1. Foreword and selected Terms
2. Responsible Party and Data Protection Officer
4. Legal Basis for the Processing Personal Data
5. Data Subjects Rights under the GDPR
6. External Hosting
7. Automatic Server Log Files
9. Message via Contact Form
10. Communication via Email
11. Communication by Telephone or Fax
12. Newsletter (Kienle Magazine) Order
13. Information for Applicants
14. Our Social Media Presence
15. Additional Privacy Information for our Business Partners
On the one hand, this data protection declaration informs visitors and users of our website about the online data processing operations in which personal data is processed. On the other hand, you will receive information about our processing operations, which do not primarily take place online.
GDPR stands for the European General Data Protection Regulation.
BDSG is an abbreviation for the Federal Data Protection Act in its current version.
Personal data is all individual information that allows conclusions to be drawn about a natural person (for definition, see Art. 4 Para. 1 GDPR). This includes, for example, names, email addresses, telephone numbers, but also data such as IP addresses or customer numbers.
The processing of personal data includes all processes, such as the collection, storage, transmission, archiving or deletion of personal data (definition Art. 4 Para. 2 GDPR).
The data subject within the meaning of data protection law is any natural person whose personal data is processed.
Further definitions of terms can be found in the General Data Protection Regulation, which can be found in Article 4 of the GDPR (definitions).
The responsible party for the processing of personal data is:
Kienle Automobiltechnik GMBH
FON: +49 (0) 7152 - 90163-0
FAX: +49 (0) 7152 - 90163-115
EMAIL : info(at)kienle.com
DSB Externer Datenschutzbeauftragter Stuttgart
Diploma in Business Administration (FH)
Certified Data Protection Officer
Certified Information Security Officer
The following content gives you a brief overview of the processing of personal data; more detailed information can be found in the passages presented in detail.
Our website is provided with an SSL certificate, which is used to encrypt data transfer processes. This happens, for example, if you send us a message via a form. As a precaution, we would like to point out that 100% security in electronic data processing is not possible and there is always a residual risk.
On this site, we process the data that you enter yourself, for example in a form. In this case, the purpose of processing results from the type of form and, on the other hand, from this data protection declaration. Even if, for example, you send us a message by email or otherwise contact us, we process your data in accordance with the purpose of the contact.
On the other hand, our server automatically records all accesses and therefore also IP addresses (log files), this serves to ward off attacks, analyze access numbers and ensure smooth operation.
Cookies help us to provide various services. You can find more information about this in this data protection declaration.
Other data recipients
a) Commissioning of data processors
We have commissioned data processors in accordance with the requirements of Art. 28 GDPR, for example in the areas of IT services, web hosting, email hosting or printing services. They process personal data for us according to our instructions.
b) Use of specialist services
If necessary (for example to execute the contract), we pass on your data to, for example, banks, other payment service providers, shipping service providers, our tax advisor or lawyer.
c) Legal obligations
In addition, in certain cases we are obliged to make a report to the responsible authorities on the basis of the Money Laundering Act. In addition, we are subject to other legal obligations, such as commercial laws or tax law, in this context we must pass on certain data, for example, to tax authorities.
d) Investigation of crimes
If it is necessary to investigate a crime, we pass on data to the law enforcement authorities.
General information on deletion periods for personal data
We process the data as long as this is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract; we are also obliged to comply with statutory retention requirements. If data processing is based on your consent, we will delete your data after your revocation.
Transfer of personal data to a third country
We try to have all service providers and services provided by providers within the European Union. A transfer to a third country is possible if you have given us your consent and/or we have concluded a contract for order processing in accordance with Article 28 of the GDPR, taking appropriate guarantees into account. In individual cases we may use plugins or tools that are hosted in third countries, but we use these on the basis of our legitimate interests. In these cases, we will point out the circumstance if necessary.
Legal or contractual obligation to provide personal data
In principle, this website can be visited without providing personal data. For purchases in our online shop, it is necessary to provide personal data in order to conclude a purchase contract.
The legal bases for the processing of personal data are exceptional circumstances that allow the processing of personal data. The essential legal bases are shown in particular in Art. 6 GDPR. The legal basis on which we process personal data is described in the individual processing operations in this data protection declaration.
Consent is one of these legal bases and requires that the consenting person gives it in an informed manner and on a voluntary basis. Consent based on Art. 6 Para. 1 lit a GDPR can generally be revoked at any time without giving reasons.
The processing of personal data to initiate or execute contracts is also a legal basis and is defined in Article 6 Paragraph 1 Letter b GDPR.
The exception to data processing based on a legal obligation can be found in Article 6 (1) (c) GDPR; for example, we are obliged to comply with certain retention periods according to commercial law and tax law.
The processing of personal data on the basis of a balancing of interests in accordance with Article 6 Paragraph 1 Letter f of the GDPR allows processing after careful consideration of financial or legal interests against the legitimate interests of the data subject.
Every natural person is entitled to certain rights, which are defined in particular in Articles 15 to 21 and 77 of the GDPR. In principle, you have the following rights, which you can demand from us.
You can revoke your consent to us at any time without giving reasons with effect for the future.
You have the right at any time to request information about the data processed by you and the purposes of the processing.
If you discover that we are processing incorrect or incomplete data about you, you have the right to rectification.
You have the right at any time to request the deletion of the personal data we process about you. If complete deletion is not possible, for example because we have to fulfill legal retention obligations or we can assert legitimate interests for other reasons, we will restrict your data until these reasons no longer apply.
You have the right to request that the processing of your personal data be restricted. You can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:
If you have restricted the processing of your personal data, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a member state.
You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the data to be transferred directly to another person responsible, this will only be done if it is technically feasible.
If data processing is carried out on the basis of Article 6 Paragraph 1 Letter e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims ( Objection according to Art. 21 Para. 1 GDPR).
If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising. If you object, your personal data will no longer be used for direct advertising purposes (objection according to Art. 21 Para. 2 GDPR).
In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.
This website is hosted externally. The personal data collected on this website is stored on the host's servers. This can include IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access and other data generated via a website.
External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 Para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offering by a professional provider (Art. 6 Para. 1 lit. f GDPR).
The following service provider hosts the website on our behalf:
The neuland agency has commssioned the service provider Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp to host our website.
We have concluded a data processing agreement (DPA) with the hoster. Personal data will only be processed according to our instructions and in compliance with the GDPR.
Our web server automatically logs all access and thus also the IP addresses of visitors. This serves to defend against attacks, analyze access numbers and ensure smooth operation. We have a legitimate interest in this (Art. 6 lit. f GDPR).
In addition to the IP address, the server log usually records other metadata about the session; you can find this data below.
We only process this data for the purposes mentioned above. We delete server log files after three months at the latest.
Our websites use so-called “cookies”. Cookies are small data packages and do not cause any damage to your device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.
Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).
Cookies have various functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of cookies when you close the browser. If cookies are deactivated, the functionality of this website may be restricted.
You can find out which cookies and services are used on this website in this data protection declaration.
Cookies that are necessary to carry out the electronic communication process, to provide certain functions you want (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure the web audience) (necessary cookies). stored on the basis of Art. 6 Para. 1 lit. f GDPR, unless another legal basis is stated. The website operator has a legitimate interest in storing necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TTDSG); consent can be revoked at any time.
You have the option of sending us messages using the contact form. We process the data that you entered into the data collection mask. Mandatory fields are marked and must be provided. The purpose of data processing is to process your request and, if necessary, to contact you afterwards.
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions.
You can use the contact form to contact us on various topics:
The data transmitted using the contact form is processed on the basis of Art. 6 Para. 1 lit. b GDPR, provided that your request is related to the fulfillment of a contract or serves to carry out pre-contractual measures. In all other cases, the processing is based on our legitimate interest in effectively processing the inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR).
We store the transmitted data until the purpose of data storage is achieved or you revoke your consent. Please note that the process may be subject to legal retention periods. In this case, we will restrict your data from further processing until it expires.
If you write us an email, we will process your data according to the content and purpose of the message. As a rule, processing is carried out on the basis of pre-contractual measures or as part of the implementation of a contractual relationship on the basis of Article 6 Para. 1 lit. b GDPR and Article 6 Para. 1 lit. f GDPR. It is in our legitimate interest to process your request quickly and efficiently.
If it is a product or service-related message, we generally process your data on the basis of our legitimate interests in accordance with Article 6 Para. 1 lit. b GDPR.
Please note that we store all incoming emails in accordance with proper accounting principles for a period of ten years, starting from the first day of the following year in which the message was received. If you ask us to delete the data, we will from now on restrict the processing of your data and only store it for the purpose of complying with retention periods in our legitimate interest.
Even if you contact us by telephone or fax, we process your data either to initiate and implement contractual relationships (if the content is product or service-related) on the basis of Art. 6 Para. 1 lit. b GDPR and/or in our authorized manner Interest based on Art. 6 Para. 1 lit. f GDPR, analogous to contacting us by email.
We do not record the content of the conversation, but we may take notes to process your request. This will be stored until the purpose of the data processing has been achieved and we no longer have any legitimate interests in the processing. If necessary, the content of the conversation is stored anonymously for statistical purposes. Of course, you can request deletion at any time.
You can order current and historical copies of our Kienle newsletter via our website, by email or by telephone. Alternatively, you can also subscribe to the newsletter for a fee. Please note that this is not an email newsletter, but a haptic newsletter.
In order to purchase and send the newsletter, we have to process personal data to process the purchase. We particularly need
Payment is made by bank transfer to the bank details provided by us on the invoice.
The magazine is delivered by a shipping service provider, usually by Deutsche Post AG, Charles-de-Gaulle-Straße 20, 53113 Bonn or, if multiple magazines are ordered, by DHL Paket GmbH, Sträßchensweg 10, 53113 Bonn. In individual cases, we reserve the right to commission alternative shipping services such as DPD, Hermes or GLS for shipping.
The legal basis is Article 6 Para. 1 lit. b GDPR. The processing serves to process a purchase contract. We process your data for the purpose of processing the purchase or the permanent delivery until you unsubscribe. We are also obliged to comply with statutory retention periods. According to §257 HGB and §158 AO, these are ten years, starting with the first of the calendar year following the last booking.
If you apply to us, whether for an advertised position or on your own initiative, we will process your data to carry out the selection process. It is irrelevant to us whether you apply by post, email or, if available for the respective position, using an online form .
In principle, as part of an application process, we only process the data that you have provided to us yourself. The use of additional sources may only be considered after information and consultation with you. For example, whether we can contact a former employer.
The legal basis for carrying out an application process is Section 26 BDSG in conjunction with Article 6 Para. 1 lit. b GDPR (initiation of an employment contract). If you give us your consent to store your data for a longer period of time, this will be done on the legal basis of Article 6 Para. 1 lit. a GDPR.
Deletion deadlines for applicant data
We delete applicant data a maximum of 4 months after completion of the application process (when a candidate has been selected and all applicants have been informed of the outcome). The purpose of data processing no longer exists at the end of the selection process, but we have a legitimate interest (Art. 6 Para. 1 lit. f GDPR) in being able to defend ourselves against any claims made by rejected applicants. If you have the impression that your interests in immediate deletion outweigh your interests, you have the option of requesting us to do so. We will then examine your request and give you feedback.
After the above-mentioned period has expired, your data will be deleted unless we have to defend ourselves, for example in ongoing proceedings, for example due to a lawsuit under the General Equal Treatment Act. In this case, we will delete your data after the process has been completed, unless there are statutory retention periods.
If we are allowed to store your data for a longer term based on your consent, we will delete your data if you request us to do so and revoke your consent. If necessary, we will also delete your data before revoking your consent if it is clear that no position will be available.
Inclusion in our applicant pool
If we are currently unable to offer you a job, we may ask you for your consent to continue storing your data. This serves the purpose of offering you a suitable position at a later date. The legal basis for the processing of your data in our applicant pool is your consent (Art. 6 Aba. 1 lit. a GDPR). Of course, you can revoke your consent at any time with future effect. If you do not revoke your consent yourself within a period of two years, we will delete your data from our applicant pool at the latest.
We maintain publicly accessible social media profiles. You can find the social networks we use in detail below.
Social networks such as Facebook, Twitter, etc. can usually comprehensively analyze your user behavior when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media presence triggers numerous data protection-relevant processing operations. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account on the respective social media portal. In this case, this data is collected, for example, via cookies that are stored on your device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be shown to you inside and outside of the respective social media presence. If you have an account with the relevant social network, interest-based advertising can be displayed on all devices on which you are logged in or were logged in.
Our social media presence is intended to ensure the broadest possible presence on the Internet. This is a legitimate interest within the meaning of Article 6 Para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases that must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 Para. 1 lit. a GDPR).
Responsible person and assertion of rights
If you visit one of our social media sites (e.g. Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered by this visit. In principle, you can exercise your rights (information, correction, deletion, restriction of processing, data portability and complaint) both. us as well as against the operator of the respective social media portal (e.g. Facebook).
Please note that despite our shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options depend largely on the corporate policy of the respective provider.
The data we collect directly via the social media presence will be deleted from our systems as soon as you request us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory legal provisions – especially retention periods – remain unaffected.
We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their data protection declaration, see below).
Data categories and purposes of processing
We process personal data from our service providers and partners, which we receive directly as part of our business relationship. If we have received data from you, we will generally only process it for the purposes for which we received or collected it.
As a rule, we process the following categories of data from you
As part of the business initiation phase and during the business relationship, in particular through personal, telephone or written contact initiated by you or one of our employees, further personal data is created, e.g. B. Information about contact channel, date, occasion and result; (electronic) copies of correspondence and information about participation in direct marketing measures.
On the other hand, we process personal data that we have legitimately obtained and are permitted to process from publicly accessible sources (e.g. commercial and association registers, press, media, internet).
Data processing for other purposes is only possible if the necessary legal requirements in accordance with Article 6 (4) GDPR are met. In this case, we will of course observe any information obligations pursuant to Article 13 Paragraph 3 GDPR and Article 14 Paragraph 4 GDPR.
Based on your consent (Art. 6 Para. 1 lit. a GDPR)
We process personal data for one or more specific purposes if you have given us your consent to do so. If personal data is processed based on your consent, you have the right to revoke your consent to us at any time with future effect.
Data Processing for the fulfillment of contracts (Art. 6 Para. 1 lit. b GDPR)
We process personal data for the fulfillment of contracts. The fulfillment of contracts includes, for example, the conclusion, processing and reversal of a contract. In addition, we process personal data that is necessary to carry out pre-contractual measures, such as initiating a contract, and is carried out at your request. Data
Data Processing is based on a legal obligation (Art. 6 Para. 1 lit. c GDPR).
Like every company, we have retention obligations and Fulfill other documentation requirements, this can also affect documents containing personal information. To the extent that we process data for these purposes, the processing takes place on the basis of a legal obligation.
Data Processing based on a balancing of interests (Art. 6 Para. 1 lit. f GDPR)
If we process data on the basis of a balancing of interests, you as the data subject have the right to allow the processing of personal data, taking into account the provisions of Article 21 GDPR contradict. To the extent that the specific purpose permits, we process your data pseudonymously or anonymously.
Transfer to Data Processors within the scope of Article 28 GDPR
Data Processors we have commssioned (Article 28 GDPR), particularly in the area of IT services and, for example, printing services, who process your data for us in accordance with our instructions. When we commission service providers to fulfill our tasks, we always observe the data protection regulations; in particular, data is only passed on after contracts for order processing have been concluded. We would be happy to let you know which processors we use.
To carry out a contractual relationship
If it is necessary to carry out the contract with you, we will pass on your data, for example, to our bank to process payments or shipping service providers such as Deutsche Post, DHL, UPS, GSL, DPD or other event-related providers.
Disclosure due to a legal obligation
If there is a legal or official obligation, we will pass on your data to public bodies or institutions (authorities, for example in the context of criminal prosecution).
Other places, provided you have given us your consent
If you have given your explicit consent, we will also pass on your data to other parties. However, this occurs within the limits provided you have verifiable consent.
Principle of purpose limitation and compliance with statutory retention periods
We process the data as long as this is necessary for the respective purpose. If necessary, we process your personal data for the duration of our business relationship, which also includes the initiation and processing of a contract.
In addition, like every company, we are obliged to comply with statutory retention periods, for example the deadlines under commercial and tax law. If there are statutory retention requirements, the relevant personal data will be stored for the duration of the retention period. The storage period also depends on the statutory limitation periods, which, for example, according to Sections 195 ff. of the Civil Code (BGB), can usually be three years, but in certain cases can also be up to thirty years. After the retention period has expired, it will be checked whether further processing is necessary. If it is no longer necessary, the data will be deleted.
As a rule, such retention periods in the context of legal transactions (according to §147 AO / §257 HGB / §14b UstG) are 10 years, starting with the year following the legal transaction.
If you provide us with your contact details, for example by email, telephone, or by handing over your business card , we will store this data on the basis of pre-contractual measures and in accordance with Article 6 Paragraph 1 Letter b of the GDPR Interest (Art. 6 Para. 1 lit. f GDPR) in smooth and targeted communication. If no legal transaction is concluded, we will delete your data if you request us to do so or if there is no further contact within a period of three years. If you enter into a legal transaction with us (Art. 6 Para. 1 lit b GDPR), we will store your data for ten years until the commercial and tax requirements expire. After this period, we check whether we can delete the data and, if necessary, delete it.
E-mails and business letters
We archive all of our e-mail traffic for ten years. If you write us an email, your data and the entire email content will be stored for 10 years. Most emails count as business letters, and emails can also contain information relevant to tax law. In our opinion, the effort involved in checking each individual email is not proportionate to the benefit and legitimate interests of the sender. Of course, you can ask us to delete it at any time and we will carry out an individual case check and inform you of the result. This can lead to deletion or restriction of processing, depending on the content of the correspondence.
Revocation of your consent If we
process your data based on your consent (Art. 6 Para. 1 lit. a GDPR), we will delete it after your revocation . Unless there are legitimate interests against complete deletion. For example, we generally store the declaration of consent for up to three years after receipt of your revocation in the legitimate interest (Art. 6 Para. 1 lit. f GDPR). We only retain the consent subject to restriction of processing in order to be able to defend ourselves in the event of a dispute.
The provision of personal data is regularly necessary for the initiation, conclusion, processing and reversal of a contract. If you do not provide the required personal data, we will not be able to conclude and fulfill a contract with you.
We generally process your personal data in data centers in the Federal Republic of Germany or the European Union. A transfer to a third country is only possible if you have given us your consent or we have concluded a contract for order processing in accordance with Art. 28 GDPR, taking into account suitable guarantees or other suitable guarantees.