situation, whereby rights of our house might conflict with your right of objection. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

 

b. Consequences of Revocation

If you object, we will not process your personal information unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or processing for the purpose of enforcing, pursuing or defending legal claims.

 

c. Direct Advertising

We also may process personal data of customers and interested parties in order to do direct advertising. If you do not want to receive advertising, you have the right to object to it at any time. We will consider this revocation for the future.

 

d. Form of Revocation

The revocation can be made informally to our data protection officer (info@kvs-gmbh.com).

 

 

5. Right of appeal to the responsible supervisory authority

In the case of data protection violations, the person concerned according to Art. 77 DSGVO has a right of appeal to the responsible supervisory authority. The responsible supervisory authority in matters of data protection law is the state data protection officer of the federal state in which our company is based. For the KVS GmbH is responsible:

 

Die Landesbeauftragte für den Datenschutz Niedersachsen

Prinzenstraße 5

30159 Hannover

Germany

 

Telefon: +49 (0) 511 120-4500

Telefax: +49 (0) 511 120-4599

E-Mail:   poststelle@lfd.niedersachsen.de

 

 

6. Right to Data Portability

You have the right to receive the data which we automatically process on the basis of your consent or in fulfilment of a contract, handed out to yourself or to a third party in a common, machine readable form. If you require the direct transfer of the data to another person in charge, this will only be done to the extent technically feasible.

 

 

7. Your Privacy Rights

You have the following rights with respect to personal data concerning you:

–              the right of access (Article 15 GDPR), i. the right to free information about your stored personal data, their origin and recipients and the purpose of the data processing;

–              the right to rectification (Article 16 GDPR);

–              the right to erasure (Art. 17 GDPR);

–              the right to restriction of processing (Art. 18 GDPR) and

–              the right to data portability (Article 20 GDPR).

 

For further information on personal data, please contact the data protection officer of KVS GmbH at any time.

 

 

8. Scope of Your Obligations to Provide Us with Your Data

You only need to provide the data necessary to establish or conduct a business relationship or pre-contractual relationship with us or we are required to collect by law. Without this data, we will generally not be able to conclude or execute the contract. This may also apply to data required later in the business relationship. If we request further additional data from you, you will be made aware of the voluntary nature of the information separately.

 

 

9. Objection to Advertising Emails

The use of contact data published in the context of the imprint obligation for the purpose of sending unsolicited advertising and information materials is hereby rejected. KVS GmbH expressly reserves the right to take legal action in the event of unsolicited promotional information, such as spam emails.

 

 

 

III. Data Collection on Our Website

1. Cookies

On our website, cookies are used. Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when your visit our website. Cookies cannot execute programs or transmit viruses, Trojans or other malicious software. They serve to make the Internet offer more user-friendly and effective overall. Also, through the use of cookies no users can be identified.

 

Most of the cookies we use are so-called “session cookies”. They will be automatically deleted after your visit. In addition, to improve usability, temporary cookies are set and stored for a specified period of time.

 

Cookies, which are necessary to carry out the electronic communication process or similar, are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically correct and optimised provision of its services.

 

You can set your browser so that you are informed about the setting of cookies, and allow cookies only in individual cases, exclude the acceptance of cookies for certain cases or generally as well as enable the automatic deletion of cookies when closing the browser. Deactivating cookies may limit the functionality of this website.

 

If other cookies (such as cookies for analysing your browsing behaviour) are stored, they will be treated separately in this privacy policy.

 

 

2. Cookie Banner

To give you the option of cookie management, we use a cookie banner with opt-in function. In the Cookie Box of Borlabs Cookie, as a visitor of our website, you can make your own settings regarding the setting of cookies. Your decision will be saved in order to prevent the cookie banner from being displayed again when the website is called up again and the scope of your consent to be stored as evidence. Only after your decision, the corresponding cookies are set.

 

 

3. Log-Files

As soon as you visit our website, technical data are automatically collected and recorded in so-called log-files. Log files cannot be assigned to a specific person.

 

These are the following data:

 

–              IP address;

–              date and time of the request;

–              content of the request (concrete page);

–              access status / http status code;

–              each transmitted amount of data;

–              website from which the request comes from;

–              browser used;

–              operating system used;

 

The data is stored on the server for 3 months and then automatically deleted. The transfer of this data to third parties, for whatever purpose, does not take place.

 

 

 

IV. Other Features and Information about Our Website

1. SSL or TLS encryption

This site uses, for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as a site operator, an SSL or TLS encryption. An encrypted connection is indicated by the browser’s address bar changing from “http://” to “https://” and the lock icon in your browser bar.

If SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.

 

 

2. Contact by E-Mail or Other Means of Communication

If you contact us by e-mail, we would like to inform you that we endeavour to provide all necessary technical and organizational security measures so that personal data are stored in such a way that they are not accessible to third parties or the public. If you would like to contact us by e-mail, we would like to point out that the confidentiality of the transmitted information cannot be completely guaranteed with this communication channel. For this reason, we recommend considering other means of communication for the transmission of confidential data. The same applies to the use of contact forms that you use on third-party websites to contact us.

 

 

3. Databases

In accordance with applicable security and privacy laws, we use a variety of technical and organizational security measures to protect your personal information from unauthorized access, use, disclosure, alteration or destruction. Personal data is managed in safe and secure databases. The databases are protected by standard backup and restore processes.

 

 

4. Storage Duration of Your Data

We only store personal data as long as it serves a legitimate purpose. Once this legitimate purpose ceases, appropriate action will be taken to ensure the resolution of the personal data or the restriction of processing. However, it may happen that we are obliged to make certain storage even after the elimination of the processing purpose. Obligations arise for our company by the European or national legislator in Union law regulations, laws or other regulations. Reason are various storage and documentation obligations as well as limitation periods, which result from business relations or pre-contractual legal relationships. If any storage should no longer be covered by the specified specifications, the data will be deleted or the processing restricted, unless the further storage of the data is necessary for a contract or for other purposes.

 

 

 

V. External Services

1. Google Analytics

For the purpose of designing and continuously optimising this website, Google Analytics, a web analytics service provided by Google Inc., is used (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; in the following: “Google“). We have entered into an agreement with Google for order data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

 

This site has deactivated the function to generate analytics reports by demographics and interest.

 

The IP Anonymization function has been activated on this site. As a result, your IP address will be truncated by Google within member states of the European Union or other contracting states to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases, the complete IP address will be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other data by Google.

 

Cookies are used in this context. The information generated by the cookie about your use of this website as well as

–              browser type / version,

–              used operating system,

–              Referrer URL (the previously visited page),

–              host name of the accessing computer (IP address),

–              time of the server request,

 

are transferred to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage for the purpose of market research and customisation of these websites. This information may also be transferred to third parties if required by law or as far as third parties process this data in the order. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymised, so that an assignment is not possible (IP masking). The data is saved in Google Analytics for 14 months before it is automatically deleted.

 

You can prevent the installation of cookies by setting the browser software accordingly. However, it may happen that in this case not all features of this website may be fully used.

In addition, you may prevent the collection by Google of the data generated by cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading the browser plug-in available under the following link and install: https://tools.google.com/dlpage/gaoptout?hl=de.

 

As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics by clicking here and downloading an “opt-out cookie”. Your browser must therefore allow the storage of cookies in principle. If you delete your cookies regularly, you will need to click on the link each time you visit this website.

For more information about privacy related to Google Analytics, see the Google Analytics Help Centre:

https://support.google.com/analytics/answer/6004245?hl=de

 

 

2. Google Maps

On our website, you will find a link to Google Maps, which will only be activated if you actively choose to use this service from Google Maps and click on this particular link.

By clicking on the particular link, you will automatically be redirected to the page of Google Maps. By doing so, you consequently agree to the terms and conditions and to privacy policy of Google Maps. KVS GmbH has no influence on the processing of your data by Google Maps and therefore rejects any liability.

 

 

3. Business Pages on Facebook and Instagram

We run a so-called company pages both on Facebook and on Instagram. They serve as tools for easy communication to our visitors, comparable to a billboard. The legal basis for this is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Both Facebook and Instagram use various ways to track visitor behaviour. We have no influence on these mechanisms. The technical responsibility for the platform lies with Facebook and the responsibility is recognized by Facebook on https://www.facebook.com/legal/terms/page_controller_addendum##. The same applies to Instagram, which belongs to Facebook. Therefore, Facebook provides more information on this matter at the following link: https://help.instagram.com/519522125107875?helpref=page_content.

We do not obtain tracking information or visitor information from Facebook resp. Instagram and do not store such data on our system. All information collected by Facebook resp. Instagram, such as tracking information, remains the responsibility of Facebook resp. Instagram. In order to exercise your rights (such as the right of access), please contact Facebook resp. Instagram directly- this way, we ensure, among other things, that we do not even see such data.

 

 

VI. Miscellaneous

1. Contracts Apart from Our Online Offers

If you are our contractual partner and the contract has not come about through our online offer, we have provided the essential information regarding our data processing of your personal data as the person responsible in our terms and conditions. The following information is therefore supplementary to our terms and conditions. If you have further questions, please contact us using the contact details above.

 

With the collection of the personal data obtained in the context of contracting and implementing the contract we pursue the purpose of being able to fulfil our obligations under the contract. For example, we need your contact information to provide you with our services.

 

We also use the data to serve you as a customer and for statistical market and opinion research purposes. This is necessary to constantly improve our products and services and to adapt them to the needs of our customers. We only engage in direct advertising if you have consented or if another legal basis exists in accordance with the EU law of the member states.

 

The legal basis for the aforementioned data processing is in the case of a given consent Art. 6 para. 1 lit. a GDPR, insofar as this is necessary for the fulfilment of the contract and the performance of pre-contractual measures Art. 6 para. 1 lit. b GDPR, in all other cases mentioned above Art. 6 para. 1 lit. f GDPR (protection of legitimate interests), where our legitimate interest is the marketing and continuous improvement of our products and services and their adaptation to the needs of our customers. Please note in this respect the right of objection as described under II.4.

 

 

2. Credit Information

If there are any business relationships in which we make advance payments, we reserve the right to obtain information from SCHUFA or CEG Consumer Creditreform GmbH about your creditworthiness.

 

 

3. Applications and Application Process

The responsible body collects and processes the personal data of applicants for the purpose of processing the application process. The processing can also be done electronically. This is particularly the case if an applicant submits corresponding application documents to the controller by electronic means, for example by e-mail or via a web form available on the website. If the responsible body concludes a contract of employment with an applicant, the data transmitted will be stored for the purposes of the employment relationship in accordance with the law. If no employment contract is concluded with the candidate by the responsible body, the application documents will be automatically deleted no later than two months after the announcement of the rejection decision, unless deletion precludes other legitimate interests of the responsible body. Another legitimate interest in this sense, for example, is a burden of proof in a procedure under the General Equal Treatment Act (German: Allgemeines Gleichbehandlungsgesetz, AGG).

 

 

4. Safe and Responsible Behaviour on the Internet

KVS GmbH encourages all parents and guardians to instruct their children in the safe and responsible use of personal data on the Internet. Without the consent of parents or supervisors, children should not submit personal data to the website of KVS GmbH! We affirm that we do not knowingly collect, use, or unwarrantedly disclose any of your children’s personal information towards any third parties.

 

 

5. Change of Our Data Protection Regulations

As mentioned earlier, we reserve the right to amend this Data Protection Policy to always comply with current legal requirements or to implement changes to our services in the Data Protection Policy, e.g. when introducing new services. Your new visit to our website will be subject to the new Data Protection Policy.

 

 

 

 

(Effective Date: July 2020)