Data protection Kraftanlagen Heidelberg

Part I: When do we collect your personal data? What sort of personal data?

Kraftanlagen Heidelberg GmbH (subsequently referred to as “KA”) believes in fair and transparent processing of personal data. We deem it important that our visitors and customers understand when and what sort of personal data we collect. Personal data is any information relating to an identified or identifiable person, as defined by the General Data Protection Regulation (GDPR) in Article 4. We collect personal data of people visiting our website, using our web-shop, creating an account, subscribing to our newsletter, submitting a contact request, submitting a media enquiry or applying for a job.
When you visit our website:
See our Cookie Notice.
When you submit a contact request:
We collect your contact details and information on your contact request.
When you submit a media enquiry:
We collect your contact details and information on your media enquiry.
When you apply for a job:
We collect your contact details, your written application, CV and certificates/ diplomas.

Part II. Who controls your personal data, for which purpose and on which legal basis?

You have the right to know who is in control of your data and to whom you can address requests in your country; you have the right to know the purpose of collecting and processing your personal data and on which legal basis we rely.
Finally, KA may collaborate with other companies to provide you with an outstanding customer experience. For this reason, we may share your data with third parties. You have the right to know the identity of those third parties and how we safeguard your data privacy rights when transferring your personal data.
The responsible controller of your data is:
Kraftanlagen Heidelberg GmbH
Im Breitspiel 7
69126 Heidelberg
Germany
Email: heidelberg@kraftanlagen.com
As the controller KA determines the purpose and means of the processing of your personal data. Requests concerning your data can be placed to the responsible data controller.

What is the purpose and legal basis for processing your personal data?

When you visit our website:
See our Cookie Notice

When you submit a contact request:
Purpose: The personal data we collect allows us to process your specific request and provide you with an appropriate response.
Legal basis: As we collect your personal data related to processing your enquiry, we do that on the basis of legitimate interest.

When you submit a media enquiry:
Purpose: The personal data we collect allows us to process your enquiry and provide you with an appropriate response.
Legal basis: As we collect your personal data related to processing your enquiry, we do that on the basis of legitimate interest.

When you apply for a job:
Purpose: The personal data we collect allows us to process your job applications.
Legal basis: As we collect your personal data related to anticipating an employment contract, we do that on the basis of steps necessary for entering into a contract.

Note: We do not intend to further process your personal data for other purposes than the ones stated above.

Automated decision-making including profiling:
We do not use the personal data we collect from you to make decisions based solely on automated processing. In addition, we do not process your data automatically with the aim of evaluating certain personal aspects.

Part III: Who are the recipients of your personal data?

KA may provide your personal data to internal recipients. Those recipients are given access to your data in order to perform the purposes outlined previously. Within KA it may be provided to the following categories of recipients:

– Media Relations
– Marketing
– Human Resources

KA does not share your personal data with any external recipients (third parties) that intend to use it for direct marketing purposes, unless you have provided specific consent in relation to this.

Part IV: How long do we store your personal data? What are your rights and how can you exercise them?

How long will your personal data be stored?

We will not retain any personal data longer than we have your consent for or longer than it is necessary to meet our legitimate interest. In order to ensure that personal data is not kept longer than necessary, we established time limits for erasure as well as a periodic review process.

What are your rights and how can you exercise them?

Right to withdraw consent: You have the right to withdraw your consent for data processing at any time, by contacting KA.

Right to object to processing: You have the right to object, at any time to processing of your personal data including profiling. KA will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which either override your interests, rights and freedoms or, for the establishment, exercise or defense of legal claims.

Direct marketing: The right to object concerns in particular direct marketing, which may include profiling. You have the right to object processing of personal data for such marketing purposes at any time.

Right of access: You have the right to obtain confirmation whether or not your personal data is being processed. If so, you have the right to request access to your personal data and information related to the processing.

Right to rectification: You have the right to obtain without undue delay the rectification of your inaccurate personal data. You have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to erasure (“right to be forgotten”): You have the right to obtain the erasure of your personal data without undue delay, if not excluded by Art. 17(3) GDPR.

Right to restriction of processing: You have the right to obtain restriction of processing, if one of the following applies:
– You contest the accuracy of the data
– The processing is unlawful and you request restriction instead of erasure
– You have objected processing pending the verification whether the legitimate grounds of the controller override your own, as data subject

Right to data portability: You have the right – if feasible – to receive your personal data provided to KA, in a structured, commonly used and machine-readable format and to transmit those data to another controller.

Exercising your rights: You can exercise your rights simply by contacting KA (see part II) or the Local Privacy Partner (see part VI).
How do we handle third parties to which your personal data has been disclosed?

Note:
KA will communicate any rectification, erasure or restriction of processing of your personal data to each recipient to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about any such recipients upon your request.

Part V: Which safeguards are applied to protect your personal data?

No internet transmission is fully secure or error-free, nor is stored data free from vulnerabilities. However, the technical and organizational measures that we and our partners apply, ensure appropriate security and confidentiality of your personal data, including prevention of unauthorized access.

We use a variety of security measures, including sophisticated encryption and authentication tools to maintain the safety of your personal data. Your personal information is saved in secure networks and is only accessible to a limited number of persons which are obliged to keep the information confidential. All information provided is stored on secure servers.

Part VI: How may you lodge a complaint?

Right to lodge a complaint with our Local Privacy Partner

In case of complaints, please contact our Local Privacy Partner:

The responsible Controller of your data is:
Dr. Klaus zu Hoene
Intersoft Consulting Services AG
Beim Strohhause 17
20097 Hamburg, Germany
Email: datenschutz@kraftanlagen.com

Right to lodge a complaint with our supervisory authority

You have the right to lodge a complaint with the supervisory authority:
Germany
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Königstraße 10a
70173 Stuttgart

Part VII: Miscellaneous

Google Analytics
If you have given your consent, Google Analytics, a web analysis service of Google Ireland Limited (“Google”) is used on this website. The use includes the “Universal Analytics” operating mode. This makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID and thus analyze a user’s activities across devices. This data protection notice is provided by www.intersoft-consulting.de.

Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users interact with the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, if IP anonymisation is activated on this website, Google will reduce your IP address within Member States of the European Union or in other states party to the Agreement on the European Economic Area beforehand. We would like to point out that on this website Google Analytics has been extended to include IP anonymisation in order to ensure anonymous collection of IP addresses (so-called IP masking). The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data. For more information on terms of use and data protection, please visit https://www.google.com/analytics/terms/gb.html or https://policies.google.com/?hl=en.

Purposes of the Processing
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the website operator with other services related to website and Internet use.

Legal Basis
The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 lit. a GDPR

Recipients or Categories of Recipients
The recipient of the collected data is Google.

Transfer to Third Countries
Personal data will be transferred to the USA under the EU-US Privacy Shield on the basis of the European Commission’s adequacy decision. You can download the certificate here.

Duration of Data Storage
The data sent by us and linked to cookies, user-identifiers (e.g. User-IDs) or advertising-identifiers are automatically deleted after 14 months. Data whose retention period has been reached is automatically deleted once a month.

Rights of the Persons affected
You can revoke your consent at any time with effect for the future by blocking the storage of cookies by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functionalities of this website to their full extent. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the Browser Add-on.

Opt-out cookies will prevent future collection of your data when you visit this website. To prevent Universal Analytics from collecting data across different devices, you must opt-out on all systems used.

Cookies
All other cookies on this website are only used for technical purposes. They do not contain personal user data, which means that no user data are analysed or tracked.

Links to other websites
Our website may contain links to other websites of third parties. We are not responsible for the privacy policies of those websites.

Privacy Notice changes
We may occasionally revise our privacy notice. If so, we will post a notice on our website for 30 days.

Questions and feedback
We welcome your questions and comments on our privacy notice. Feel free to contact us (see Part II.)

Last updated: October, 2022