IMPRINT & DATA POLICY
The purpose of this Privacy Statement is to explain to you the nature, scope and purpose of the processing of personal data (hereinafter referred to in short as “Data”) within our online offer and the related websites, functions and content as well as our external online presence, such as our social media profiles (hereinafter jointly referred to as our “Online offering”). With regard to the terms used, such as “processing” or “party responsible”, we refer to the definitions contained in Art. 4 of the General Data Protection Regulation (GDPR). We also hereby inform you in the following of the external components that we use for optimisation purposes and for increasing quality of use (as long as it makes the processing of third-party data the responsibility of the respective third parties once again).
Information regarding data about you stored with us and its processing (Art. 15 of the GDPR),
Correction of incorrect personal data (Art. 16 of the GDPR),
Deletion of data about you that is stored with us (Art. 17 of the GDPR),
Restriction of data processing (provided that we are not entitled to delete your data on the basis of legal obligations) (Art. 18 of the GDPR),
Objection to us processing your data (Art. 21 of the GDPR) and
Transferability of data if you have consented to the processing of your data or have entered into a contract with us (Art. 20 of the GDPR).
If you have given us consent, you can revoke it any time, with future effect. You can refer a complaint to a regulatory authority at any time,such as to the competent supervisory authority of the Federal State of your place of residence or to our relevant responsible office with competent authority status. A list of regulatory authorities (for the non-public sector) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Type of data to be processed
Inventory data (e.g. names, addresses)
Contact data (e.g. e-mail, telephone numbers)
Content data (e.g. text entries, photographs, videos)
Usage data (e.g. websites visited, interest in contents, times of access)
Meta-/communications data (e.g. devices information, IP addresses)
Categories of persons affected
Visitors to and users of our online offering (we hereinafter also refer to persons concerned collectively as “Users”).
Purpose of processing
Provision of the online offering, and its functions and contents Answering contact requests and communication with users Security measures Reach measurement/marketing
Terms used
“Personal Data” means all information relevant to an identified or identifiable natural person (hereinafter known as the “person concerned”); a natural person is accepted as identifiable if they can be identified, directly or indirectly, in particular by means of relation to an identifier, such as a name, an identification number, location data, an online identifier (e.g. cookies) or by one or more particular features which constitute an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of the said natural person.
“Processing” means any process or sequence of processes in connection with personal data, performed with or without the aid of automated procedures. The term has a broad meaning; it includes practically every process related to data.
“Pseudonymisation” means the processing of personal data in such a way that personal data can no longer be assigned to a specific person concerned without the need for additional information, provided that the said additional information is stored separately and there are technical and organisational measures in place which guarantee that the said personal data cannot be assigned to any identified or identifiable natural person.
“Profiling” means any type of automated processing of personal data with the intent of using the said personal data to evaluate certain personal aspects relevant to a natural person, in particular aspects pertinent to analysing or predicting elements of the said natural person’s work performance, economic situation, health, personal preferences, interests, reliability, behaviour, place of residence or change of location.
A “party responsible” means the natural or legal person, authority, institution or other body which, whether alone or together with others, makes decisions regarding the purposes and the means for processing of personal data. “Processor” means a natural or legal person, authority, institution or other body which processes personal data on behalf of the party responsible.
Relevant legal bases
Pursuant to Art. 13 of the GDPR, we inform you of the legal bases for our data processing means. If the legal basis should not be mentioned in the Privacy Statement, the following shall apply:
The legal basis for obtaining consent is Art. 6 (1) (a) and Art. 7 of the GDPR; the legal basis for the processing of data as part of the fulfilment of our services and the execution of contractual measures and for answering queries is Art. 6 (1) (b) of the GDPR; the legal basis for the processing of personal data as part of the fulfilment of our legal obligations is Art. 6 (1) (c) of the GDPR; and the legal basis for the processing of personal data for the purpose of safeguarding our legitimate interests is Art. 6 (1) (f) of the GDPR. In the event that vital interests of any given person concerned or another natural person make the processing of personal data necessary, Art. 6 (1) (d) of the GDPR shall serve as the legal basis in this regard.
Transmission to third party countries
If we process data in a third party country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or this happens in the context of use of third party services or of disclosure or transmission of data to third parties, this may be done only for the purpose of fulfilment of our (pre)-contractual obligations, or on the basis of your consent, a legal obligation or our legitimate interests. Subject to legal or contractual permission, we will process data (or allow it to be processed) in a third party country only if the special conditions included in Art. 44 ff. of the GDPR apply. That is to say: such processing can be carried out on the basis of special guarantees, such as the officially recognised establishment of an EU-standard data protection level (e.g. with the “Privacy Shield” in the case of the USA) or the observation of officially recognised special contractual obligations (so-called “standard contractual clauses”).
Right of revocation
You can revoke future processing of data applicable to you, at any time, pursuant to Art. 21 of the GDPR. Such a revocation can be initiated in particular to prevent processing of data for direct marketing purposes.
Cookies and right of revocation with direct marketing
“Cookies” are small files stored on users’ computers. Different kinds of information can be stored within cookies. The primary purpose of a cookie is to save information on a user (or on the device on which the cookie is saved) during or after their visit as part of an online offering. Cookies that are deleted after a user has left an online offering and closed their browser are labelled as temporary cookies, “session cookies” or “transient cookies”. Aspects that can be saved in such a cookie include the content of a shopping cart in an online shop or a login status. Cookies are known as “permanent” or “persistent” if they remain saved after the browser has been closed. With this, login status, for example, can be saved if the users visit again after several days. The interests of users can also be saved in such a cookie, for use for range measurement or marketing purposes. Cookies offered by providers other than the party responsible (i.e. that has provided the online offering), are known as “third-party cookies” (otherwise, if it’s only their own cookies, these are known as “first-party cookies”).
We can use temporary and permanent cookies – we clarify them in the context of our Privacy Statement.
If you, as the user, do not want cookies to be stored on your computer, you will be asked to deactivate the appropriate option in the system settings of your browser. Saved cookies can be deleted in the system settings of your browser. Exclusion of cookies can lead to functional restrictions with the online offering.
A general objection to the use of cookies used for online marketing purposes can be clarified by a variety of services (especially in the case of tracking) recognised with the American website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Furthermore, cookies can be saved in the browser settings by deactivating them. Please note that, if you decide to do this, not all functions included in the online offering can be used.
Deletion of data
The data processed by us shall be deleted, or have its processing restricted, in accordance with Art. 17 and 18 of the GDPR. Unless explicitly stated in this Privacy Statement, data saved with us shall be deleted as soon as it is no longer required for its intended purpose and such deletion does not conflict with any statutory retention requirements. If such data is not deleted – because it is required for other, legally permitted, purposes – its processing shall be restricted. That is to say, the data shall be disabled and not processed for other purposes. This applies, for example, for data which needs to be retained for commercial or tax law reasons.
In accordance with existing legal requirements in Germany, the period for such storage may be 10 years (pursuant to §§ 147 (1) of the German Fiscal Code, 257 (1) (1) and (4) of the German Commercial Code (for books, records, status reports, accounting documents, trading books, for taxation of relevant documents, etc.)) or 6 years (pursuant to § 257 (1) nos. (2) and (3) of and Clause 4 of the German Commercial Code (business letters)).
Business-related processing
We also process
Contract data (e.g. object of contract, duration period, customer category)
Payment data (e.g., bank details, payment history) of our clients, prospective clients and business partners for the purpose of providing contractual services, customer care and service, marketing, advertising and market research.
Contractual services
We process the data of our contractual partners and prospective clients, as well as that of other clients, customers or contractual partners (together designated as “contractual partners”) as per Art. 6 (1) (b) of the GDPR, for the purpose of providing you with our contractual or pre-contractual services. The data that is processed in this respect, and the type and scope and purpose and necessity of its processing, are determined by the underlying contractual relationship.
The data to be processed includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. e-mail addresses and telephone numbers) and contract data (e.g. services requested, contract contents, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history).
There are certain categories of personal data which we absolutely will not process unless the components in question are part of contracted or contractual processing.
We process data which is necessary for justification and fulfilment of the contractual obligations and refer to the requirement should this not be evident to the contractors. It may be disclosed to external persons or companies only if this is necessary as part of a contract. During processing of the data transferred to us as part of an order, we will act in accordance with the instructions of the client as well as the relevant legal requirements.
As part of the use of our online services, we may, if appropriate, save the IP address and the time of known user action. Saving shall be done on the basis of our legitimate interests, as well as users’ interests, as a means of protection against abuse and other unauthorised use. This data absolutely may not be forwarded to third parties, unless this is a requirement pursuant to our claims under Art. 6 (1) (f) of the GDPR or if there is a legal obligation to do the same under Art. 6 (1) (c) of the GDPR.
Data shall be deleted if it is no longer required for the fulfilment of our contractual or legal care responsibilities or for dealing with any warranty obligations or comparable obligations, in which case the necessity for storage of the data shall be checked every three years; otherwise, the statutory storage obligations shall apply.
Administration, financial accounting, office organisation, contact management
We process data as part of administrative tasks, as well as the organisation of our operations, financial accounting and compliance with legal obligations, such as archiving; whereby we process the same data that we process in the provision of our contractual services. The basic data processing principles recognised hereby are Art. 6 (1) (c) of the GDPR and Art. 6 (1) (f) of the GDPR. Said data processing pertains to clients, prospective clients, business partners and website visitors. The purpose for such processing/our interest in it concerns the administration, financial accounting, office organisation and archiving activities recognised with such data i.e. tasks pursuant to maintaining our business activities, the acknowledgement of our tasks and the provision of our services. Deletion of data pursuant to contractual services and communication shall be in accordance with the information stated as part of such processing activities.
As part of the same, we will disclose or transmit data to the financial authorities or consultants, such as tax consultants or auditors, as well as other bodies and service providers.
We will also save information concerning suppliers, organisers and other business partners based on our business interests, such as for the purpose of subsequent contact. We will save this (mostly company-related) data indefinitely as a matter of principle.
Business analysis and market research
For the purpose of operating our business economically (including recognition of market trends and the requests of contract partners and users), we will analyse the data that we have which covers business transactions, contracts, queries etc. We will, as part of this, process inventory data, communication data, contract data, payment data, usage data and metadata in accordance with Art. 6 (1) (f) of the GDPR – the persons concerned include contract partners, prospective clients, clients, visitors and users of our online offering.
Analyses are carried out for the purpose of business analysis, marketing and market research. We may, as part of it, consider the profiles of registered users, including information regarding the services that they use for example. We make use of these analyses in order to increase user-friendliness, and optimise our offering and operating profitability. These analyses are for our benefit only; they are not to be disclosed externally.
If such analyses or profiles are personal in nature, they shall be deleted or anonymised upon termination of use, or otherwise removed no later than two years after the conclusion of the contract. Furthermore, overall business analyses and general trend determination shall always be drafted anonymously whenever possible.
Contact
When we are contacted (e.g. via contact form, e-mail, telephone or social media), the information of the user in question shall be processed as part of the processing of the contact request and its conclusion in accordance with Art. 6 (1) (b) (as part of contractual/pre-contractual relationships) or Art. 6 (1) (f) of the GDPR (in connection with our own legitimate interests). User information can be saved in a customer relationship Management system (“CRM system”) or a comparable queries system. Your data will be deleted as soon as your request has been finally answered and such deletion is not precluded by any statutory retention obligations e.g. with any subsequent contract.
Hosting and e-mail dispatching
The hosting services that we use serve the purpose of provision of the following services: infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatching, security services and technical maintenance services that we employ as part of the operation of this online offering.
As part of this, we/our hosting provider process inventory data, contact data, content data, contract data, usage data, and metadata and communication data of clients and prospective clients and visitors to this online offering, on the basis of our legitimate interests pertinent to providing this online offering in an efficient and secure manner as per Art. 6 (1) (f) of the GDPR in conjunction with Art. 28 of the GDPR.
Collection of access data
We/our hosting provider collect data on each access to the server which hosts this service, on the basis of our legitimate interests as per Art. 6 (1) (f) of the GDPR (so-called server log files). Said access data includes: name of the requested website, file, date and time of the request, volume of transferred data, notification of successful request, browser type and version, the user’s operating system, the referrer URL (the site visited previously), the IP address and the requesting provider.
Log file information shall be saved for a maximum period of 7 days, for security reasons (e.g. in the interests of investigation of abuse or fraud), after which it shall be deleted. Data which needs to be retained for longer for evidence purposes shall be exempt from such deletion up until the time of the final clarification of the incident in question.
Google AdWords and Conversion Measurement
On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer in the sense of Art. 6 Para. 1 lit. f. of the German Civil Code), we make use of the information provided on this website. DSGVO) the services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
Google is certified under the Privacy Shield Agreement and therefore offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
We use the Google AdWords online marketing process to place ads on the Google Advertising Network (e.g., in search results, videos, websites, etc.) so that they are displayed to users who have a suspected interest in the ads. This allows us to display ads within our online offering in a more targeted manner in order to present users only with ads that potentially match their interests.
We also receive an individual “conversion cookie”. The information obtained with the help of the cookie is used by Google to compile conversion statistics for us. However, we only know the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any personally identifiable information.
User information is processed pseudonymously within the Google Advertising Network. This means, for example, that Google does not store and process the user’s name or e-mail address, but processes the relevant data cookie-related within pseudonymous user profiles. This means that, from Google’s point of view, the ads are not administered and displayed for a specifically identified person, but for the cookie holder, regardless of who this cookie holder is. This does not apply if a user has expressly permitted Google to process the data without this pseudonymization. The information collected about users is transmitted to Google and stored on Google’s servers in the United States.
You can also prevent or restrict the installation of cookies by making the appropriate settings in your Internet browser. At the same time, you can delete cookies that have already been saved at any time. However, the steps and measures required for this depend on the Internet browser you are using. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support.
Google also offers the following services and further information on this topic and in particular on the possibilities of preventing the use of data.
https://services.google.com/sitestats/de.html
http://www.google.com/policies/technologies/ads/
http://www.google.de/policies/privacy/
When you do this, a cookie will be saved on your end device via your internet browser; this cookie will prevent further analysis. However, please note that you will need to activate the above link again if you delete the cookies saved on your end device.
Online presence on social media
We maintain an online presence in the form of social networks and platforms so that we can communicate with the clients, prospective clients and users active there and provide them with information about our services. During access to the respective networks and platforms, the business terms and conditions and the data processing guidelines of their respective operators shall apply.
Unless otherwise specified in our Privacy Statement, we will process users’ data for as long as they communicate with us on social networks and platforms, e.g. by writing posts on our online presence profiles or by sending us messages.
Integration of third-party services and contents
We use the contents and service offerings of third-party providers within our online offering, based on our legitimate interests (i.e. analysis, optimisation and economic operation of our online offering as per Art. 6 (1) (f) of the GDPR), in order to integrate their contents and services e.g. videos or writing fonts (hereinafter referred to together as “contents”).
This always assumes that the third-party providers of this content are aware of the users’ IP addresses, since they would be unable to send the contents to their browser without the IP address. This means that the IP address is necessary for the presentation of this content. We strive to use only such content for which the respective providers use the IP address to deliver the content. Third-party providers can also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. “Pixel tags” can be used to evaluate information such as user traffic on the pages of this website. Pseudonymous information can also be saved on the user’s device in the form of cookies, and it can include, inter alia, technical information on the browser and operating system, referring websites and visit time as well as other information regarding the use of our online offering, and it can also be linked to such information from other sources.
Use of Facebook social plug-ins
We use social plug-ins (“plug-ins”) of the social network facebook.com (operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on the basis of our legitimate interests (i.e. analysis, optimisation and economic operation of our online operation as per Art. 6 (1) (f) of the GDPR). This can include such content as images, videos or texts and buttons with which users can share content of this online offering within Facebook. The list and appearance of Facebook social plug-ins can be viewed here: https://developers.facebook.com/docs/plugins/.
Facebook is certified under the Privacy Shield Agreement, meaning that it offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
If a user requests a function of this online offer which includes such a plug-in, their device shall establish a direct connection with the Facebook servers. The content of the plug-in shall be transferred directly to the user’s device by Facebook as Facebook integrates it into the online offering. This makes it possible to create user profiles of the users from the processed data. With this, we have no influence on the scope of the data that Facebook determines with the help of this plug-in and as such informs the users accordingly based on our knowledge.
By integrating the plug-ins, Facebook receives the information that a user has requested the corresponding page in the online offering. If the user is logged into Facebook, Facebook can assign the visit to their Facebook account. When users interact with the plug-ins, such as by clicking on the Like button or leaving a comment, the corresponding information shall be transferred from their device directly to Facebook and saved there. If a user is not a member of Facebook, it is still possible for Facebook to obtain and store their IP address. According to Facebook, only an anonymised IP address will be saved in Germany.
Information on the purpose and scope of data collection and further processing and use of data by Facebook, and the related rights and settings options for protection of users’ privacy, can be found in Facebook’s Privacy Statement: https://www.facebook.com/about/privacy/.
If a user is a member of Facebook and does not want Facebook to collect data about them via this online offering or to link it with their member data stored on Facebook, then they must, prior to using our online offer, log out from Facebook and delete their cookies. Additional settings and objections to use of data for advertising purposes are possible in the Facebook profile settings https://www.facebook.com/settings?tab=ads or via the American website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/. Settings are platform-independent, meaning that they are adopted for all devices, be they desktop computers or mobile devices.
Functions and contents of the LinkedIn service (offered by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) can be integrated into our online offering. This may include content such as images, videos or bodies of text and buttons which allow users to share content within this online offering within LinkedIn. If users are members of the LinkedIn platform, LinkedIn can assign the request for the above contents and functions to users’ local profiles. LinkedIn’s Privacy Statement: https://www.linkedin.com/legal/privacy-policy. LinkedIn is certified under the Privacy Shield Agreement, meaning that it offers a guarantee of compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active). Privacy Statement: https://www.linkedin.com/legal/privacy-policy, Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Changes to our Privacy Statement We reserve the right to make adjustments to this Privacy Statement to ensure that it always meets the current legal requirements, or to implement changes to our services offered in the Privacy Statement e.g. with the introduction of new services. In such a case, the new Privacy Statement will apply at the time of your new visit. Privacy Statement version: September 2021
Copyright
All works contained on our web pages or parts thereof, including texts, files, compositions and images, are protected by design law and/or copyright. They may not be published, reproduced, distributed or otherwise used in whole or in part without the prior written permission of Design. Downloads and copies of this site are permitted for private, non-commercial use only. Where the content on this site was not created by the operator, the copyrights of third parties is respected. In particular, contents of third parties are marked as such. Should you nevertheless become aware of a copyright infringement, please inform us of this. As soon as we become aware of any infringements, we will remove such content immediately.
Liability for contents
As a service provider, we are responsible for our own content on these pages in accordance with the general laws. As a service provider, however, we are not obliged to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information in accordance with general laws remain unaffected by this. Any liability concerning this matter can only be assumed from the point in time at which the infringement becomes known to us. As soon as we become aware of such infringements, we will remove the content immediately.
Liability for links
Our offer contains links to external websites of third parties. As the content of these websites is not under our control, we cannot assume any liability for such external content. The respective provider or operator of the pages is always responsible for the contents of the linked pages. The linked pages were checked for possible legal infringements at the time of linking. Illegal contents were not recognisable at the time of linking. A permanent control of the contents of the linked pages is not reasonable without concrete evidence of an infringement. As soon as we become aware of any legal infringements, we will remove such links immediately.
The party responsible under data protection legislation is:
KUMPF (K+CO)
Berghaldenstrasse 62
8053 Zürich
©2022 – 2025