Privacy Policy
We appreciate your interest in our website. The protection of your personal data is important to us. We comply with the legal regulations regarding data protection and data security.
We are subject in particular to the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) in its version effective May 25, 2018, the Digital Services Act (DDG), and the Telecommunications Digital Services Data Protection Act (TDDDG). These provisions specifically authorize us to collect and use personal data to the extent necessary to enable you to use our website at www.klostermann-group.com, including all services and functions contained therein.
Below you will find information about which personal data we collect when you use our website and the services and functions it contains, and how we use this data and for what purposes.
1. Name and address of the responsible entity
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection provisions is:
Klostermann GmbH
Daimlerstraße 9
45891 Gelsenkirchen
Tel.: +49-209-970950
Website: www.klostermann-group.com
2. Name and address of the data protection officer
The data protection officer of the responsible entity is:
Johannes Schwiegk
Datenzeit GmbH
Friedrich-Engels-Allee 200
D-42285 Wuppertal
Tel.: +49-202-94794940
E-Mail: datenschutz@datenzeit.de
Website: https://www.datenzeit.de/
3. General information on data processing
Scope of processing of personal data
We generally only process our users' personal data to the extent necessary to provide a functional website and our content and services. The processing of our users' personal data generally only occurs with the user's consent. An exception applies in cases where prior consent cannot be obtained for practical reasons and the processing of the data is permitted by law.
4.Legal basis for the processing of personal data
To the extent that we obtain the consent of the data subject for processing personal data, Art. 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
For the processing of personal data necessary to fulfill a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations necessary to implement pre-contractual measures.
To the extent that the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) (d) GDPR serves as the legal basis.
If processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 (1) (f) GDPR serves as the legal basis for processing.
5.Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose for which they were stored no longer applies. Storage may also occur if this has been provided for by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract.
6. Provision of the website and creation of log files
Description and scope of data processing
Each time our website is accessed, our system automatically records data and information from the computer system of the accessing computer.
The following data is collected:
• IP address
• Date and time of the request
• Time zone difference from Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Amount of data transferred in each case
• Website from which the request originated
• Browser
• Operating system and its interface
• Language and version of the browser software
We cannot assign this data to specific individuals. We do not combine this data with other data sources.
The legal basis for the temporary storage of the data is Art. 6 (1) (f) GDPR.
7. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must be stored for the duration of the session. This storage also occurs to ensure the functionality of the website. Furthermore, the data helps us optimize the website and ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.
Our legitimate interest in data processing pursuant to Art. 6 (1) (f) GDPR also lies in these purposes.
8. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. If the data is collected to provide the website, this is the case when the respective session ends. Furthermore, the data is deleted after seven days at the latest. Longer storage is possible. In this case, the users' IP addresses are deleted or distorted so that the accessing client can no longer be identified.
9. Possibility of objection and removal
The collection of data to provide the website and the storage of data in log files are essential for the operation of the website. Therefore, the user has no right to object.
10. Use of cookies
1. Description and scope of data processing
In addition to the aforementioned data, cookies are stored on your computer when you use this website. Cookies are small text files that are stored on your hard drive and associated with the browser you use. They allow us to receive certain information. Cookies cannot run programs or transmit viruses to your computer. They serve to make the internet more user-friendly and effective. This website currently uses only technically necessary cookies, which is why we do not use a consent management tool or cookie banner.
2. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 (1) (a), (c) and (f) GDPR.
3. Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. In addition, we must use cookies in order to fulfill our legal obligations and accountability requirements under the GDPR. For this, it is necessary that the browser is recognized even after a page change. The user data collected by technically necessary cookies is not used to create user profiles. The use of analysis cookies is for the purpose of improving the quality of our website and its content. They are only set with the user's consent (Art. 6 (1) (a) GDPR). The analysis cookies tell us how the website is used and can therefore continually optimize our offering. Our legitimate interest in processing personal data pursuant to Art. 6 (1) (f) GDPR also lies in these purposes.
4. Duration of storage, possibility of objection and removal
Cookies are stored on the user's computer and transmitted from there to our site. Therefore, you as the user have full control over the use of cookies. In addition, you have the configuration options mentioned above via the cookie banner displayed when you visit our website and via the button in this privacy policy, which you as the user can use to deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically.
4. Recording of data on this website
Cookies
In some instances, our website and its pages use so-called cookies. Cookies do not cause any damage to your computer and do not contain viruses. The purpose of cookies is to make our website more user friendly, effective and more secure. Cookies are small text files that are placed on your computer and stored by your browser.
Most of the cookies we use are so-called „session cookies.“ They are automatically deleted after your leave our site. Other cookies will remain archived on your device until you delete them. These cookies enable us to recognise your browser the next time you visit our website.
You can adjust the settings of your browser to make sure that you are notified every time cookies are placed and to enable you to accept cookies only in specific cases or to exclude the acceptance of cookies for specific situations or in general and to activate the automatic deletion of cookies when you close your browser. If you deactivate cookies, the functions of this website may be limited.
Cookies that are required for the performance of the electronic communications transaction or to provide certain functions you want to use (e.g. the shopping cart function), are stored on the basis of Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in storing cookies to ensure the technically error free and optimised provision of the operator’s services. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.
If other cookies (e.g. cookies for the analysis of your browsing patterns) should be stored, they are addressed separately in this Data Protection Declaration.
Server log files
The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser communicates to us automatically. The information comprises:
The type and version of browser used
The used operating system
Referrer URL
The hostname of the accessing computer
The time of the server inquiry
The IP address
This data is not merged with other data sources.
This data is recorded on the basis of Art. 6 Sect. 1 lit. f GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.
Contact form
If you submit inquiries to us via our contact form, the information provided in the contact form as well as any contact information provided therein will be stored by us in order to handle your inquiry and in the event that we have further questions. We will not share this information without your consent.
The processing of these data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 Para. 1 lit. f DSGVO) or on your agreement (Art. 6 Para. 1 lit. a DSGVO) if this has been requested.
The information you have entered into the contact form shall remain with us until you ask us to eradicate the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists (e.g. after we have concluded our response to your inquiry). This shall be without prejudice to any mandatory legal provisions – in particular retention periods.
Request by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.
The processing of these data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases, the processing is based on your consent (Article 6 (1) a GDPR) and/or on our legitimate interests (Article 6 (1) (f) GDPR), since we have a legitimate interest in the effective processing of requests addressed to us.
The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.
11. Customer login
1. Description and scope of data processing
On our website, we offer users the opportunity to register by providing personal information (username and password). The data is entered into an input mask and transmitted to us and stored. The data will not be shared with third parties.
Use of the access is solely the responsibility of customers with whom we maintain an ongoing business relationship, and the creation and activation of access is handled exclusively by us. As part of this process, we obtain the appropriate consent from users to process their data.
Legal basis for data processing
The legal basis for the processing of the data is your consent in accordance with Art. 6 (1) (a) GDPR.
If the access serves to fulfill a contract to which the user is a party or to carry out pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) (b) GDPR.
12.Purpose of data processing
Access is required to provide certain content and services (including contract/order management and document retrieval) on our website.
13.Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
This applies during the business relationship for the fulfillment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the execution of the contract. Even after the contract has ended, it may be necessary to store the contractual partner's personal data in order to comply with contractual or legal obligations.
14.Possibility of objection and removal
As a user, you have the option to cancel your registration at any time. You can have the data stored about you modified at any time.
If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible if contractual or legal obligations do not prevent deletion.
15. Contact form and email contact
Description and scope of data processing
Our website contains a contact form that can be used to contact us electronically. If a user chooses this option, the data entered in the input mask will be transmitted to us and stored.
Your consent to the processing of your data, with reference to this privacy policy, will be documented during the sending process.
Alternatively, you can contact us via the email addresses provided. In this case, the user's personal data transmitted with the email will be stored.
The data will not be passed on to third parties in this context. The data will be used exclusively for processing the conversation.
16. Legal basis for data processing
The legal basis for processing your data is your consent in accordance with Art. 6 (1) (a) GDPR.
If the email contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 (1) (b) GDPR.
17. Purpose of data processing
The processing of personal data from the input form serves solely to process the contact. In the case of contact via email, this also constitutes the necessary legitimate interest in processing the data.
The other personal data processed during the submission process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.
18.Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data from the contact form input mask and data sent via email, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the matter in question has been conclusively resolved.
19.Possibility of objection and removal
The user has the right to revoke their consent to the processing of personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.
All personal data stored during the contact process will be deleted in this case.
20. Applications
Description and scope of data processing
Upon receipt of your application, your application data will be reviewed by the Human Resources department. Suitable applications will then be forwarded internally to the department heads responsible for the respective open position. The next steps will then be coordinated. Within the company, only those people who need it for the proper execution of our application process have access to your data. The data will be processed exclusively in data centers located in the Federal Republic of Germany or the European Union.
Legal basis for data processing
The legal basis for the processing of your personal data in the application process is primarily Section 26 of the German Federal Data Protection Act (BDSG) in the version valid since May 25, 2018, and Article 6 (1) (b) of the GDPR. This allows the processing of data necessary in connection with the decision to establish an employment relationship.
If the data is required for legal proceedings after the application process has been completed, data processing may be carried out on the basis of the requirements of Article 6 of the GDPR, in particular to protect legitimate interests pursuant to Article 6 (1) (f) of the GDPR. Our interest then lies in asserting or defending claims.
21. Purpose of data processing
We process the data you have sent us in connection with your application in order to assess your suitability for the position (or other open positions in our company) and to carry out the evaluation process.
22. Duration of storage
Applicants' data will be deleted after six months in the event of a rejection.
If you have consented to the continued storage of your personal data, we will add your data to our applicant pool. The data is generally deleted after two years.
If you are successful in the application process, the data will be transferred from the applicant data system to our HR information system.
23. Use of LinkedIn
1. Scope of processing of personal data
We maintain an online presence within the social network LinkedIn, which is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Within this framework and for contemporary marketing purposes, we process user data in order to communicate with users active there or to offer information about us.
The data categories processed include contact data (e.g., email, telephone numbers); content data (e.g., entries in online forms); usage data (e.g., websites visited, interest in content, access times); and meta, communication, and process data (e.g., IP addresses, time stamps, identification numbers, consent status).
In addition to our use of data, user data is generally processed by the operator of the social network for market research and advertising purposes. For example, profiles can be created based on user behavior and the resulting interests of users. These user profiles can, in turn, be used, for example, to place advertisements within and outside the networks that presumably correspond to the interests of the users. For these purposes, cookies (see above for information on cookies) are usually stored on the users' computers, in which the user's usage behavior and interests are stored. Furthermore, data can also be stored in the user profiles regardless of the devices used by the users (especially if the users are members of the social network and are logged in with their user account).
User data may also be processed outside the European Union, which could pose risks for users, for example, because it may make it more difficult to enforce the so-called data subject rights (see below for the rights of the data subject).
For a detailed description of the respective processing methods, please refer to LinkedIn's privacy policy athttps://de.linkedin.com/legal/privacy-policy?
In cases where personal data is transferred to the USA, LinkedIn has submitted to the EU-US Data Privacy Framework.
2. Legal basis for the processing of personal data
The legal basis for the use of LinkedIn is Art. 6 (1) (f) GDPR.
If LinkedIn asks you for consent to the data processing described, the legal basis for the processing is Art. 6 (1) (a) GDPR.
Additionally, on the basis of an agreement on joint processing of personal data pursuant to Art. 26 GDPR in conjunction with the declaration provided under this link: https://legal.linkedin.com/pages-joint-controller-addendum.
3. Purpose of data processing
Using LinkedIn makes sharing content easier.
When users post content on LinkedIn, we reach more potential customers. Furthermore, using LinkedIn helps us further publicize and promote our company and the services we offer.
4. Duration of storage
We would like to point out that, as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn. Therefore, we cannot determine the extent, location, and duration of the data storage, the extent to which LinkedIn complies with existing deletion obligations, the evaluations and links made to the data, and to whom the data is shared. However, each user of the social network must carefully review which personal data they share with and via LinkedIn.
5. Possibility of objection and removal
Options for restricting the processing of your data and managing your account and privacy settings are described at www.linkedin.com/help/linkedin/answer/a1337839/verwalten-ihrer-konto-und-datenschutzeinstellungen-ubersicht.
Furthermore, for mobile devices (smartphones, tablet computers), you can restrict LinkedIn's access to contact and calendar data, photos, location data, etc. using the settings available there, although this depends on the operating system used.
An opt-out option is available at www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
24. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:
Right to information
You can request confirmation from the controller as to whether personal data concerning you is being processed by us.
If such processing occurs, you can request information from the controller about the following:
(1) the purposes for which the personal data are being processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
(4) the planned duration of storage of the personal data concerning you or, if specific information is not available, the criteria for determining the storage period;
(5) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) all available information on the origin of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved, as well as the significance and intended consequences of such processing for the data subject.
You have the right to request information about whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you can request to be informed of the appropriate safeguards in accordance with Art. 46 GDPR in connection with the transfer.
25. Right to rectification
You have the right to request that the controller rectify and/or complete your personal data if it is incorrect or incomplete. The controller must rectify the data immediately.
26 .Right to restriction of processing
You may request the restriction of the processing of your personal data under the following conditions:
(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
(2) if the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of their use;
(3) if the controller no longer needs the personal data for the purposes of the processing, but you require them to assert, exercise, or defend legal claims, or
(4) if you have objected to the processing pursuant to Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your reasons.
If the processing of personal data concerning you has been restricted, this data – with the exception of its storage – may only be processed with your consent or for the establishment, exercise, or defense of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.
If the processing has been restricted in accordance with the above-mentioned conditions, you will be informed by the controller before the restriction is lifted.
27. Right to erasure
Obligation to delete data
You may request the controller to delete the personal data concerning you immediately, and the controller is obliged to delete this data immediately if one of the following reasons applies:
(1) The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing was based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, and there is no other legal basis for the processing.
(3) You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
(4) The personal data concerning you were processed unlawfully.
(5) The deletion of the personal data concerning you is necessary to fulfill a legal obligation under Union or Member State law to which the controller is subject.
(6) The personal data concerning you were collected in relation to information society services offered in accordance with Article 8 (1) GDPR.
28.Information to third parties
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 (1) GDPR, the controller shall take appropriate measures, including technical ones, taking into account the available technology and the implementation costs, to inform data controllers which process the personal data that you, as the data subject, have requested the erasure by such controllers of all links to these personal data or of copies or replications of these personal data.
29. Exceptions
The right to erasure shall not apply if processing is necessary:
(1) to exercise the right to freedom of expression and information;
(2) to comply with a legal obligation required by Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Article 89(1) GDPR, insofar as the right referred to in section a) is likely to make the achievement of the objectives of that processing impossible or seriously compromises it; or
(5) to assert, exercise, or defend legal claims.
30. Right to information
If you have asserted your right to rectification, erasure, or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you was disclosed of this rectification, erasure, or restriction of processing, unless doing so proves impossible or involves disproportionate effort.
You have the right to be informed by the controller of these recipients.
31. Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, common, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that
(1) the processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and
(2) the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This shall not adversely affect the freedoms and rights of others.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
32. Right of objection
You have the right to object at any time to the processing of personal data concerning you based on Article 6 (1) (e) or (f) GDPR, for reasons related to your particular situation; this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
If the personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purposes of such advertising; this also applies to profiling insofar as it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.
In connection with the use of information society services, you have the option of exercising your right of objection by means of automated procedures that use technical specifications, notwithstanding Directive 2002/58/EC.
33. Right to revoke the data protection consent declaration
You have the right to revoke your consent to data protection at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent up to the time of revocation.
34. Automated decision-making in individual cases, including profiling
You have the right not to be subjected to a decision based solely on automated processing – including profiling – that produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
(1) is necessary for entering into or fulfilling a contract between you and the controller,
(2) is permitted by Union or Member State law to which the controller is subject, and this law contains appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, or
(3) is made with your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and appropriate measures to protect your rights and freedoms as well as your legitimate interests have been taken.
In the cases referred to in (1) and (3), the controller shall implement appropriate measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.
35. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or place of the alleged infringement, if you believe that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint was submitted shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 GDPR.
36. Changes to this Privacy Policy
The continued development of the internet and our online offerings may also affect how we handle personal data. We therefore reserve the right to amend this privacy policy in the future in accordance with applicable data protection laws and, if necessary, to adapt it to changes in data processing practices. The current version of the privacy policy can always be found under the "Data Protection" or "Privacy Policy" section.