Privacy Policy and Information on the Processing of Personal Data in Accordance with the GDPR

1. General information
Below, we provide information about how we may process and store your personal data. You can generally visit our website without providing any personal data. However, if you use specific services (e.g., contact form, service form), personal data may be collected. In doing so, we comply with the applicable European data protection regulations.

2. Contact Details of the Controller and the Data Protection Officer Controller

The party responsible for the processing of personal data:

KMA Umwelttechnik GmbH
Eduard-Rhein-Straße 2
53639 Königswinter / Germany

Phone: +49 (0)2244 9248-0
E-Mail: [email protected]

Data Protection Officer:

HSDK GmbH
Dirk Schell
Eschersheimer Landstraße 42
60322 Frankfurt am Main / Germany
Phone.: 069 870092860
Email: [email protected]

3. Data Processing on Our Facebook Page

We use the platform and services provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter “Meta”) to publish content. If you choose to use our Facebook pages, you do so at your own responsibility. This applies in particular to the use of interactive features (e.g., commenting or rating). We have no control over the type and extent of data collected and processed by Meta.

In general, your device’s assigned IP address is transmitted to Meta when using our Facebook page. According to Meta, IP addresses from Germany are anonymized and deleted after 90 days.
Meta also stores information about your device, which is used to provide page Administrators with statistical data. These aggregated statistics help us understand how users interact with our page, enabling us to improve how we present our content and communicate effectively with users. The legal basis for this data processing is Art. 6(1)(f) GDPR, where our legitimate interest arises from the aforementioned purposes.

The data collected in this context may be processed by Meta and transferred to countries outside the European Union. Information on how Meta transfers European data to third countries can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum

Further information on data protection at Meta, including how you can object to processing or manage/delete your data, can be found in Meta’s privacy policy: https://privacycenter.instagram.com/policy/

If you are logged into Meta services, a cookie containing your user ID is stored on your device. This allows Meta to track your visits to our page and how you use it. The same applies to other Meta pages. Meta can also link your visits to your Meta profile and use that data to serve you targeted content or advertising. If you want to avoid this, you can log out of Meta, deactivate the “stay logged in” function, and delete cookies from your device. This removes Meta identifiers, allowing you to use our page without revealing your profile. However, if you want to use interactive features (e.g., Like, Comment, Message), a Meta login screen will appear. Once logged in, Meta can again associateyour activity with your profile. If we process personal data ourselves on our Meta pages (e.g., in the case of direct inquiries regarding our products or where consent is provided), this is done to respond to your requests or provide the requested service. The legal bases for such processing are Art. 6(1)(a), Art. 6(1)(b), and Art. 6(1)(f) GDPR. Beyond that, we as the provider of the Facebook page do not collect or process any other personal data resulting from your use of the service.

4. Data Usage on Our LinkedIn Page
We use the platform and services of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter “LinkedIn”) to publish content. If you choose to use our LinkedIn page, you do so at your own responsibility. This particularly applies to interactive features (e.g., liking posts or commenting). We have no control over the type and extent of data collected and processed by LinkedIn.
You may also contact us via direct message on LinkedIn. In this case, your personal data will be processed based on our legitimate interest in responding to your inquiry, communicating with
you, and promoting our services (legal basis: Art. 6(1)(f) GDPR). When you visit our LinkedIn page, LinkedIn collects various personal data, including your IP address and other information stored in cookies on your device. LinkedIn uses this information to generate statistics regarding the use of our LinkedIn page. Data collected in this context may be processed by LinkedIn and transferred to countries outside the European Union.

Further information about data processing by LinkedIn can be found in their privacy policy:
https://www.linkedin.com/legal/privacy-policy

5. Data Usage on Our Xing Page
We use the platform and services of New Work SE, Am Strandkai 1, 20457 Hamburg, Germany (hereinafter “Xing”) to publish content. If you choose to interact with our Xing page, you do so at your own responsibility. This applies especially to the use of interactive features (e.g., liking, commenting, or sharing posts). We have no influence on the type and extent of data that Xing collects and processes in this context.

You also have the option to contact us via direct message on Xing. The personal data you provide in this context will be processed based on our legitimate interest in responding to your inquiry, communicating with you, and promoting our services (legal basis: Art. 6(1)(f) GDPR). While visiting our Xing page, Xing collects and stores personal data, including your IP address and other information obtained through cookies stored on your device. Xing uses this information to generate statistical evaluations regarding the usage of the platform and our Xing page. Xing may also transfer the collected data to countries outside the European Union.
Further information on Xing’s data protection practices can be found in their privacy policy: https://privacy.xing.com/en/privacy-policy

6. Data Processing When Visiting Our Website

6.1 Website Delivery and Contact Form
When you access our website, your internet browser automatically transmits the following data to our web server for technical reasons:

  • IP address
  • Date and time of the server request
  • URL of the requested file
  • Amount of data transmitted
  • Operating system
  • Information about the browser type and version used
  • Name of the internet service provider
  • Website from which our site was accessed
  • Pages visited on our website

The collection, processing, and use of the above data are carried out for the purpose of enabling the use and delivery of our website. Additional purposes include IT system security and technical administration. The legal basis for this processing is Art. 6(1)(f) GDPR, with our legitimate interest arising from the aforementioned purposes. If you choose to use our contact or service forms, the information you provide will be used solely to process your request and to perform any services you may have requested. We only collect and process additional personal data when necessary to provide specific services or if you have given us your express consent — for example, by filling out a form, sending us an email, commissioning services, or submitting inquiries. The legal bases for this processing are Art. 6(1)(b) and Art. 6(1)(f) GDPR.

6.2 Cookies and Services
6.2.1 Technically Necessary (Essential) Cookies and Services
These cookies and services are essential to ensure the basic functionality and operation of our website. Processing is based on our legitimate interest in the basic provision of our website (legal basis: Art. 6(1)(f) GDPR). Without these cookies, the functionality of our website cannot be guaranteed. These cookies can only be disabled via your browser settings.

6.2.1.1 Use of Borlabs Cookie Consent
This website uses Borlabs, a cookie consent technology provided by Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (“Borlabs”), to obtain legally required consents for the use of cookies. When you visit our website, a Borlabs cookie is stored in your browser, saving the consents you provided or the withdrawal of such consents. This data is not transmitted to Borlabs. Storage and processing are based on our legitimate interest in complying with legal requirements. Legal bases are Art. 6(1)(f) GDPR and Art. 6(1)(c) GDPR.
More information: https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/

6.2.1.2 Use of Super Forms
We use the form plugin Super Forms on our website, provided by WebRehab (CoC: 52338193). This tool is used to create and manage input forms that facilitate communication with our websitevisitors. This includes handling contact inquiries, support requests, feedback, and other information submitted via our forms. Depending on the form type, personal data such as name, email address, phone number, message content, IP address, and timestamp may be processed. Processing is based on Art. 6(1)(f) GDPR, with our legitimate interest being user-friendly and functional website communication. If the forms are used to initiate or execute a contract, Art. 6(1)(b) GDPR also applies. Cookies set by Super Forms are necessary for the technical Operation of the forms and are thus considered essential under § 25(2) No. 2 TTDSG.

More information: https://super-forms.com/tos/

6.2.1.3 Use of NitroPack
We use NitroPack, a service provided by NitroPack Ltd., Aleksandar Malinov Boulevard №33, 1729 g.k. Mladost 1A, Sofia, Bulgaria. It is used to optimize website performance (caching, code minification, image compression, CDN use). These optimizations improve load time and user experience.
Technically necessary data, especially the IP address, may be processed to ensure stability, error analysis, and protection against misuse. Legal basis: Art. 6(1)(f) GDPR. More information: https://nitropack.io/page/privacy

6.2.2 Non-Essential Cookies and Services
6.2.2.1 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies,” which are text files placed on your computer to help analyze your use of the website. The information generated by the cookie about your use of this website is generally transmitted to and stored on a Google server in the USA. We have enabled IP anonymization. Within EU and EEA member states, your IP address is truncated before being transmitted. Only in exceptional cases is the full IP address sent to Google in the USA and truncated there. On behalf of the operator of this website, Google uses this information to evaluate your use of the site, compile reports on website activity, and provide other services relating to website and internet usage.

The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data. You can prevent the storage of cookies by configuring your browser settings; however, please note that doing so may limit the full functionality of this website. Processing is based on our legitimate interest in optimizing our website and services (Art. 6(1)(f) GDPR), or your consent given through the cookie banner (Art. 6(1)(a) GDPR).

6.2.2.2 Social Media Links
This website includes hyperlinks to social networks (e.g., Facebook, LinkedIn, Xing), presented as logos stored on our own servers. No data is transferred to these providers when the page is loaded. You will only be redirected to the respective websites when you click on these logos, and only then may personal data be processed by those services.

After redirection, we have no influence on what data is collected and how it is processed. For more details, please refer to the privacy policies of each provider:
Facebook: https://www.facebook.com/privacy/policy
LinkedIn: https://www.linkedin.com/legal/privacy-policy
Xing: https://privacy.xing.com/de/datenschutzerklaerung

6.2.2.3 Use of Google Maps
We use the “Google Maps” feature on our website, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google Maps”), to display interactive maps and provide directions. Google Maps is only activated after you have explicitly given your consent (Art. 6(1)(a) GDPR). This consent may be given through our cookie banner (e.g., by agreeing to all cookies) or by actively clicking the map area (2-click solution). Without your consent, no data is transmitted to Google.

Once Google Maps is activated, certain data (e.g., your IP address, potentially your location data, and usage data) will be transferred to Google’s servers and processed there. This may involve transferring data to servers in the USA. Google is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of protection in accordance with Art. 45 GDPR. After activation, a connection is established to Google’s servers, which also records which of our pages you have visited. If you are logged in to your Google account at the time, your usage behavior may be linked to your personal profile. You can prevent this by logging out before using the map.

More information about Google’s data processing can be found at:
https://policies.google.com/privacy?hl=en

6.2.2.4 Use of Youtube
Our website incorporates videos hosted on the YouTube platform. The service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“YouTube”), a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. YouTube videos are only loaded after you have expressly provided your consent pursuant to Article 6(1)(a) of the General Data Protection Regulation (GDPR). Consent is obtained either through our cookie banner (e.g., by accepting all cookies) or by actively clicking on the respective video window (“two-click solution”). Without such consent, no data will be transmitted to YouTube.

Once activated, a connection is established with YouTube’s servers, during which Information regarding the specific pages of our website that you have visited is transmitted. If you are logged into your YouTube or Google account at the time of activation, Google may associate your browsing activity with your personal profile. You can prevent such association by logging out of your account prior to activating the video content.

Please note that enabling the video may also result in the transfer of personal data to Servers located in the United States. Google LLC is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection in accordance with Article 45 of the GDPR.

For more information on how YouTube handles user data, please refer to:
https://www.google.de/intl/de/policies/privacy

6.2.3 Other Cookies and Services
For further information regarding cookie providers and, in particular, the duration of their
storage, please refer to the cookie settings under the respective cookie categories.

Cookie settings

7. Disclosure of Data to Third Parties and Other Recipients
In certain circumstances, we are legally obligated to disclose data to a requesting Government authority — for example, in accordance with national legal provisions or when such disclosure is necessary for legal or criminal prosecution in the event of attacks on network infrastructure. The legal basis for such processing is Article 6(1)(c) of the GDPR. When engaging service providers for data processing on our behalf, we comply with the applicable data protection provisions set forth in Article 28 and Articles 44 et seq. of the GDPR. This applies in particular to service providers in the areas of IT services, hosting or cloud providers, shipping and logistics companies, banks and payment service providers, auditors, and consulting firms.

Beyond these instances, we only disclose data to third parties if you have expressly consented to such disclosure, if the transmission is clearly necessary to perform a service you have requested, or if such transmission is legally required. Please note that we may transfer your personal data to countries outside the EU or the European Economic Area (EEA). In such cases, we take all necessary steps to ensure that appropriate safeguards are in place to protect your personal data in accordance with data protection
regulations—for example, by implementing the Standard Contractual Clauses approved by the European Commission.

8. Surveys, Newsletters, and Advertising for Similar Services
To ensure our services align with your needs, we may use the email address you provided during registration, inquiry, or purchase to conduct customer satisfaction surveys. As an existing customer, we may also send you marketing emails for products similar to those you have previously purchased from us—even without your prior consent. The legal basis for such processing is our legitimate interest in improving our services, pursuant to Article 6(1)(f) of the GDPR. You may object to the future use of your data at any time by contacting us using the contact details provided above, or, in the case of a newsletter, by clicking the unsubscribe link contained therein.

9. Data Protection in the Application Process
If you apply for a position with us, we will process your personal data for the purpose of conducting the application process. This applies to applications submitted via email as well as those sent by postal mail. Processing is carried out for the purpose of initiating an employment relationship pursuant to Article 6(1)(b) of the GDPR in conjunction with Section 26(1) of the German Federal Data Protection Act (BDSG). If special categories of personal data as defined in Article 9(1) GDPR (e.g., health data, religious affiliation, or disability status) are processed, such processing is carried out on the basis of Article 9(2)(b) GDPR in conjunction with Section 26(3) BDSG, where necessary for the exercise of rights or fulfillment of legal obligations in connection with the employment relationship.

As part of the application process, we may process the following categories of personal data in particular:

  • Basic information (e.g., name, address, contact details),
  • Application documents (e.g., cover letter, résumé/CV, references, qualifications),
  • Voluntary information where applicable (e.g., photograph, disability status, hobbies),
  • Correspondence and communication data where applicable,
  • Other information provided by you.

Your data will be used exclusively for the purposes of applicant selection and management. It will not be disclosed to third parties unless you have expressly consented to such disclosure or we are legally required to do so. If an employment relationship does not result from the application, your application documents will generally be deleted or destroyed no later than six months after the conclusion of the application process, unless you have given us consent to retain your information for a longer period (e.g., for inclusion in an applicant pool). In such cases, processing is based on your consent pursuant to Article 6(1)(a) GDPR. You may revoke this consent at any time with future effect.

Please note that unless you take specific steps to encrypt your email, applications submitted via email will be transmitted without encryption. If you prefer a secure method of transmission, please contact us.

10. Data Retention Period
We retain personal data only for as long as necessary to fulfill the specific purposes for which it was collected. The duration of storage is determined based on the following criteria:

  • Withdrawal of Consent: Where processing is based on your consent pursuant to Article 6(1)(a) GDPR, data will be retained until you withdraw your consent.
  • Necessity for Contractual or Business Purposes: Personal data is retained as long as it is necessary to fulfill a contractual relationship or to carry out pre-contractual measures (Article 6(1)(b) GDPR), or as long as we have a legitimate interest in its retention (Article 6(1)(f) GDPR).
  • Legal Retention Obligations: Data may be retained beyond this period if required by legal obligations, particularly under tax or commercial law retention requirements (Article 6(1)(c) GDPR).

Once the purpose of storage no longer applies and any applicable statutory retention periods have expired, the personal data will be deleted without undue delay, unless further retention in a restricted (archived) form is required by law or necessary for the establishment, exercise, or defense of legal claims. Pursuant to Article 21(1) GDPR, you have the right to object at any time to the processing of your personal data where such processing is based on our legitimate interests under Article 6(1)(f) GDPR. In such a case, we will cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or where the processing is necessary for the establishment, exercise, or defense of legal claims.

11. Data Security
We place great importance on the protection of your personal data and have implemented technical and organizational measures (TOMs) to ensure an appropriate level of security in accordance with legal requirements, particularly the General Data Protection Regulation (GDPR). These measures are designed to safeguard the confidentiality, integrity, and availability of the data we process and to protect it against unauthorized access, loss, destruction, or manipulation.

Our technical and organizational measures are updated as necessary to reflect the current state of the art, in order to continue ensuring the protection of your data.

12. Your Rights as a Data Subject
You have the right, at any time and free of charge, to request information regarding the purpose, scope, origin, and recipients of your stored personal data pursuant to Article 15 of the General Data Protection Regulation (GDPR). In addition, you have the right to request the correction of inaccurate or incomplete personal data in accordance with Article 16 GDPR. Under applicable data protection laws, you also have the right to request the deletion of your personal data where the conditions of Article 17 GDPR (“right to be forgotten”) are met, as well as the right to request the restriction of the processing of your personal data pursuant to Article
18 GDPR.

Furthermore, you have the right to object at any time to the processing of your personal data under Article 21 GDPR, provided that such processing is based on Article 6(1)(e) or (f) GDPR. This applies in particular to the processing of your data for direct marketing purposes. You also have the right to data portability under Article 20 GDPR, which means that you may receive the personal data you have provided to us in a structured, commonly used, and machinereadable format, or request that such data be transmitted to another controller, provided the legal conditions for this right are met.

If you believe that the processing of your personal data violates data protection laws or that your rights under such laws have otherwise been infringed, you have the right to lodge a complaint with the competent supervisory authority in accordance with Article 77 GDPR. Moreover, you have the right to withdraw your consent to the processing of your personal data at any time with future effect. Such withdrawal can be made, for example, by sending an informal notice via email or in writing to the contact details provided above (Article 7(3) GDPR). The withdrawal of consent does not affect the lawfulness of any processing carried out prior to the withdrawal based on your consent.

Created by:
© HSDK GmbH – www.hsdk-privacy.com