Data Privacy Statement
Data Privacy Statement
(as per 1 April 2019)
We are pleased that you are visiting our website and are interested in our company. The protection of your personal data is a prime concern for us. In accordance with Art. 12, 13 and 21 of the General Data Protection Regulation (GDPR), we are informing you below how your personal data are handled when you visit our website www.khs.com.
Personal data are detailed information about the personal or factual circumstances of an identified or identifiable natural person. This includes information such as real name, address, telephone number and date of birth.
I. Entity responsible
Entity responsible within the meaning of the General Data Protection Regulation:
KHS GmbH
Juchostraße 20
44143 Dortmund/Germany
E-Mail: webmaster[at]khs.com
Phone: + 49 231 569 - 0
Fax: + 49 231 569 - 1541
II. Data Protection Officer
Contact details of our Data Protection Officer:
KHS GmbH
Data Protection Officer: Marcel Moranz
Juchostraße 20
44143 Dortmund/Germany
E-Mail: marcel.moranz[at]khs.com
Phone: + 49 231 569 1976
III. Purposes and legal basis of data processing
1. Use of the website for information purposes
You can use our website without providing any personal details. If you use our website purely for information purposes, i.e. do not send us any personal information, we will not process any personal data, except for the data that your browser transmits to us to enable you to visit our website and the information that is transmitted to us by the cookies used for the statistical analysis of the use of our website.
a. Technical provision of the website
The technical provision of the website requires that we process specific data pertaining to you that is automatically transmitted to us so that your browser can display our website and you can use the website. This information is automatically captured every time our website is accessed and is stored in our server log files. This information relates to the computer system of the calling computer. The following information is captured:
- IP address used
- operating system used
- browser used
- time of access
- the websites that you visit on our site
- the website from where you are coming (if transmitted)
- The amount of data sent each time
In addition, we use cookies so that you can use our website. Cookies are text files that are stored in your Internet browser or stored by your Internet browser on your computer system when you access a website. A cookie contains a characteristic string of characters that allows your browser to be clearly identified when you access our website again. We use these cookies solely to make our website and its technical functions available to you. Some of the functions of our website cannot be offered without the use of cookies. Cookies contain the following information and send this information to us:
- Session ID
We do not use the information pertaining to you that we have gathered using the cookies indicated above to create user profiles or to evaluate your surfing behavior.
We process your personal data in order to make our website technically available on the following legal basis:
- for the performance of a contract or in order to take steps prior to entering into a contract pursuant to Art. 6 paragraph 1 lit. b GDPR if you visit our website in order to obtain information on our products; and
- for the protection of our legitimate interests pursuant to Art. 6 paragraph 1 lit. f GDPR in order to make our website technically available to you. Our legitimate interest is to provide you with an attractive, technically-functional and user-friendly website, as well as to take measures to protect our website from cyber risks and to prevent our website from posing cyber risks to third parties.
b. Statistical analysis of website usage and increased coverage
For the statistical analysis of the usage of our website, we use Piwik and thus cookies that enable us to analyze your surfing behavior. By doing so, we are able to improve the quality of our website and its contents. We learn how our website is used which in turn enables us to consistently optimize our offer.
The information obtained in the course of the statistical analysis of our website is not combined with your other data captured on the website.
We process your personal data for the statistical analysis of the usage of our website on the following legal basis:
- your consent pursuant to Art. 6 paragraph 1 lit. a) GDPR.
Matomo (formerly “Piwik”):
With the aid of the Matomo web analysis software (https://matomo.org/what-is-matomo/), this website collects and stores data, particularly your IP address, with which user profiles are created using pseudonyms. These user profiles are used to analyze user behavior and are evaluated for the improvement and needs-based design of our website. Cookies can be used for this purpose. Pseudonymized user profiles are not combined with the personal data of the pseudonym holder.
We only use Matomo with your consent. Once you have given your consent, you can revoke it by changing the cookie settings.
c. YouTube
We have integrated YouTube videos into our website that are stored on www.youtube.com and can be played directly from our website.
If you access pages with integrated videos, data are sent to the YouTube server only when you play the videos. If you are logged into YouTube at the same time, this information will be allocated to your member account with YouTube. You can prevent this by logging out of your member account before visiting our website.
YouTube is operated by YouTube LLC with headquarters located at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is represented by Google Inc. with headquarters located at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Further information on the handling of user data by YouTube (Google) is available at www.google.de/intl/de/policies/privacy.
d. Share-Buttons
On some of our websites (khs.com; sustainability.khs.com) we use passive share buttons that ensure privacy in order to offer social media functions to our users. The user remains anonymous through this procedure until activation by clicking on the button. The click sends the required data to the respective social media sites and allocates the action (share or like) to the IP address or any user account logged into on the platform.
e. Social Links
Links to services such as Facebook, LinkedIn and YouTube are integrated into our website. After clicking on the link, you will be forwarded to the page of the respective provider, i.e. only then is user information sent to the respective provider. Information on how your data are handled when you use the websites of other providers is provided in the information on data privacy protection of those providers.
2. Active use of the website
In addition to using our website purely for the purpose of obtaining information, you can also actively use our website to order one of our products, register for an event, subscribe to our newsletter or contact us. Besides processing your personal data as explained above when you use our website purely for information purposes, we also process further your personal data which we require to execute your order or to process and answer your inquiry.
a. User inquiries
In order to be able to process and answer the inquiries you send to us via our contact form or to our email address, for example, we process the personal data that you provide to us in this connection. This always includes your name and email address so we can send you an answer and other information that you send us in your communication.
In order to offer you KHS contacts in your region, we use GeoLite2 databases from maxmind.com. With the aid of these databases, the IP address that is identified is used to estimate your location at country level and provide personalized contact information. It is not possible to determine your exact location. The data will not be disclosed to third parties. The information on data privacy protection of maxmind.com is available here: https://www.maxmind.com/en/privacy_policy
We process your personal data to answer user inquiries on the following legal basis:
- to protect our legitimate interests pursuant to Art. 6 paragraph 1 lit. f GDPR; our legitimate interest consists in properly answering customer inquiries.
b. Sending a job application
We process your personal data in conjunction with your application provided you provide us with this information. Your application documents might contain special categories of personal data.
Processing personal data
As a rule, the job applicant data include the following: first name and last name, your academic degree if applicable, date and place of birth, contact information (address, email, phone and/or cell phone number), application documents (letter of motivation, résumé, references and/or certificates), language skills and other abilities. We also process the data that you send us by email when you contact us.
In the application procedure we base our decisions on the personal data you provide in accordance with legal regulations. For example, we use your professional qualification to decide whether we will shortlist you as a candidate or wish to gain an impression of you in an interview to decide whether we will offer you the position that you have applied for.
In this context, we process personal data on the following legal basis:
- data processing for the decision on the establishment of employment, Art. 88 paragraph 1 GDPR in conjunction with Section 26 (1) sentence 1 of the revised German Federal Data Protection Act (BDSG)
Processing of special personal data
Under Art 9 GDPR, special categories of personal data are personal data revealing racial or ethnic origin, political opinions, religious (e.g. details on religious affiliation/denomination) or philosophical beliefs, or trade union membership, and the processing of biometric data for the purpose of uniquely identifying a natural person (e.g. photos), data concerning health (e.g. details on the degree of disability) or data concerning a natural person’s sex life or sexual orientation. We will not intentionally collect any special categories of personal data contained in your résumé. We expressly ask you not to send us information of this kind.
If as part of your application papers you voluntarily send us special categories of personal data defined by Art. 9 paragraph 1 of the GDPR (e.g. your photo or information on your religious affiliation/denomination) contrary to our express request not to do so, we will store this information based on your consent pursuant to Art. 88 paragraph 1 GDPR in conjunction with Section 26 (3) sentence 2 of the revised German Federal Data Protection Act. This also applies if you provide us with further special personal data in the course of the application process. By voluntarily submitting this data, you declare your consent to the storage of this special personal information within the scope of the application process.
We will not generally disregard special personal data in a decision on whether to select a candidate, unless statutory obligations require that we take these special personal data into account. It is possible for instance to give persons with disabilities preferential treatment in compliance with applicable laws for some of the job vacancies advertised. The information in these cases is always voluntary and is done with your express consent when you voluntarily submit this data.
We process your personal data on the following legal basis:
- pursuant to Art. 9 (1) GDPR based on your consent pursuant to Art. 88 (1) GDPR in conjunction with Section 26 (3) sentence 2 of the revised German Federal Data Protection Act.
Use of an externally hosted tool for obtaining and managing consent
We use various tools and technologies on our websites, including cookies, for the operation of which we require your consent.
We use a so-called Consent Manager to obtain and manage your consent. Specifically, we use the product CCM19 - Cookie Consent Manager (Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, https://www.ccm19.de/).
The Consent Manager uses technically necessary cookies to store your consent. The storage period of these cookies can be found in the information in the Consent Manager.
You can give us all consents for the tools and technologies we use in the Consent Manager and revoke them there at any time. The Consent Manager is automatically displayed the first time you visit our website. You can also open it again at any time by clicking here. All necessary details regarding cookies used or tools and technologies requiring consent can be found in the Consent Manager.
The legal basis for the use of the Consent Manager is our legal obligation to be able to prove what type of consent you have given us (Art. 6 para. 1 lit c GDPR). The decision to use an external provider is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in providing a modern, secure and accessible data processing platform.
IV. Links
Some sections of our websites contain links to the websites of third-party providers. These websites are subject to their own privacy policy. We are neither responsible for the operation of these websites nor the way they handle data. If you send information to or through such third-party sites, you should review the privacy statements of those sites before providing any information that may be associated with you.
V. Social Media
1. Contact and query management
We use an external service provider for the generation of contact, query or application forms, namely Perspective Software GmbH, Mailbox 659770, 96035 Bamberg, Germany (hereinafter “Perspective”). For its part, Perspective stores your data on European servers only. However, your data may be accessible to facilities in the United States of America, as Perspective uses subprocessors based in the USA. As the Commission of the European Union has specified that the data protection laws of the United States do not ensure an adequate level of protection for personal data collected from data subjects in the European Union, Perspective provides additional measures and guarantees governing data transfer to the United States pursuant to the requirements of the GDPR to ensure an adequate level of protection. One example of this is the conclusion of standard contractual clauses between Perspective and their subprocessors.
Description and scope of data processing
In the course of the use of contact, query or application forms from Perspective, the following data is transferred to Perspective’s servers:
- Date and time of access
- Websites from which you accessed our Internet site (“Referrers”)
- Context information (e.g. button clicks on the sites, selections made on the sites)
- Content of all completed fields (e.g. contact data, such as your name or address, or other personal data dependent on the question asked in the specific text field)
- Files you have uploaded.
Purpose of the legal grounds for data processing
The purpose of processing this data is to ensure communication with you that has been initiated by you.
Data from contact, query or application forms is therefore initially processed on the basis of your consent. Article 6 (1a) GDPR forms the legal grounds in this instance. Furthermore, if legal relations are initiated by a query form, Article 6 (1b) GDPR constitutes the legal grounds thereof. The legal grounds for processing data in an application form can be given by Article 6 (1f) GDPR and Article 88 GDPR in conjunction with Section 26 FDPA.
Duration of processing
Your personal data is retained for as long as is necessary to meet the purpose for which it is processed or until you withdraw your consent. This principle excludes such data that Perspective must retain on account of legal obligations. These include, for example, storage periods under commercial and fiscal law. These retention periods (currently) last up to ten years.
Rights of data subjects
You have the right at any time to obtain information free of charge on the origin, recipient(s) and purpose of your stored personal data. You also have the right to request the correction, blocking or deletion of data of this kind. You can contact us at the address given in the credits below at any time should you have any questions relating to this or to data privacy in general. You also have the right to lodge a complaint with the responsible supervisory authority on any violation of the GDPR.
You may withdraw your consent to data processing at any time by sending us an informal notification (such as by email). This does not affect the lawfulness of processing based on your consent and carried out up to the date of withdrawal thereof.
Furthermore, in certain circumstances you have the right to request restriction of processing of your personal data. The right to restriction of processing exists in the following instances:
If you contest the correctness of the personal data stored with us, we usually need time to verify this. For the duration of the verification period, you have the right to request restriction of processing of your personal data.
If processing of your personal data has proved or is unlawful, you can request restriction of data processing in place of deletion.
If we no longer need your personal data yet you require it to exercise, defend or establish legal claims, you have the right to request restriction of processing of your personal data in place of deletion.
If you have raised an objection pursuant to Article 21 (1) GDPR, both your and our interests must be taken into consideration. Until it has been determined whose interests are overriding, you have the right to request restriction of processing of your personal data.
If you have restricted processing of your personal data, this data – with the exception of its storage – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest to the European Union or a Member State.
LinkedIn corporate presence
When you visit our corporate LinkedIn account, we are jointly responsible for the processing of your personal data together with LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (https://www.linkedin.com/help/linkedin/solve).
We operate our LinkedIn account to inform and communicate with you as a user and person interested in our products and services or as a potential employee/applicant. According to LinkedIn’s terms of use, to which each user has agreed to during the creation of their LinkedIn profile, we can identify subscribers to our channel and view their profiles and other shared information. For example, your LinkedIn name and profile photo are visible to us (and other LinkedIn users) when you visit our account or comment on contributions we have made. We therefore only collect personal data that has become a visible part of our LinkedIn channel through appropriate action taken by you. We are not interested in collecting and further processing your specific personal data for marketing purposes. Accordingly, at best we only use data to adjust and improve the range of products and services we offer.
LinkedIn uses cookies to store and further process this information, i.e. small text files that are stored on the user’s various end devices. According to LinkedIn, the company uses cookies for authentication, security, preferences, features and services, personalized advertising and analytics and research. You can view further details on the cookies LinkedIn uses here: https://www.linkedin.com/legal/cookie-policy
LinkedIn’s privacy policy contains further information on data processing.
Our LinkedIn account including the processing of personal user data is operated on the basis of Article 6 (1f) GDPR in order to exercise our legitimate interest in the ability to inform and interact with our users and visitors through LinkedIn. In individual cases, further legal grounds for data processing can result from Article 6 (1a, b and c) GDPR.
LinkedIn advertising lead forms
In the course of acquisition of new customers, we use what are known as advertising lead forms on LinkedIn to enable interested parties to make direct voluntary contact with us using a contact form displayed herein. Lead gen or lead generation forms are advertising placements on social networks that enable contact forms to be incorporated into sponsored content. Alternatively, direct contact can also always be made using the contact forms on our website or by email.
We process your personal data to answer your questions and process your queries and concerns. By using these lead gen form services, we offer interested parties a function with which you the user can provide us with your email address or other information.
We use this feature to be able to address interested parties more specifically. This also constitutes a legitimate interest in processing for us according to Article 6 (1f) GDPR.
LinkedIn uses forms to generate leads; these may incorporate LinkedIn functions and content. If you are a member of the LinkedIn platform, LinkedIn can assign the retrieval of the aforementioned content and functions to the respective LinkedIn user profiles.
You can find further information on LinkedIn’s data privacy and lead gen ads here: https://www.linkedin.com/legal/privacy-policy and https://business.linkedin.com/marketing-solutions/native-advertising/lead-gen-ads.
You can prevent this in the future by setting an opt-out cookie: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Your data that we receive when making contact is deleted as soon as it is no longer required to meet the purpose for which it was collected, your query or concern has been fully processed and no further communication with you is necessary or is not desired by you. In the event that we are legally obliged to retain data for a longer period or still require your data to perform or process an existing contractual relationship or for the purpose of verification, we shall delete the respective data on expiry of the statutory retention period or as soon as we no longer require this data to perform or process an existing contractual relationship or for the purpose of verification.
VI. Categories of recipients
Initially, only our employees gain knowledge of your personal data. We additionally share your personal information to the extent permitted or required by law with other recipients who provide services related to our website. In this connection we restrict the disclosure of your personal data to a minimum, particularly in order to process your order. In some cases our service providers receive your personal data as data processing companies who are then strictly bound to our instructions on handling personal data. In other cases the recipients act independently when handling your data we submit to them.
The categories of recipients of your personal data are indicated below:
- IT service providers for the administration and hosting of our website.
VII. Transmission to third countries
Implementation of the Matomo tool involves transmitting your abbreviated IP address to New Zealand.
Otherwise we do not send your personal data to countries outside the EU or the EEA or to international organizations.
VIII. Period of storage
1. Use of the website for information purposes
When our website is used purely for information purposes, we store your personal data on our servers solely for the period in which you visit our website. Your personal data are deleted immediately after you leave our website.
As a rule, any cookies installed by us are also deleted after you leave our website. However, this does not apply to the Piwik cookies, which are stored for a period of up to one year. You can also delete installed cookies yourself at any time.
2. Active use of the website
If you actively use our website, we store your personal data initially for the period required to answer your inquiry or for the period of our business relationship. This also includes the initiation of a contract (legal relationship prior to entering into a contract) and the processing of a contract.
In addition, we store your personal data until any legal claims arising under the relationship with you become time-barred so that we can use such data as evidence. The limitation period is usually between 12 and 36 months but can be to up to 30 years.
We delete your personal data once they have become time-barred, unless we have a legal obligation to retain them, for example under the German Commercial Code (Sections 238, 257 (4) of the German Commercial Code) or under the German Tax Code (Section 147 (3) and (4) of the Tax Code). This required record retention period may be between two and ten years.
IX. Your rights as a data subject
In accordance with legal provisions, you as the data subject have the following rights that you can assert against us:
Right to information: Under Art. 15 GDPR you have the right at any time to demand from us confirmation as to whether or not personal data concerning you are processed, and, where that is the case, under Art. 15 GDPR you also have the right to information on these personal data and other specific information (e.g. purposes of processing, categories of personal data concerned; categories of recipients, planned period for which the personal data will be stored, origin of the data, use of automated decision-making and in case of transfer to third countries, suitable guarantees) and a copy of your data.
Right to correction: Under Art. 16 GDPR you have the right to demand from us the correction of personal data stored on you if these are incorrect or incomplete.
Right to deletion: Under the conditions set out in Art. 17 GDPR you have the right to demand immediate deletion of your personal data. This right to deletion does not apply, among other things, if the processing of the personal data is necessary for (i) exercising the right of freedom of expression and information, (ii) for compliance with a legal obligation to which we are subject (e.g. statutory record retention periods) or (iii) to assert, exercise or defend legal claims.
Right to restriction of processing: Under the conditions set out in Art. 18 GDPR, you have the right to demand that we limit the processing of your personal data.
Right to data portability: Under the conditions set out in Art. 20 GDPR, you have the right to demand that we provide you your personal data that you provided to us in a structured, commonly used and machine-readable format.
Right to revocation: You have the right to revoke your consent to the processing of personal data at any time with effect for the future.
Right to object: Under the conditions set out in Art. 21 GDPR, you have the right to object to the processing of your personal data and we must discontinue processing your personal data. The right to object exists only within the limits defined in Art. 21 GDPR. Moreover, our interests may conflict with the discontinuation of processing and we may be entitled to continue processing your personal data despite your objection.
Right of appeal to a supervisory authority: Under the conditions set out in Art. 77 GDPR, you have the right to appeal to a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you are of the opinion that the processing of personal data relating to you infringes the GDPR. The right to appeal exists without prejudice to any other administrative or judicial remedy.
The supervisory authority responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf
Phone: +49 211/38424-0
Fax: +49 211/38424-10
Email: poststelle[at]ldi.nrw.de
However, we recommend that you always file a complaint with our Data Protection Officer first.
Your requests concerning the exercise of your rights should be sent, if possible in writing, to the address stated above or to our data protection officer directly.
X. Scope of your obligations to provide data
You are generally not obliged to provide your personal data to us. However, if you do not do so, we will not be able to make our website available to you, will not be able to answer any inquiries you send us or enter into any contract with you. Personal data that we do not necessarily need for the processing purposes named above are marked by “if applicable” or another sign as voluntary information.
XI. Automated decision-making/profiling
We do not use any automated decision-making or profiling (automated analysis of your personal circumstances).
Information on your right to object pursuant to Art. 21 GDPR
You have the right to object at any time to the processing of your personal data which is based on Art. 6 paragraph 1 f GDPR (data processing based on the weighing of interests) or Art. 6 paragraph 1 e GDPR (data processing in the public interest) if there are grounds for this relating to your particular situation. This also applies to any profiling based on this provision within the meaning of Art. 4 No. 4 GDPR.
If you object, we will no longer process your personal data, unless we can furnish proof of compelling reasons worthy of protection for processing which override your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.
The objection is not subject to any condition as to form and should be addressed to
KHS GmbH
Juchostraße 20
44143 Dortmund/Germany
E-Mail: webmaster[at]khs.com
Phone: + 49 231 569 - 0
Fax: + 49 231 569 - 1541
XII. Amendments
We reserve the right to amend this privacy statement at any time. Any amendments will be announced on our website by publishing the amended privacy statement. Unless otherwise stated, such amendments become effective immediately. Therefore, please check this privacy statement at regular intervals in order to view the latest version.
Last revised in April 2019.