Information on Privacy Policy

Under the web address http://www.kostal-kontakt-systeme.com, the company KOSTAL Kontakt Systeme GmbH presents its website. The website provides information about products and services.

In the following please find information about the data controller processing your personal data, the data controller’s data protection officer (Section A) and about your right with respect to the processing of your personal data (Section B).

Moreover, you also obtain information in the following about the data controller processing your personal data (Section C) and information about the use of cookies (Section D) in connection with the website and offers made on the website.

A. Information about the data controller

I. Name and contact data of the data controller

KOSTAL Kontakt Systeme GmbH, represented by the managing directors Dr.-Ing. Markus Bergholz, Dipl.-Oec. Andreas Kostal and Dipl.-Kfm. Ulrich Zimmermann
An der Bellmerei 10
58513 Lüdenscheid
+49 2351 7894 111
kks-de@kostal.com

II. Contact data of the data controller’s data protection officer

Data Protection Officer of the KOSTAL Group
An der Bellmerei 10, 58513 Lüdenscheid
dataprotection@kostal.com

B. Information about rights of data subjects

As a data subject you shall have the following rights with respect to processing your personal data:

  • Right of access (Article 15 GDPR)
  • Right of rectification (Article 16 GDPR)
  • Right to erasure (“right to be forgotten“) (Article 17 GDPR)
  • Right to the restriction of processing (Article 18 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right of appeal (Article 21 GDPR)
  • Right to withdraw consent (Article 7 paragraph 3 GDPR)
  • Right to lodge a complaint with the supervisory authority (Article 57 paragraph 1 point f GDPR)

You may contact our Data Protection Officer for the purpose of exercising your rights (Section A.II.).

If applicable, you can find information about any special modalities and mechanisms facilitating exercising your rights, especially exercising your right to data portability and objection, in the information about processing of your personal data in Section C of this Privacy Policy.

You can find the full extent of your rights in the before-mentioned articles GDPR which can be assessed using the following link: http://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32016R0679.

In the following please find detailed information about your rights with regard to the processing of your personal data:

I. Right to access

As a data subject, you have the right to access information under the conditions provided in Article 15 GDPR.

This means in particular that you shall be entitled to obtain a confirmation from us to whether we are processing your personal data. In this case, you shall also have the right to obtain access to this personal data and information listed in Article 15 paragraph 1 GDPR. This includes for example information about the purpose of processing, about the categories of personal data and about the recipients or categories of recipients to whom the personal data has been or will be disclosed (Article 15 paragraph 1 a, b and c GDPR).

II. Right to rectification

As a data subject, you shall be entitled to rectification under the conditions provided in Article 16 GDPR.

This particularly means that you shall have the right to immediately demand from us rectification of inaccuracies in your personal data and completion of incomplete personal data.

III. Right to erasure (“Right to be forgotten“)

As a data subject you shall be entitled to erasure (“right to be forgotten”) under the conditions provided in Article 17 GDPR.

This means that you have generally the right to demand from us immediate erasure of personal data and we shall be obliged to immediately delete personal data in the event of any reasons stated in Article 17 paragraph 1 GDPR. This can be the case, for example, if personal data is no longer required for the purposes for which it was collected or has been processed in any other manner (Article 17 paragraph 1 point a GDPR).

If we have made the personal data public and are obliged to delete it, we shall be also obliged – considering the available technology and costs of implementation – to take reasonable steps, even technically, for informing other data controllers processing personal data that the data subject required such data controllers to erase all links to this personal data or copies or replications of this personal data (Article 17 paragraph 2 GDPR).

The right to erasure (“right to be forgotten“) does not apply if processing is required for the reasons listed in Article 17 paragraph 3 GDPR. This may be the case, for example, if processing is required for fulfilment of a legal obligation or for asserting, exercising or defending legal claims (Article 17 paragraph 3 points a and e GDPR).

IV. Right to restriction of processing

As a data subject you shall be entitled to the right to restriction of processing under the conditions of Article 18 GDPR.

This means that you are entitled to demand restriction of processing from us in the event of any prerequisite defined in Article 18 paragraph 1 GDPR. This may be the case, for example, if you contest accuracy of personal data. Restriction of processing is for a period which allows us to investigate accuracy of personal data (Article 18 paragraph 1 point a GDPR).

Restriction means that stored personal data is marked with the objective to restrict its future processing (Article 4 number 3 GDPR).

V. Right to data portability

As a data subject you shall be entitled to the right to data portability under the conditions of Article 20 GDPR.

This means that you generally have the right to obtain your personal data you have provided to us in a structured, commonly used and machine-readable format and you have the right to transmit this data to another data controller without being hindered by us if the processing is based on a consent pursuant to Article 6 paragraph 1 point a or Article 9 paragraph 2 point a GDPR or a contract based on Article 6 paragraph 1 point b GDPR and data is processed using automated procedures (Article 20 paragraph 1 GDPR).

You can find information as to whether a processing is based on a consent pursuant to Article 6 paragraph 1 point a or Article 9 paragraph 2 point a GDPR or a contract pursuant to Article 6 paragraph 1 point b GDPR, in the information about the legal grounds of processing in Section C of this Data Privacy Policy.

When asserting your right to data portability you shall be additionally entitled also to have your personal data transmitted directly by us to another data controller where technically feasible (Article 20 paragraph 2 GDPR).

VI. Right to appeal

As a data subject you shall be entitled to the right to appeal under the conditions of Article 21 GDPR.

On the occasion of our first communication with you at the latest we will expressly draw your attention to your right to appeal.

In the following, please find more detailed information on this:

1. Right to appeal for reasons resulting from the special structure of the data subject


As a data subject you shall be entitled at any time to file an objection against the processing of your personal data for any reasons resulting from your particular situation if the data is processed due to Article 6 paragraph 1 point e or f GDPR; this shall also apply to any profiling based on these provisions.

You will find information on whether the data is processed due to Article 6 paragraph 1 point e or f GDPR in the information about processing in Section C of this Data Protection Policy.

In the event of any appeal for reasons resulting from your particular situation we will discontinue processing your personal data unless we are capable of proving mandatory reasons worthy of protection for processing prevailing your interests, rights and freedoms or the processing serves for asserting, exercising or defending legal claims.

2. Right to object to direct advertising


In the event of personal data being processed for running direct advertising you shall be entitled to object processing of personal data for the purpose of such advertising at any time; this shall also apply to profiling as far as associated with such a direct advertising.

You will find information on whether and to what extent personal data is processed for running direct marketing in the information about the purpose of processing in Section C of this Data Protection Policy.

In case of objecting to processing for the purpose of direct marketing, we will discontinue processing personal data for this purpose.

VII. Right to withdraw consent

If processing is based on a consent pursuant to Article 6 paragraph 1 point a or Article 9 paragraph 2 point a GDPR, you as the data subject pursuant to Article 7 paragraph 3 GDPR shall be entitled to withdraw your consent at any time. Withdrawing the consent shall not affect legitimacy of the processing taken place until withdrawal. We will inform you about this prior to your consent.

You will find information on whether any processing is based on a consent pursuant to Article 6 paragraph 1 point a or Article 9 paragraph 2 point a GDPR, in the information about the legal bases of processing in Section C of this Data Privacy Policy.

VIII. Right to lodge a complaint with the supervisory authority

As a data subject you shall have the right to lodge a complaint with the supervisory authority under the conditions of Article 57 paragraph 1 point f GDPR.

The supervisory authority responsible for us is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44, 40102 Düsseldorf
Tel.: 0211/38424-0
Fax: 0211/38424-10
E-Mail: poststelle@ldi.nrw.de

C. Information about processing personal data

In connection with the website and offers provided on the website different data is processed for different purposes. For example, for providing the contents of the website accessed by you, we process certain protocol data accruing for technical reasons when calling up the website.

As far as we as the so-called responsible decide solely or jointly with others upon the purposes and means of the processing of personal data, please find in the following information particularly about

  • Personal data or categories of personal data to be processed,
  • The purposes for which personal data shall be processed,
  • The legal basis for processing and if processing is based on Article 6 paragraph 1 point f GDPR, legitimate interests pursued by us or any third party,
  • Where applicable the recipients or categories of recipients of personal data,
  • Where applicable our intention to transmit personal data to any third party country or any international organization as well as the presence or absence of an adequacy decision of the Commission or in the event of transmissions pursuant to Article 46 or Article 47 GDPR or Article 49 paragraph 1 subparagraph 2 GDPR any reference to suitable or appropriate guarantees and the possibility how to obtain a copy thereof or where they are available,
  • The duration for which personal data is stored or, if this is impossible, criteria for defining this duration,

As far as we collect your personal data from you as a data subject, you will additionally find information in the following whether providing personal data is legally or contractually required or necessary for concluding a contract, whether you are obliged to provide personal data and the consequences of non-provision.

As far as we do not collect personal data from you as a data subject, please find additionally in the following information about what source personal data originates from and where applicable whether it originates from publicly accessible sources.

I. Informational utilization of the website

In the event of purely informational utilization of the website, certain information, for example your IP address, is for technical reasons sent to the server of our website via the browser applied on your terminal device. We process this information for providing the contents of the website called up by you. For guaranteeing safety of the IT infrastructure applied for providing the website, this information is additionally stored temporally in a web server log file.

For enabling informational utilization of the website, we apply cookies on the website (Section D of this Data Protection Policy), by means of which personal data is processed.

More information on this is given below:

1. Details on personal data to be processed


Categories of personal data to be processed This/these category/categories contain(s) / may particularly contain Sources of data Obligation for providing data Storage period
Protocol data accruing for technical reasons if the website is visited (“http data“). IP address, type and version of   your internet browser, operating system used, the page accessed, the page accessed before (referrer URL), date and time of the visit. Website users. Provision is not a statutory or contractual requirement or required for contract conclusion. There is no obligation to provide data. If failing to provide data we will not be in the position to provide the contents of the website visited. Data is stored in server log files in a manner enabling identification of data subjects, for a maximum period of three months, unless any security-relevant event occurs (e.g. DDoS attack). In the event of a security-relevant event, server log files will be stored until removal and complete clarification of the safety-relevant event.
Data that is stored in absolutely necessary cookies (Section D) on the end device of the user in order to manage cookie consents for this website (“opt-in-cookie data“) Consent for the use of cookies on your end device. Website users. Provision is not a statutory or contractual requirement or required for contract conclusion.  There is no obligation to provide data. If failing to provide data we cannot consider any cookie consents on this website. We do not store this data on our systems. For the cookies‘ term of validity please refer to Section D.III

2. Details about processing personal data


Purpose of processing personal data Categories of personal data to be processed Automated decision-making Legal basis and, if applicable, legitimate interests Recipient
For providing the contents of the website accessed by the user,  HTTP data is temporally processed on our webserver. HTTP data. No automated decision-making. Balancing of interests (Article 6 paragraph 1 point f GDPR). Our legitimate interest is the provision of contents of the website accessed by the user. Dokom GmbH as hosting provider.
For safeguarding security of the IT infrastructure applied for proving the website, particularly for defining, removing and evidential documentation of interferences (e.g. DDoS attacks), HTTP data is temporally processed in web server log files. HTTP data. No automated decision-making. Balancing of interests (Article 6 paragraph 1 point f GDPR). Our legitimate interest is ensuring security of the IT infrastructure applied for providing the website, particularly for defining, removing and evidential documentation of interferences (e.g. DDoS attacks). Dokom GmbH as hosting provider and :kostal design GmbH & Co. KG.

3. Details on recipients of personal data and transfer of personal data in third-party countries and / or international organisations


Recipient Recipient’s role Recipient’s location Adequacy decision or appropriate guarantees for transmissions in third-party countries and / or international organisations
Dokom GmbH as hosting provider Processor EU -
:kostal design GmbH & Co. KG Processor EU _

II. Utilization of online contact forms

On the website, we provide you the possibility to contact us via contact forms. Information provided by you in contact forms will be processed for processing your concern.

More information on this is given below:

1. Details on personal data that is processed


Categories of personal data to be processed This/these category/categories contain(s) / may particularly contain Sources of data Obligation to provide data Storage period
Protocol data accruing for technical reasons if the website is visited (“http data“). IP address, type and version of your internet browser, operating system used, the page accessed, the page accessed before (referrer URL), date and time of the visit. Website users. Provision is not a statutory or contractual requirement or required for contract conclusion. There is no obligation to provide data. If failing to provide data we will not be in the position to provide the contents of the website visited. Data is stored in server log files in a manner enabling identification of data subjects, for a maximum period of thirty days, unless any security-relevant event occurs (e.g. DDoS attack). In the event of a security-relevant event, server log files will be stored until removal and complete clarification of the security-relevant event.
Data provided by you in contact forms of the website (“contact form data“). This comprises information provided by you in the respective contact form of the website. This may especially include the following data:
  • Contact data (name, e-mail address)
  • Company address
  • Optionally, information about the sector, company name and a blank field for comments
Website users. Provision is not a statutory or contractual requirement or required for contract conclusion. There is no obligation to provide data. If failing to provide data we will not be in the position to provide the contents of the website visited. Data is stored until completion of your concern. Moreover, we store this data in the event of any statutory, especially commercial and tax retention requirements. Depending on the kind of document, commercial and tax retention requirements may by six or ten years (Article 147 Tax Code (AO), Article 257 Commercial Code (HGB).

2. Details on processing personal data


Purpose of processing personal data Categories of personal data to be processed Automated decision-making Legal basis and, if applicable, legitimate interests Recipient
For providing the contents of the website accessed by the user, HTTP data is temporally processed on our webserver. HTTP data. No automated decision-making Balancing of interests (Article 6 paragraph 1 point f GDPR). Our legitimate interest is to provide contents of the website the user has visited. Dokom GmbH as hosting provider.
Processing of your concern. Contact form data. No automated decision-making As far as your inquiry concerns a contract whose contracting party you are, or concerns implementing contractual measures: Article 6 paragraph 1 point f GDPR. Otherwise: Balancing of interests (Article 6 paragraph 1 point f GDPR). In this case our legitimate interest is processing your concern. KOSTAL Kontakt Systeme GmbH
Storing and processing for the purpose of evidence for potential establishment, exercise or defense of legal claims. Contact form data. No automated decision-making Balancing of interests (Article 6 paragraph 1 point f GDPR). Our legitimate interest is asserting, exercising or defending legal claims. -
Data retention for compliance with statutory, especially commercial and tax retention requirements. Depending on the kind of document, commercial and tax retention requirements may by six or ten years (Article 147 Tax Code (AO), Article 257 Commercial Code (HGB). Contact form data. No automated decision-making Fulfilment of a contractual obligation (Article 6 paragraph 1 point c GDPR). -

3. Details on recipients of personal data and transfer of personal data in third-party countries and / or international organisations


Recipient Recipient’s role Recipient’s location Adequacy decision or appropriate guarantees for transmissions in third-party countries and / or international organisations
Dokom GmbH as hosting provider Processor EU -
Comspace GmbH & Co. KG as developer of the website Processor EU -
KOSTAL Kontakt Systeme GmbH Processor EU -

III. Using third-party provider plugins (e.g. social-media plugins or online card-service plugins)

On the website please find integrated plugins of third-party providers which you can activate to use functionalities on the website offered by third-party providers.

More information on this is given below:

1. Third-party plugins integrated on the website


The following third-party plugins are integrated on the website which you can activate to use functionalities of the website of the following third-party providers:

Third-party provider Third-party provider plugin Further information of provider about third-party provider plugin Adequacy decision or suitable or appropriate guarantees for transfer to third-party countries and/or international organisations[1]
Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA („Google“) via map-generator.eu. Google Maps For further information about functionality please refer to the description of the provider: https://developers.google.com/maps/. For further information about data processing by the provider please refer to the Data Protection Policy of the provider: https://www.google.com/policies/privacy/ EU-U.S. Privacy Shield Certification

[1] Information about presence or absence of an adequacy decision of the EU Commission or in the event of transmissions pursuant to Article 46 or Article 47 or Article 49 paragraph 1 subparagraph 2 GDPR, a reference to suitable or appropriate guarantees and the possibility how to get a copy thereof or where they are available.

2. Processing personal data by providers of the third-party provider plugin


By visiting the respective pages used by the plugin, the provider of the respective plugin (comparable to visiting an external website via a link) may particularly process your IP address as well as the address (URL). Moreover, the provider of the respective plugin may obtain information of any cookies of the respective provider stored in your internet browser. Thus, already when accessing the page the provider of the respective plugin may at least obtain information by the respective plugin that our website was accessed under the IP address assigned to you at the time of accessing. If you are registered as a user with the respective third-party provider, the provider of the respective plugin may also usually assign the received data to your user account. Please note that we are not aware of any data concretely collected by the provider of the respective plugin. We do not know either the concrete purposes of processing of the data collected by the provider of the respective plugin or further details of data processing of the respective provider. In particular we do not know whether the respective provider processes the collected data only for providing functionality of the respective plugin (so for example for sharing certain contents or adding comments) or additionally for any further purposes (e.g. for creating usage profiles or for personalizing advertisement).

D. Information about using cookies

We use cookies in connection with the website and offers made on the website. We use processing and storage functions of the browser of your end device and collect information from the storage of the browser of your end device. More information on this is given below.

I. General information on cookies

Cookies are small text files with information that can be placed on the end device of the user when visiting a website. When the website is visited again with the same end device, the cookie and the information it contains can be retrieved.

1. First-party and third-party cookies


Depending on where a cookie comes from, it is distinguished between first-party cookies and third-party cookies:

First-party cookies Cookies placed and accessed by the operator of the website as the controller or processor engaged by it.
Third-party cookies Cookies placed and accessed by controllers other than the operator of the website that are not processors engaged by the operator of the website.

2. Transient and persistent cookies


Moreover, depending on how long they remain active, it is distinguished between transient and persistent cookies:

Transient cookies (session cookies) Cookies that are automatically deleted if you close your browser.
Persistent cookies Cookies remaining stored on your end device after your browser is closed.

3. Consent-free cookies and cookies requiring consent


Depending on their function and purpose of use, applying certain cookies may require consent of the user. Thus, a distinction can be made between cookies that require the user’s content and those requiring not:

Consent-free cookies Cookies whose sole purpose is to transmit a message using an electronic communication network.
Cookies that are mandatory for the provider offering a service that has been expressly requested by a user can provide this service (“absolutely necessary cookies“)
Cookies requiring consent Cookies for all purposes of use other than the before-mentioned.

II. Management of cookies applied on this website

1. Granting consent for using cookies


If a user’s consent is required for using certain cookies, we only use these cookies when you use our website if you have previously granted your consent to this. You can find information as to whether applying a cookie requires consent in the information about the cookies applied on this website in Section D.III. of this cookie information.

If you visit our website, we display a so-called “cookie banner“ in which you can declare your consent for applying cookies on this website by clicking on a button. By clicking on the button you can agree to the use of all cookies individually described in Section D.III. of this cookie information.

We also store your consent and where applicable your individual selection of cookies in the form of a cookie (“opt-in cookie“) on your end device in order to determine, when you visit the website again, whether you have already granted your consent. The opt-in cookie has a limited effective period of six months.

Mandatory cookies cannot be deactivated via the cookie management function of this website. However, you can deactivate these cookies in general at any time in your browser.

2. Managing cookies using browser settings


You can also manage using cookies in the settings of your browser. Different browsers provide different ways of configuring cookie settings in the browser. For example, you can find further detailed information on this on

http://www.allaboutcookies.org/ge/cookies-verwalten/.

However, please note that potentially some functions of the website do not or no longer work properly if you deactivate cookies in your browser generally.

III. Cookies used on this website

The following cookies may be used on this website:

Name First Party / Third Party Purpose of use and content Effective term Consent necessary?
PHPSESSID First Party Reference to an unambiguous session ID Transient until end of session No
Third Party Plugins
1P_JAR Third Party Use of YouTube plugin for enabling embedding videos on the website (Section C of this Privacy Policy). Transient until end of session No
CONSENT Third Party Use of YouTube plugin for enabling embedding videos on the website (Section C of this Privacy Policy). Transient until end of session No
NID Third Party Use of YouTube plugin for enabling embedding videos on the website (Section C of this Privacy Policy). Transient until end of session No
mapb Third Party Use of Google Map plugin for enabling embedding location information on the website (Section C of this Privacy Policy). Transient until end of session No
gmaps Third Party Use of Google Map plugin for enabling embedding location information on the website (Section C of this Privacy Policy). Transient until end of session No
ssid Third Party Use of Google Map plugin for enabling embedding location information on the website (Section C of this Privacy Policy). Transient until end of session No

E. Effective date of and changes to this Privacy Policy

The effective date of this Privacy Policy is 25 January 2019.

Due to technical advancements and/or amendment of statutory and/or official requirements this Privacy Policy may be subject to adaptation.

You can always retrieve the respective latest Privacy Policy under http://www.kostal-kontakt-systeme.com/en/datenschutz.php.