slide-bg

Privacy policy

Privacy Policy for the website of:
Kählig Antriebstechnik GmbH

Imprint

Privacy Policy

 


1. Out of respect for your privacy

Thank you for visiting our website and for your interest in Kählig Antriebstechnik and its products. The protection of your privacy when processing personal data and the security of all business data is a significant concern for us, which we consider in our business processes. We process personal data confidentially and by legal requirements.

Data protection and information security are part of our corporate policy. Below we inform you about how we handle your data. However, if you still have questions about data protection or would like further information after reading the data protection information, please get in touch with us.

The following information provides a simple overview of what happens to your data when you visit this website. Personal data is any data that can be used to identify you personally.


2. Responsible party

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g. names, email addresses or similar).

The responsible party for data processing on this website is:

Kählig Antriebstechnik GmbH
Pappelweg 4
30179 Hanover

Telephone: +49 (0) 511 674 93 – 0
Email: info@kag-hannover.de


3. Data protection officer

The data protection officer of the controller is:

Kählig Antriebstechnik GmbH
Pappelweg 4
30179 Hanover

Telephone: +49 (0) 511 674 93 – 20
Email: datenschutz@kag-hannover.de

Any data subject may contact our data protection officer directly with any questions or suggestions regarding data protection.


4. Collection, processing and use of personal data, data processing and storage

4.1 Categories of data processed

Communication data (e.g. name, telephone number, email address, address and IP address) are processed.

4.2 Principles

When you use this website, various personal data is collected. Personal data is data by which you can be identified personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for which purpose this is done.

We want to point out that data transmission on the Internet (e.g. when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible.

We collect, process and use personal data (including IP addresses) only if there is a legal basis for doing so or if you have given us your consent in this regard, e.g. in the context of registration.

4.3 Processing purposes and legal bases

We and service providers commissioned by us process your data for the following processing purposes:

4.3.1 Provision of this online offer and use of this website

Legal basis: overriding legitimate interest on our part in direct marketing, insofar as this is done following data protection and competition law requirements (Art. 6 para. 1 lit. f) GDPR).

4.3.2 Contact form

Legal basis: Overriding interest in marketing and improving our products and services, insofar as this is done according to data protection and competition law requirements or for contract performance or consent (Art. 6 para. 1 lit. b) and a) GDPR).

4.4 Hosting

A hoster carries out data processing on this website.

When visiting the website, technical data, such as the internet browser, the operating system, or the page view time, are collected by our IT systems. This data is collected automatically as soon as you enter this website.

4.4.1 What do we use your data for?

When you call up this website, some of the data is collected to ensure error-free provision of the website. Other data may be used to analyse your user behaviour.

4.4.2 Hosting and Content Delivery Networks (CDN)

As already mentioned, this website is hosted by an external service provider (hoster). The personal data collected on this website is stored on the hoster’s servers. The data includes IP addresses, contact requests, meta and communication data, contact details, names, website accesses and other data generated via a website.

The hoster is used to fulfil contracts with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and for our overriding legitimate interest in ensuring trouble-free operation of our website and improving our offering (Art. 6 para. 1 lit. f GDPR).

Our hoster will only process your data to the extent necessary to fulfil its service obligations and will follow our instructions regarding this data. We use the following hoster:

domainfactory GmbH
Oskar-Messter-Str. 33
85737 Ismaning
Germany

We have concluded an data processing agreement with our hoster.

4.4.3 Initiating contact of the customer/ supplier by email

If you initiate business contact with us by email, we collect your personal data (name, email address, message text) only to the extent provided by you. The data processing serves the purpose of processing and answering your contact request. Suppose the contact helps the implementation of pre-contractual measures (e.g. consultation in case of interest in the purchase, preparation of an offer) or concerns a contract already concluded between you and us. In that case, this data processing is carried out based on Art. 6 para. 1 lit. b) GDPR. Suppose the contact is made for other reasons. In that case, this data processing is carried out based on Art. 6 (1) f) GDPR from our overriding legitimate interest in processing and responding to your request. In this case, you have the right to object to this processing based on Art. 6 (1) f) GDPR at any time for reasons arising from your particular situation. We will only use your email address to process your request. Your data will then be deleted in compliance with statutory retention periods unless you have consented to further processing and use.

4.5 Duration of storage and retention

Unless a more specific storage period has been specified within this data protection declaration, your data will remain with us until the purpose for processing the data no longer applies. If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted unless we have other legally permissible reasons for storing your data. E.g. retention periods under tax or commercial law; in the latter case, the data will be deleted after these reasons cease to apply.

4.6 Encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognise an encrypted connection because the address line of the browser changes from “HTTP://” to “HTTPS://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, third parties cannot read the data you transmit to us.


5. Cookies

5.1 Use of cookies

Our website uses so-called “cookies”. Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are deleted automatically at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or if your web browser automatically deletes them.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or videos display). Other cookies are used to evaluate user behaviour or display advertising.

Cookies that are necessary to carry out the electronic communication process (essential cookies) or to provide certain functions that you have requested (functional cookies, e.g. for the shopping cart function) or to optimise the website (e.g. cookies to measure the web audience) are stored based on Art. 6 para. 1 lit. f) GDPR unless another legal basis is specified. The website operator has a legitimate interest in keeping cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6 para. 1 lit. a) GDPR); approval can be revoked at any time.

You can set your browser to be informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

Insofar as cookies are used by third-party companies or for analysis purposes, we will inform you separately about this within the framework of this data protection declaration and, if necessary, request your consent.

5.2 Cookie consent with Usercentrics

This website uses the cookie consent technology of Usercentrics to obtain your consent to store certain cookies on your terminal device or to use certain technologies and to document this following the data protection law.

The technology provider is Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, website: https://usercentrics.com/de/ (hereafter “Usercentrics”).

When you enter our website, the following personal data is transferred to Usercentrics:

  • Your consent(s) or revocation of your consent(s)
  • Your IP address
  • Information about your browser
  • Information about your terminal device
  • Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser to assign the consent(s) given or their revocation to you. The data collected in this way is kept until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Usercentrics is used to obtain the legally required consent for the use of specific technologies. The legal basis for this is Art. 6 para. 1 lit. c) GDPR.

You can access Usercentrics by clicking on the fingerprint in the lower-left corner of the screen. Here you can see the overview of the tracking technologies used under Services. By clicking on the slider by the cookies, you can consent or decline the processing. You also have the option to view more information about the respective tool by clicking on the downward arrow next to the passage.

5.3 Turning off all cookies

If you would like to disable all cookies, please go to your browser settings and disable the setting of cookies.

Using the fingerprint embedded at the bottom left of the screen, you can object to the processing by the tools embedded on the website. You must click on the sliders or click on the “Refuse” button to do this.


6. Analysis tools

Plug-ins are small additional programs that extend the functions of advertising applications and desktop programs. If you install a plug-in, the respective software receives a new or different function. The tools and plug-ins we are using increase the website’s user-friendliness and ensure that the desired information reaches you.

6.1 Contractual basis with Google

Google services are used on our website. For the European area, the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland with the parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA is responsible for all subsequent Google services. Personal data is therefore also transferred to the USA.

Google is certified in accordance with the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active). Since July 10, 2023, the EU-US Data Privacy Framework (DPF) has been in place, for which an adequacy decision of the EU Commission pursuant to Art. 45 GDPR exists (https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The EU-US Data Privacy Framework (DPF) is an agreement between the European Union and the United States, which is intended to ensure compliance with European data protection standards when processing data in the USA.

If a company from the United States is not, or not yet, certified under the DPF, there is also not (yet) an adequacy decision by the EU Commission. A possible data transfer to the USA is then based on the standard data protection clauses of the EU Commission (Art. 46 (2) and (3) GDPR). You can find more information on this under the following link. Google’s privacy policy can be viewed at: https://policies.google.com/privacy/frameworks

6.1.1 Google Maps

We integrate the maps of the service “Google Maps” from Google. Google Maps allows us to show you locations and thus adapt our services to your needs. For Google Maps to fully provide its service, the company must record and store data from you. The data includes, among other things, the search terms entered, your IP address and also the latitude or longitude coordinates.

However, the processed data, particularly the IP address, is not collected without your consent, according to Art. 6 para. 1 lit a) GDPR (usually executed in the context of the settings of their mobile devices). You can also manually delete the Google account from the history at any time.

Please see the website for Google’s privacy policy and your opt-out option: https://cloud.google.com/maps-platform; Privacy policy: https://policies.google.com/privacy; Opt-out option: Opt-out plug-in: https://tools.google.com/dlpage/gaoptout?hl=en-GB, Settings for the display of advertising: https://adssettings.google.com/

Further information on data transfer to the USA within the context of the adequacy decision on the EU-US Data Privacy Framework (DPF) can be found under 6.1.

6.1.2 Google reCAPTCHA

We use the reCAPTCHA service of Google LLC (hereafter “reCAPTCHA”) on our website. If you have your habitual residence in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is your data controller. Google Ireland Limited is, therefore, the company affiliated with Google that is responsible for processing your data and complying with applicable data protection laws.

The purpose of reCAPTCHA is to verify whether the data input on our website (e.g. in contact forms) is made by a human or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website. For the study, reCAPTCHA evaluates different information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google and may also be transmitted to the USA.

The reCAPTCHA analyses run entirely in the background. Website visitors are not notified that an analysis is taking place.

The storage and analysis of the data are based on Art. 6 para. 1 lit. f) GDPR. The website operator has a legitimate interest in protecting its web offers from abusive automated spying and spam. If a corresponding consent is requested, the processing is based exclusively on Art. 6 para. 1 lit. a) GDPR; the consent can be revoked at any time.

Further information on data transfer to the USA within the context of the adequacy decision on the EU-US Data Privacy Framework (DPF) can be found under 6.1.

6.1.3 Google Ajax

This website uses Google Ajax. Google Ajax is a content delivery network from Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). The technology used is the Javascript library jQuery.

The purpose is to improve the loading speed of our website to provide you with a better user experience. There is a chance that you have already used jQuery on another page from Google CDN. In that case, your browser can fall back to the cached copy, and it doesn’t need to be downloaded again. If your browser does not have a cached copy or is downloading the file from the Google CDN for some other reason, data from your browser will again be transferred to Google Inc. (“Google”). The legal basis for this is our legitimate interest, according to Art. 6 para.1 lit. f) GDPR. Our legitimate interests lie in the purposes mentioned above.

Insofar as data is processed outside the European Economic Area / the EU, where there is no level of data protection corresponding to the European standard, Google uses standard contractual clauses according to its information. You can find more information on the handling of your data in google’s privacy policy: https://policies.google.com/privacy

Further information on data transfer to the USA within the context of the adequacy decision on the EU-US Data Privacy Framework (DPF) can be found under 6.1.

6.1.4 Gstatic

On our website, a web service of Google (Google Ireland Limited, Gordon House, Barrow Street, 4 Dublin, Ireland) (hereafter: Gstatic) is reloaded. This may result in the transfer of personal data to Gstatic. The purpose of data processing is to reduce bandwidth usage and increase network performance. The legal basis for the processing of the data is Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in the error-free presentation of our website and the increase in network performance to provide visitors to our site with a better user experience. Your data will be deleted after the purpose has ceased to apply.

For further information on the handling of your data, please refer to Gstatic’s privacy policy: https://policies.google.com/privacy

Further information on data transfer to the USA within the context of the adequacy decision on the EU-US Data Privacy Framework (DPF) can be found under 6.1.

6.2 SalesViewer

When you access our virtual showroom, data is collected and stored for marketing, market research, and optimisation using SalesViewer technology, SalesViewer GmbH (Huestraße 30, 44787 Bochum, Germany). From this data, usage profiles can be created under a pseudonym. For this purpose, so-called tracking scripts are used to collect company-related data.

The data collected with these technologies will not personally identify the visitor to this website without the separately granted consent of the person concerned. They will not be merged with personal data about the bearer of the pseudonym.

The data collection and storage can be objected to at any time with effect for the future by visiting the link: https://www.salesviewer.com/opt-out to prevent the collection by SalesViewer within this website in the future. In doing so, an opt-out cookie for this website will be placed on your device. If you delete your cookies in this browser, you must click this link again.

Salesviewer GmbH is headquartered in Bochum, Germany, and assures 100% GDPR compliance. You can view this assurance at https://www.salesviewer.com/en/privacy-policy

On this website, SalesViewer GmbH’s SalesViewer technology is used to collect and store data for marketing, market research and optimisation purposes based on the legitimate interests of the respective website and showroom operator (Art. 6 para.1 lit f) GDPR).

For this purpose, a javascript-based code is used to collect company-related data and the corresponding usage. The data collected using this technology is encrypted using a non-reversible one-way function (known as hashing). The data is immediately pseudonymised and not used to identify the visitor of this website personally.

Furthermore, to protect your personal data, we have concluded an data processing agreement with SalesViewer GmbH in accordance with Art. 28 GDPR.

6.3 Userlike Live Chat

For our customer communication, we use the live chat plug-in Userlike. Userlike is software created by Userlike UG (haftungsbeschränkt), Deisterweg 7, 51109 Cologne, Germany. Userlike uses “cookies”, text files that are stored on your computer and enable a personal conversation in the form of a real-time chat. The live chat plug-in sets the Userlike cookie to help the live chat, keep the chat open while browsing and assign it to the same operator. The information about your usage and related data of the live chat is collected, stored and processed on servers of Userlike in Germany. For more information, please refer to the privacy policy of Userlike UG (haftungsbeschränkt): https://www.userlike.com/de/terms#privacy-policy

The data processing is based on Art. 6 para. 1 p. 1 lit. f) GDPR and is in the interest of simplifying and improving communication with you.

Furthermore, to protect your personal data, we have concluded an data processing agreement with Userlike UG in accordance with Art. 28 GDPR.

6.4 Cloudflare

This website uses services provided by Cloudflare Inc. Cloudflare Inc. (based at 101 Townsend St., San Francisco, CA 94107, United States of America) is a US service provider that offers a content distribution network, web security services and DNS services. Cloudflare ensures better accessibility and increased speed when building websites.

As it is a US service provider, personal data is therefore also transferred to the USA. Cloudflare is certified following the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov/list). The EU-US Data Privacy Framework (DPF) has been in place since July 10, 2023, for which the EU Commission has issued an adequacy decision following Art. 45 GDPR (https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The EU-US Data Privacy Framework (DPF) is an agreement between the European Union and the United States that intends to ensure compliance with European data protection standards when processing data in the USA.

If a company from the United States is not, or is not yet, certified under the DPF, there is also not (yet) an adequacy decision by the EU Commission. A possible data transfer to the USA is then carried out based on the standard data protection clauses of the EU Commission (Art. 46 (2) and (3) GDPR): https://www.cloudflare.com/cloudflare_customer_SCCs-German.pdf

The legal basis for data processing is Art. 6 para. 1 lit. f) GDPR. We have a legitimate interest in the error-free presentation of our website and the increase in network performance to provide visitors with a better user experience. Your data will be deleted once the purpose no longer applies.

Further information on data processing by Cloudflare can be found at: https://www.cloudflare.com/de-de/privacypolicy/


7. Use of social media links

We maintain online presences within social networks and process user data in this context to communicate with users actively or offer information about us.

We want to point out that user data may be processed outside the European Union. The processing may result in risks for the users because, for example, it could make it more difficult to enforce the users’ rights.

Furthermore, user data is usually processed within social networks for market research and advertising purposes. For example, usage profiles can be created based on the users’ usage behaviour and resulting interests. The usage profiles can be used, for example, to place advertisements within and outside the networks that presumably correspond to the users’ interests. For these purposes, cookies are usually stored on the users’ computers, in which the user behaviour and interests of the users are stored. Furthermore, data may also be stored in the usage profiles irrespective of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them). Detailed information on these analysis programs is explained below.

In the footer of our website, you will find the icons to the services Facebook, Instagram and YouTube, LinkedIn and XING. These are just hyperlinks. If you click on one of these graphics, you will be forwarded to the respective service. Your user information will only then be forwarded.

Legal basis: The processing is carried out following Art. 6 para. 1 lit. f) GDPR based on our legitimate interest in the functionality of our website.

After you click on the link, a connection to the respective social media platform is established. If you are logged into a social media account at this time, a connection to your account is possible. If you do not want such a connection, please log out of the respective account. However, we would like to point out that we cannot rule out the possibility that personal data may nevertheless be collected by the operators of the social media platforms.

Please refer to the data protection information of the respective service provider to find out which specific data is collected and how it is used:

Facebook: http://www.facebook.com/policy.php

Instagram: https://help.instagram.com/155833707900388

LinkedIn: https://www.linkedin.com/legal/privacy-policy

XING: https://www.XING.com/privacy

YouTube: https://policies.google.com/privacy

Stored cookies remain on your terminal device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.

We do not influence your data storage period, which the operators of the social networks store for their purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see above).

For all social media channels mentioned below, the provision of your data is voluntary. Without providing your data, we cannot grant you access to our offered content and services.

You can revoke your consent to store your data via the respective social media accounts at any time with effect for the future. You can notify us of your revocation at any time using the contact option provided at the beginning of this privacy notice.

7.1 Insights through social media channels

As a responsible company, we do not use automatic decision-making or profiling for this data processing. However, we have insights into various categories of the respective social media channels for a selectable time.

We, therefore, have no way of identifying you personally or assigning you to your account. We process the anonymised and aggregated data based on our legitimate interest, according to Art. 6 para. 1 lit. f). Our legitimate interest is to evaluate the anonymised data and to be able to improve our offer.

The generated visitor statistics are transmitted to us exclusively in anonymised form. We use this data, which is available in aggregated form, to make our posts and activities on our social media channels more attractive. However, we do not have access to the underlying data in each case. It applies to this data that it does not fall within the scope of the GDPR due to its anonymisation.

7.1.1 Facebook Insights

With Insights, Facebook offers an analytics tool that we use to collect anonymised data to align our Facebook posts and activities more closely with the interests of our target group.

For a selectable time as well as for each of the following categories, we have insight into the following information:

  • Reach of the Facebook page
  • “Like” count for Facebook page
  • Most successful posts (reach)
  • “Like” count, number of comments, number of shared content, number of link clicks, reactions to content
  • Age and gender of the target group
  • Top cities of the target group
  • Leading countries of the target group

7.1.2 Instagram Insights

Insights are Instagram’s free analytics tool, which we use to view statistics about our profile with our business account.

For a selectable time and each of the following categories, we have insight into the following statistics:

  • Reach of the Instagram page
  • Total number of subscribers
  • New subscribers
  • Terminated subscriptions
  • Number of accounts reached
  • Number of accounts that interacted
  • Age and gender of the target audience
  • Top cities of the target group
  • Leading countries of the target group
  • Most active times of the target group (hours and days)
  • Number of impressions
  • Number of profile views
  • Number of “tapped on the email button
  • Number “tapped on the call button”
  • Engagement rate, impressions, clicks, reactions, comments and tags

7.1.3 LinkedIn Analytics

We use LinkedIn Analytics through our LinkedIn profile. LinkedIn Analytics allow us to evaluate various metrics and measure our success.

Through the analytics platform, we have insights into our visitors, followers, and performance data.

Here, there are three general categories of data on LinkedIn:

  • Visitors (data on people who visit our site).
  • Updates (engagement metrics for content published on LinkedIn).
  • Followers (numerical and demographic information about people who subscribe to a page)

In LinkedIn Analytics, we can view the following categories in the anonymised form:

  • Number of page views
  • Number of unique visitors
  • Number of clicks on the customised button (if used)
  • Number of hits via desktops and mobile devices
  • Top activity areas of visitors
  • Total number of followers
  • Increase in followers
  • Number of posts
  • Engagement rate, impressions, clicks, reactions, comments, and tags
  • Number of times we appear with our profile in other search results

7.1.4 XING analysis tool

Currently, we use the standard employer profile and thus only have insight into part of the reach of our company profile. We can view the following information for self-determined time periods:

  • Number of new visitors from logged in members
  • Total number of page visits in the selectable time
  • Number of new followers added
  • Total number of followers
  • New employer of choice markers
  • Total number of employer of choice markers

As soon as our XING profile is switched to an Employer Branding profile to be paid for, all content of the analysis tool will be unlocked. We currently do not use the employer branding profile.

7.1.5 YouTube Analytics

We use YouTube Analytics to keep track of the performance of our channel and our videos based on current metrics and reports.

Here, the following metrics are recorded and viewed by us:

  • Views by video
    • Total views
    • Playback time in hours
    • Average playback time
    • Number of impressions
    • Click-through rate of impressions in per cent
  • Calls by access source
    • Channel pages
    • Youtube search
    • External
    • Breakdown
    • Video suggestions
    • Playlist page
  • Views by region
  • Age and gender of viewers
  • Views by date
  • Subscription status
  • Subscription source
  • Type of device through which the video was accessed
  • Playback location
    • YouTube playback pages
    • Embedded in external websites and apps
    • YouTube channel pages
  • The operating system through which the video was accessed
  • Use of translations and which
  • Subtitles and which ones were used
  • Shared content by service with which it was shared

Again, this data is only presented to us in an anonymised manner.

7.2 Online presence on social media

7.2.1 Online presence on Facebook (Meta)

Our website links to services of the social network facebook.com, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square Dublin 2, Ireland, with the parent company: Meta Platforms, Inc, 1601 Willow Road, 94025 Menlo Park, USA. No data is transferred to Facebook when you visit our website, as no Facebook plug-ins are integrated.

However, clicking on a Facebook link or Facebook button will take you to Facebook, where data will be collected by Facebook. The data collected about you is processed by Meta Platforms, Inc., the US parent company of Meta Platforms Ireland Limited, and may be transferred to countries outside the European Union.

Facebook, or Meta, is certified in accordance with the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active). The EU-US Data Privacy Framework (DPF) has been in place since July 10, 2023, for which the EU Commission has issued an adequacy decision in accordance with Art. 45 GDPR (https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The EU-US Data Privacy Framework (DPF) is an agreement between the European Union and the United States, which is intended to ensure compliance with European data protection standards when processing data in the USA.

If a company from the United States is not or not yet certified under the DPF, there is (as yet) no adequacy decision by the EU Commission. A possible data transfer to the USA is then based on the standard data protection clauses of the EU Commission (Art. 46 (2) and (3) GDPR). You can find more information here: https://de-de.facebook.com/help/566994660333381

For the purpose and scope of the data collection and the further processing and use of the data by Facebook, your rights in this regard and setting options for protecting your privacy, please refer to the privacy notices of Facebook and our privacy policy for the Facebook fan page.

Suppose you are a Facebook member and do not want Facebook to collect data about you and link it to your membership data stored on Facebook. In that case, you must log out of Facebook before clicking on a Facebook link or a Facebook button. However, your data may also be collected under certain circumstances if you are not logged in or have no Facebook account.

Jointly responsible for our Facebook page within the meaning of the EU GDPR and other data protection regulations are Meta Platforms Ireland Limited, 4 Grand Canal Square Dublin 2, Ireland and Kählig Antriebstechnik GmbH.

The purpose of the Facebook fan page, under processing the user’s personal data, is to draw the user’s attention to our services/products on time and get in touch. This is our legitimate interest. The legal basis is Art. 6 para. 1 lit. f) GDPR.

You can use our Facebook page without revealing your Facebook identifier. When you access the interactive functions of the page (like, comment, share, news, etc.), a Facebook login screen appears. After any login, you will again be recognisable to Facebook as a specific user. Information on managing or deleting information about you can be found on the following Facebook support pages: https://www.facebook.com/help

When you visit our Facebook page, Facebook collects, among other things, the user’s IP address and additional information that is present in the form of cookies on the user’s PC. This information is used to provide statistical information about the use of the Facebook page.

Facebook processes personal data for advertising, creating user-profiles and market research. In what way Facebook uses data from visits to Facebook pages for its purposes, to what extent activities on the Facebook page are assigned to individual users and whether data from a visit to the Facebook page is passed on to third parties is not conclusively and clearly stated by Facebook and is not known to us.

When you access a Facebook page, the IP address assigned to your end devices is transmitted to Facebook. According to Facebook, this IP address is anonymised (for “German” IP addresses) and deleted after 90 days. Facebook also stores information about the end devices of its users (e.g. as part of the “login notification” function); if necessary, this enables Facebook to assign IP addresses to individual users. If you are currently logged in to Facebook as a user, there are cookies on your end device, i.e. small text files stored on the user’s end devices. If the user is logged in on their Facebook profile, cross-device data is stored and analysed.

The data enables Facebook to track that you visited this page and how you used it. As stated above, this also applies to all other Facebook pages. Via Facebook buttons embedded in websites, Facebook can record your visits and assign them to your Facebook profile. Based on this data, content or advertising can be tailored to you and offered.

If you want to avoid this, you should log out of Facebook or deactivate the “stay logged in” function, delete the cookies on your device and exit and restart your browser. In this way, Facebook information through which you can be directly identified will be deleted.

Facebook describes in general terms which information they receive and how it is used in their data policy: https://www.facebook.com/policy.php?ref=pf. You have a right to object; to exercise this right, please get in touch with Facebook.

If you no longer wish to have the data processing described here in the future, please cancel the connection of your user profile to our site by using the functions “I no longer like this page” and or “Do not subscribe to this page”.

The data collected about you will be processed by Facebook Ltd, the US parent company of Facebook Ireland Ltd, and may be transferred to countries outside the European Union.

7.2.2 Online presence on Instagram (Meta)

As the operator of the Instagram page, Kählig Antriebstechnik is jointly responsible with the social network Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square Dublin 2) within the meaning of Art. 4 No. 7 GDPR. Instagram uses the same systems and technologies like Facebook. When you call up web pages of our website that have an integrated Instagram function, data is transmitted to Instagram, stored and processed. Since we have not integrated an Instagram plug-in, but only a link to Instagram on the website, data transmission to Instagram only occurs when you actively click on the link or icon. Thus your data is processed across all Meta companies. The terms of use of Instagram are authoritative. We would like to point out that you use this Instagram page and its functions on your responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing).

Instagram, or Meta, is certified in accordance with the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active). The EU-US Data Privacy Framework (DPF) has been in place since July 10, 2023, for which the EU Commission has issued an adequacy decision in accordance with Art. 45 GDPR (https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The EU-US Data Privacy Framework (DPF) is an agreement between the European Union and the United States, which is intended to ensure compliance with European data protection standards when processing data in the USA.

If a company from the United States is not or not yet certified under the DPF, there is (as yet) no adequacy decision by the EU Commission. A possible data transfer to the USA is then based on the standard data protection clauses of the EU Commission (Art. 46 (2) and (3) GDPR). You can find more information here: https://de-de.facebook.com/help/566994660333381

The legal basis for the lawfulness of data processing on the Instagram page is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest is to promptly make the user aware of our services/products and get in touch.

Instagram users can influence the extent to which their user behaviour may be recorded when visiting our Instagram page under the settings for advertising preferences. Further options are provided by the Facebook and Instagram settings under account privacy or the right to object form. The processing of information by means of the cookie used by Facebook can also be prevented by not allowing cookies from third-party providers or those from Instagram in your browser settings.

If you want to delete your data on Instagram completely, you must permanently delete your Instagram account. Information on how Facebook handles personal data on Instagram can be found in their privacy policy at Instagram Privacy Policy: https://www.facebook.com/privacy/policy/?entry_point=facebook_help_center_ig_data_policy_redirect

7.2.3 Online presence on LinkedIn

We have a LinkedIn profile. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. If you are logged into your LinkedIn account and visit our social media presence, LinkedIn can assign this visit to your user account. However, your data may also be collected under certain circumstances if you are not logged in or have no account on LinkedIn. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address. With the help of the data collected, LinkedIn can create user profiles in which your preferences and interests are stored. In this way, LinkedIn can show you interest-based advertising inside and outside of LinkedIn. If you have an account on LinkedIn, the interest-based advertising may be displayed on all devices you are logged in or have been logged in. Please also note that we cannot track all processing operations on LinkedIn. Therefore, additional processing operations may be carried out by LinkedIn. For details, please refer to LinkedIn’s terms of use and privacy policy.

Legal basis: The processing is carried out following Art. 6 (1) lit. f) GDPR based on our legitimate interest in contact opportunities with our customers. The analysis processes initiated by LinkedIn may be based on deviating legal bases to be specified by LinkedIn (e.g. consent within the meaning of Art. 6 (1) lit. a) GDPR). You can find out which specific data is collected and how it is used in Linkedin’s data protection mentioned above.

LinkedIn is certified in accordance with the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt0000000L0UZAA0&status=Active). The EU-US Data Privacy Framework (DPF) has been in place since July 10, 2023, for which the EU Commission has issued an adequacy decision in accordance with Art. 45 GDPR (https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The EU-US Data Privacy Framework (DPF) is an agreement between the European Union and the United States, which is intended to ensure compliance with European data protection standards when processing data in the USA.

If a company from the United States is not or not yet certified under the DPF, there is (as yet) no adequacy decision by the EU Commission. A possible data transfer to the USA is then based on the standard data protection clauses of the EU Commission (Art. 46 (2) and (3) GDPR). You can find more information here: https://www.linkedin.com/legal/l/dpa?

After the end of the purpose, the use of LinkedIn by us and the data collected in this context will be deleted.

7.2.4 Online presence on XING

If you are logged into your XING account and visit our social media presence, XING can assign this visit to your user account. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. However, your data may also be collected under certain circumstances if you are not logged in or have no XING account. In this case, this data collection takes place, for example, via cookies that are stored on your terminal device or by recording your IP address. With the help of the data collected, XING can create user profiles in which your preferences and interests are stored. In this way, XING can show you interest-based advertising inside and outside of XING. If you have an account on XING, the interest-based advertising can be displayed on all devices you are logged in or have been logged in. Please also note that we cannot track all processing on XING. Therefore, additional processing operations may be carried out by XING. For details, please refer to XING’s terms of use and privacy policy.

Legal basis: The processing is carried out following Art. 6 para. 1 lit. f) GDPR, based on our legitimate interest of contact possibilities to our customers. The analysis processes initiated by XING may be based on different legal bases to be specified by XING (e.g. consent within the meaning of Art. 6 para. 1 lit. a) GDPR).

Please refer to the data protection information mentioned above of XING to find out which specific data is collected and how it is used: Recipients of the data are employees of the IT department of your own company and XING.

After the end of the purpose and the use of XING by us, the data collected in this context will be deleted.

You can find additional information in XING’s privacy policy: https://privacy.xing.com/de/datenschutzerklaerung

7.2.5 Online presence on YouTube

We use the video platform YouTube, which is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“YouTube”). YouTube is a platform that enables the playback of audio and video files.

All data stored when using YouTube converge in the Google account.

Google is certified under the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active). The EU-US Data Privacy Framework (DPF) has been in place since July 10, 2023, for which an adequacy decision of the EU Commission pursuant to Art. 45 GDPR exists (https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The EU-US Data Privacy Framework (DPF) is an agreement between the European Union and the United States, which is intended to ensure compliance with European data protection standards when processing data in the USA.

If a company from the United States is not or not yet certified under the DPF, there is (as yet) no adequacy decision by the EU Commission. A possible data transfer to the USA is then based on the standard data protection clauses of the EU Commission (Art. 46 (2) and (3) GDPR).

YouTube does not have a privacy policy. The privacy policy for the use of YouTube is Google’s privacy policy, as is the case for all Google services. See the policy: https://www.youtube.com/intl/ALL_de/howyoutubeworks/user-settings/privacy/. According to this policy, the information stored includes the personal data that each user enters during registration or even later in his account. We only see usernames and the names of YouTube channels.

In addition, however, large amounts of information are obtained by analysing the use of Google services. The data includes data on location, IP addresses and devices used.

If you watch a video on our YouTube channel, data is also transmitted to YouTube as the responsible party. According to its privacy policy, Google, and thus YouTube, uses the collected data primarily to provide and improve its services. “Improvement” in this context mainly means personalisation.

If you are logged in to Google, your data will be directly assigned to your account. If you do not want the association with your profile on YouTube, you must log out of your Google account before clicking on our YouTube icon on our website or before clicking on our YouTube videos. However, your data may also be collected under certain circumstances if you are not logged in or have no YouTube or Google account. YouTube stores your data as usage profiles and uses them for advertising, market research and or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and inform other social network users about your activities on our website. You have a right to object to creating these user profiles, whereby you must contact YouTube to exercise this.

Settings for data protection on YouTube must therefore be made in the Google account. With the “My data on YouTube” function, you can better understand and control what data is stored and how YouTube and Google use it. Using the feature, you can quickly access YouTube’s privacy settings and learn more about how YouTube processes data like your search and playback history. The activities in your history are private and are used to help you get the most out of the platform. For example, you will be shown which videos you have already watched, and thus you will get appropriate recommendations and search results. You can delete specific videos from your playback history and search queries from your search history, as well as pause or completely delete the playback and search history. Videos you have deleted from your history will no longer affect video recommendations, and deleted searches will no longer appear as suggestions in the search bar.

We are not responsible for the processing of this data by YouTube.

The legal basis for the processing is Art. 6 (1) (f) GDPR, our overriding legitimate interest. We use our YouTube channel because of the more attractive presentation of our products and our company. In addition, this contributes positively to our mission statement.

7.2.6 Online presence on kununu

We have an online presence on the review platform “kununu”. kununu is a service of NEW WORK AUSTRIA XING kununu onlyfy GmbH, Schottenring 2-6, 1010 Vienna, Austria and is operated by New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. kununu and Kählig Antriebstechnik are jointly responsible for protecting your personal data following Art. 26 GDPR.

Employees can rate the employment relationships of their companies anonymously and reliably on the kununu platform. In addition to the evaluation function by employees, we also use kununu’s online presence to provide information about our company, career opportunities and our range of products and services.

As we have not integrated a kununu plug-in but only a link to kununu on our website, data is transmitted only to kununu when you actively click the link/icon.

We cannot track in detail which personal data is collected and processed by kununu. Data may also be collected from users who are not logged in or registered with kununu. To avoid processing completely, you should avoid visiting the kununu website and using other kununu applications. Further information on data processing by kununu and deletion periods can be found here: https://www.XING.com/privacy

We only receive anonymised data from kununu regarding visitor statistics and the number of visits to our company website. We cannot use these statistics to draw any conclusions about individual users. We do not receive any account data from registered users.

The legal basis for the processing is Art. 6 para. 1 lit. f) GDPR, which is our main legitimate interest. Our legitimate interest is, among other things, to communicate with you via our kununu page and to inform you about our company, career opportunities, and our range of products and services.


8. Your rights as a data subject and right of appeal

Please use the information in section “8.2 Contact” to assert your rights. Please ensure that we are able to clearly identify you. Under 8.1 of this privacy policy, you will find more detailed information on the data subject rights (Art. 12 et seq. GDPR).

8.1.1 Right to information

You have the right to receive information free of charge at any time about the origin, recipients and purpose of your processed and stored personal data.

8.1.2 Restriction of processing and right of correction and deletion

You also have a right to request the correction or deletion of this data. In addition, you have the right to request the restriction of the processing of your data under certain circumstances. Insofar as the legal requirements are met, you may request that your data be completed or deleted. This does not apply to data required for billing and accounting purposes or is subject to the legal obligation to retain data. However, if access to such data is not needed, its processing will be restricted.

8.1.3 Data portability

Insofar as the legal requirements are met, you may request that data you have provided to us be transferred in a structured, common and machine-readable format or – insofar as technically possible – that the data can be transferred to a third party.

8.1.4 Revocation of consent

If you have given your consent to data processing, you may revoke this consent at any time in the future.

8.1.5 Objection to data processing on the legal basis of “legitimate interest”

You have the right to object to data processing by us at any time, insofar as this is based on the legal basis of “legitimate interest”. We will stop processing your data unless legal requirements conflict with this, or we can prove compelling reasons worthy of protection for further processing, which would outweigh your rights.

8.1.6 Objection to direct advertising

Suppose your data is processed for the purpose of direct marketing. In that case, you have the right to object at any time to the processing of personal data concerning you for such marketing. If you object, your data will subsequently no longer be used for direct advertising (objection according to Article 21 (2) GDPR).

8.1.7 Right of complaint to the supervisory authority

Furthermore, you have the right to complain about the competent supervisory authority. For this purpose, you can contact the data protection supervisory authority responsible for your place of residence or federal state or the data protection supervisory authority responsible for us in the form of Lower Saxony. The home address is: P.O. Box 221 in 30002 Hannover or by email: poststelle@lfd.niedersachsen.de

8.2 Contact

You can contact us at any time concerning this and other questions on the subject of data protection. You can reach us under “Person responsible”. To report data protection incidents, please send an email to the following address: datenschutz@kag-hannover.de

For suggestions and complaints regarding the processing of your data, we recommend that you contact our data protection officer. Please refer to “Data protection officer”.


9. Handling of applicant data

We offer you the opportunity to apply for a job with us (e.g. by email, by post or via an online application form). In the following, we inform you about the scope, purpose and use of your data collected during the application process. We assure you that your data will be processed following applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.

9.1 Extent and purpose of data collection

If you send us an application, we will process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) to the extent that this is necessary to decide on establishing an employment relationship. The legal basis for this is Art. 88 GDPR in conjunction with. § 26 BDSG and, if applicable, Art. 6 (1) lit. b) GDPR for the initiation or implementation of contractual relationships. The processing may also take place electronically. Furthermore, we may process personal data from you if necessary to fulfil legal obligations (Art. 6 para. 1 lit. c) GDPR) or for the defence of asserted legal claims against us. The legal basis for this is Art. 6 para.1 lit. f) GDPR. The legitimate interest is, for example, a duty to provide evidence in proceedings under the Allgemeines Gleichbehandlungsgesetz (AGG). If you give us express consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent according to Art. 6 para.1 lit. a) GDPR. Consent given can be revoked at any time, with effect for the future.

If you have consented to more extended storage of your data, we will store it following your declaration of consent. If the application is successful, the data submitted by you will be kept in our data processing systems based on Section 26 of the German Federal Data Protection Act (BDSG) and Article 6 (1) b) of the German Data Protection Regulation (GDPR) to implement the employment relationship or, insofar as this is necessary for the implementation or termination of the employment relationship or for exercising or fulfilling the rights and obligations of the employee representative body resulting from a law or a collective agreement, a works agreement or a service agreement (collective agreement).

We do not store the applications temporarily but send them directly to the HR department via TLS 1.3 encryption, and they are stored on the company’s email server. The mail dispatch takes place via Microsoft Outlook via Microsoft Exchange.

9.2 Retention period for applicant data

If we are unable to make you a job offer, if you reject a job offer or if you withdraw your application, we reserve the right to retain the data you have provided based on our legitimate interests (Art. 6 (1) f) GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is apparent that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will not be deleted until the purpose for persistent storage no longer applies.

More extended storage may also take place if you have given your consent (Art. 6 (1) a) GDPR) or if legal storage obligations prevent deletion.

9.3 Inclusion in the applicant pool

If we do not make you a job offer, it may be possible to include you in our applicant pool. If you are accepted, all documents and information from your application will be transferred to the applicant pool so that we can contact you in the event of suitable vacancies.

Inclusion in the applicant pool is exclusively based on your express consent (Art. 6 para. 1 lit. a) GDPR). The provision of consent is voluntary and is not related to the current application process. The data subject may revoke their consent at any time. In this case, the data from the applicant pool will be irrevocably deleted unless there are legal reasons for retention.

The data from the applicant pool will be irrevocably deleted no later than one year after consent has been given.


10. Modification of the data protection notice

We reserve the right to change our security and data protection measures. In these cases, we will also adjust our data protection notice accordingly. Therefore, please refer to the current version of our data protection notice.

Status of the privacy policy: 1/15/2024


Closing word

The subject of data protection is of great importance to Kählig Antriebstechnik GmbH. If you have any questions or comments on the topic of data protection or the handling of your data, please feel free to contact us.

Email: datenschutz@kag-hannover.de

Telephone: +49 (0) 511 674 93 – 20

With the following information, we would like to give you an overview of the processing of your data as an employee by us and your rights under the General Data Protection Regulation (Regulation (EU) 2016/679 – “GDPR”) and the Federal Data Protection Act new (“BDSG new”).

This Privacy Policy applies to the personal data of persons with whom we enter into contractual or business relationships, as well as of officers, directors, key account managers or other employees of our contractual or business partners, which we process in the course of existing or prospective contractual and business relationships. This includes but is not limited to, existing or potential suppliers, service providers, customers or consultants, as well as existing or potential collaborators or other partner companies.


1. Responsible person and data protection officer

For the data processing described in this data protection declaration, the responsible party in the sense of the GDPR is

Kählig Antriebstechnik GmbH

Pappelweg 4
30179 Hannover
Phone: + 49 (0) 511 67493 – 0
Email: info@kag-hannover.de
Website: https://www.kag-hannover.com/en/

You can reach our data protection officer via:
datenschutz@kag-hannover.de


2. Origin of data

We primarily process personal data that the data subjects themselves provide to us in the course of contractual and business relationships or that we receive from the respective contractual and business partners (e.g. from your colleagues with whom we are already in contact) in the course of processing an inquiry or an order. In most cases, this is done by contacting us via email, by telephone or via our contact form on our website. For more detailed data protection information about data processing on our website, please feel free to visit our privacy policy at the following link: https://www.kag-hannover.com/en/data-protection/

In addition, we process personal data that we collect from publicly available sources (such as commercial register, press, internet) or receive from third parties (e.g. credit agencies, business partners). We will refer separately to any collection of personal data from third-party sources.


3. Types of personal data

We only process personal data related to the establishment of the contract or the pre-contractual measures.

Relevant personal data are, in particular, data about you or the person of the company you represent (surname and first name) and other contact data (such as telephone number and email address). Additional data relating to your person (e.g. business interests, profession, industry, position, duties and powers) and other data comparable with the categories mentioned above may be stored if they can be found, for example, on your business card or your signature.

Other data without personal reference concerning the company are, e.g. address, bank details, invoice address and tax number/USt-Id. In addition, this may include contract or order data (e.g. sales data, volumes, planned quantities), data from the fulfilment of our contractual obligations, and information about your company’s financial situation (e.g. creditworthiness data).

The scope of the data processed about a person varies depending on their function towards us, such as the position they hold with the respective business partner.


4. Processing purposes and legal principles

We process personal data for the following purposes based on the following legal grounds:

4.1 In individual cases, we process data because you have expressly consented to this (Art. 6 para. 1 lit. a) GDPR), for example, in the receipt of advertising by electronic email and/ or phone;

4.2 Data processing is carried out for the execution of contracts concluded with you or your employment company or for the execution of pre-contractual measures (Art. 6 para. 1 lit. b) GDPR); this includes in particular:

Purchase and supply contracts (e.g. processing of purchase and sales inquiries, authentication of contractual partners, preparation and signing of contractual documents, execution of purchases and sales, invoicing and processing of purchase price payments;

Service and work contracts as well as other contractual relationships (e.g. processing and reviewing corresponding offers and inquiries; authenticating contractual partners, preparing and signing contractual documents, processing payments; sending information letters);

4.3 Further data processing takes place due to legal requirements (Art. 6 para. 1 lit. c) GDPR): for example, to fulfil tax and other legal control and reporting obligations, as well as audits by tax or other authorities and to comply with legal retention periods;

4.4 In addition, we process your data to protect our legitimate interests (Art. 6 (1) f) GDPR), namely for the following purposes:

  • Optimal contact support/relationship, also concerning the employees of our business partners;
  • Optimization of our business processes, e.g. by maintaining a supplier or prospect database, also within the framework of “customer relationship management”;
  • Centralization or outsourcing of corporate functions;
  • Mitigating default risks in our business processes by consulting credit agencies (e.g. Creditreform, Bürgel), using trade credit insurance, and determining score values (profiling), which help us to assess the likelihood of contractual partners meeting their payment obligations under the contract based on a recognized mathematical-statistical procedure;
  • Assertion and defence of legal claims; Market research purposes.

5. Recipients of personal data

Under certain circumstances (beyond the cases already mentioned above), your data will be passed on for the purposes mentioned above in detail:

5.1 If it is necessary to clarify or prosecute illegal or abusive incidents, personal data will be forwarded to our legal advisors, law enforcement authorities and, if applicable, to injured third parties. However, this only happens if there are concrete indications of unlawful or abusive behaviour. A transfer may also occur if this enforces contractual provisions between us and our contractual and business partners.

5.2 We are legally obligated to provide information to certain public authorities upon request. These are primarily law enforcement agencies, authorities that prosecute administrative offences subject to fines and the tax authorities.

5.3 If it is necessary for the processing of your inquiry or the conclusion or implementation of a contractual or business relationship with you, as well as in the case of centralized or outsourced corporate functions, we may pass on your data to our sales partners for the fulfilment of the purposes mentioned above.

5.4 Occasionally, to fulfil the purposes described in this Privacy Policy or to provide our services, we rely on contractually affiliated third-party companies or other cooperation partners and external service providers that may be located outside the EU or EEA, such as brokers, logistics companies, IT service providers, business consultants and financial institutions. In such cases, information is passed on to these companies or individuals to enable them to continue processing. Insofar as these are entities outside the EU or the EEA, we ensure an appropriate level of data protection, for example, by concluding corresponding contracts with the data recipient.

5.5 As part of the further development of our business, the structure of our company may change by changing its legal form, establishing, buying or selling subsidiaries, parts of companies or components. In such transactions, customer information and the company’s part will be transferred. In any transfer of personal information to third parties to the extent described above, we will ensure that we follow this Privacy Policy and the relevant data protection laws.

5.6 Under certain circumstances, an order processor may process your personal data on our behalf. This applies, for example, to our external telephone service. If we receive your call outside our business hours or during another absence, the call will be answered by our external service centre. The caller’s data and request will then be transmitted to the appropriate person in our company by email.


6. Processing time

We process your data for the duration of your employment with one of our business partners but no longer than until the final termination of the respective business relationship between us and your employment company. We delete transaction-related information (e.g. relating to a specific contractual or order relationship) after the end of the respective transaction, e.g. fulfilment of a supply contract, with a period of three years after the end of the individual calendar year, unless these are subject to longer statutory retention obligations (e.g. the six or ten-year retention period according to § 257 of the German Commercial Code); in such a case, the data concerned will be blocked for any further processing.


7. Rights of data subjects

7.1 You can obtain information about your stored personal data at any time. If the respective requirements are met, you are also entitled to the following rights:

  • Right to rectification: You have a right to rectification of incorrect personal data concerning you.
  • Right to erasure: You may also request the erasure of your data, for example, if it is no longer necessary for the purposes for which it was collected or otherwise processed.
  • Right to restriction of processing: You also have the right to request the restriction of processing your personal data; in such a case, the data will be blocked for any processing. This right exists in particular if the accuracy of the personal data is disputed between you and us.
  • Right to data portability: if we process your data for the performance of a contract with you or based on your consent, you also have the right to receive your data in a structured, common and machine-readable format, if and to the extent that you have provided us with the data.
  • Right to revoke consent: If you have given us consent to process your data, you may revoke this consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent until the cancellation.
  • You may also object to data processing for reasons arising from your situation. However, this only applies in cases where we are processing data to fulfil a legitimate interest. If you can present such a reason and we cannot assert a compelling claim worthy of protection in further processing, we will not further process this data for the respective purpose.

7.2 Should you wish to receive information about the data stored about you, assert your other rights or have questions about data protection with us, you can contact us using the above contact details.

7.3 You also have the right to file a complaint with a supervisory authority at any time, in particular with a supervisory authority in the member state of your residence, workplace or the place of the alleged violation, if you believe that the processing of personal data concerning you infringes data protection provisions.


8. Status and change of this declaration on data protection

The status of this data protection declaration is 09/19/2023.

Our company’s further development may also affect personal data handling. Therefore, we reserve the right to amend this data protection declaration within the framework of the applicable data protection laws and, if necessary, adapt it to changed data processing realities. We will notify you separately of any significant changes to the content.

We use the Microsoft Teams tool. Microsoft Teams is a Microsoft 365 application provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (parent company is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399 USA).

The following data protection information applies if we have invited you to use the Microsoft Teams application to hold online conferences and you use it together with us. Suppose you receive an invitation from us to participate in a meeting via MS Teams. In that case, it will also contain a link to this general privacy policy.


Controller:

The controller for data processing in direct connection with the holding of online meetings via Microsoft Teams is:

Kählig Antriebstechnik GmbH
Pappelweg 4
30179 Hannover

Telefon: +49 (0) 511 674 93 – 0
E-Mail: info@kag-hannover.de


Purposes of processing:

We use Microsoft Teams to conduct video conferences and other online meetings and communicate within Kählig Antriebstechnik GmbH. We also use MS Teams to conduct video conferences with external partners, such as customers or suppliers.


What data is processed?

The following personal data may be subject to processing:

  • User details (display name, email address, profile picture (optional), preferred language)
  • Meeting metadata (e.g. IP address, date, start and end time, meeting ID, telephone number, location),
  • Authentication data,
  • Text, audio and video data.

In addition, you can optionally use the chat function during an online meeting. In this case, the text input you make will be processed to display it in the online meeting. Suppose the microphone and video camera of your end device are activated during a video conference. In that case, your data will also be processed. In the Microsoft Teams application, you have the option of switching off or muting the camera and microphone yourself.


Scope of processing:

We use Microsoft Teams to conduct video conferences.

We do not record video conferences as a rule. We will inform you transparently in advance if a recording is necessary and ask for your consent.

If it is necessary to record the results of an online meeting, we will record the chat content. This data is processed exclusively for the purpose of handling communication via Microsoft Teams and for collaboration on joint projects. We respect your privacy and assure you that your personal data will not be processed for any other purpose.


Legal basis for the processing:

  • If the personal data of our employees is processed, Section 26 BDSG is the legal basis for the processing if the data processing is necessary for the fulfilment of the employment relationship.
  • If meetings are held to fulfil contractual relationships, the processing is based on Art. 6 para. 1 lit. b) GDPR.
  • If there is neither an employment relationship nor a contractual relationship and processing is nevertheless necessary, the processing is based on the legal basis of Art. 6 para. 1 lit. f) GDPR. Our legitimate interest consists in the practical and modern implementation of video conferences.

Deletion of data:

We delete personal data processed by us if there is no need for further storage. This requirement may exist, in particular, if the data is still needed to fulfil contractual services or to check and grant or defend against warranty and guarantee claims. If there are legal retention periods, deletion will only be considered after the legal retention period has expired.


Recipients of data:

We will treat personal data processed in connection with participation in Microsoft Teams confidentially. We will not pass on this data to third parties unless it is intended to be passed on.

In addition, Microsoft itself may be the recipient of the processed personal data. The next section provides more information on data processing outside the EU.

Further information on data processing by Microsoft directly can be found at: https://privacy.microsoft.com/de-de/privacystatement


Processing of data outside the European Union (EU):

In principle, Microsoft does not process/store data outside the European Union (EU) due to the terms of our contract with Microsoft. However, we cannot rule out the possibility that data may be routed via servers outside the European Union (EU), especially if participants in an online conference are located in a third country.

As Microsoft is a US service provider, personal data may also be transferred to the USA. Microsoft is certified in accordance with the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000KzNaAAK&status=Active). The EU-US Data Privacy Framework (DPF) has been in place since July 10, 2023, and an adequacy decision has been issued by the EU Commission in accordance with Art. 45 GDPR (https://commission.europa.eu/document/fa09cbad-dd7d-4684-ae60-be03fcb0fddf_en). The EU-US Data Privacy Framework (DPF) is an agreement between the European Union and the United States, which is intended to ensure compliance with European data protection standards when processing data in the USA.

You can find Microsoft’s data protection addendum to the order processing contract here: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA

Microsoft offers customers the EU’s Standard Contractual Clauses (SCCs), which include specific safeguards for the transfer of personal data. The SCCs are used in agreements between service providers (e.g. Microsoft) and their customers to ensure that all personal data leaving the EEA is transferred in compliance with the GDPR.

Standard Contractual Clauses: https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en


Rights of the data subject:

  • Right of access by the data subject (Art. 15 GDPR)

You have the right to request confirmation as to whether personal data concerning you is being processed. In this case, you have a right to information about this personal data and the information listed in Art. 15 GDPR.

  • Right of rectification (Art. 16 GDPR)

You have the right to demand the immediate correction of incorrect personal data concerning you and, if necessary, the completion of incomplete data.

  • Right of erasure (Art. 17 GDPR)

You have the right to demand that personal data concerning you will be deleted immediately by us if one of the reasons listed in Art. 17 GDPR applies.

  • Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have lodged an objection to the processing for the duration of the examination by the controller.

  • Right to data portability (Art. 20 GDPR)

In some instances, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party.

  • Right of withdrawal (Art. 7 GDPR)

Suppose the processing of data is based on your consent. In that case, you are entitled to withdraw your consent to the processing of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected.

  • Right to object (Art. 21 GDPR)

If data processing is carried out based on Art. 6 para. 1 lit. e or f GDPR, you have the right to object to processing your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims (objection under Art. 21 (1) GDPR). Suppose your personal data are processed for direct marketing purposes. In that case, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. If you object, your personal data will no longer be used for direct marketing (objection pursuant to Art. 21 (2) GDPR).

  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

You also have the right to complain to the competent supervisory authority. You can contact the data protection supervisory authority responsible for your residence or federal state or the data supervisory authority responsible for us in Lower Saxony. The address is Postfach 221 in 30002 Hannover or by e-mail: poststelle@lfd.niedersachsen.de


Contact

You can contact us anytime if you have further questions about data protection. You can reach us under “Controller”. To assert your rights, please send an email to the following address: datenschutz@kag-hannover.de


Change of our privacy policy for Microsoft Teams:

We reserve the right to change our security and data protection measures. In such cases, we will also adapt our data protection information accordingly. Please, therefore, note the current version of our privacy policy.

Status of the privacy policy: 13.06.2024

Controller:

The controller for data processing in direct connection with the sending of newsletters via Rapidmail is:

Kählig Antriebstechnik GmbH
Pappelweg 4
30179 Hannover

Telefon: +49 (0) 511 674 93 – 0
E-Mail: info@kag-hannover.de


Newsletter:

If you subscribe to our company’s newsletter, the data in the respective input mask will be transmitted to the controller. Subscription to our newsletter takes place in a so-called double opt-in process. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary so no one can register with other people’s email addresses. When registering for the newsletter, the user’s IP address and the date and time of registration are stored. This serves to prevent misuse of the services or the email address of the person concerned. The data is not passed on to third parties. An exception exists if a legal obligation exists to pass on the data. The data is used exclusively to send the newsletter. The subscription to the newsletter can be cancelled by the data subject at any time. Consent to the storage of personal data can also be revoked at any time. Every newsletter has a corresponding link for this purpose. The legal basis for data processing after user registration for the newsletter is Art. 6 para. 1 lit. a) GDPR if the user has given consent. The legal basis for sending the newsletter due to the sale of goods or services is Section 7 (3) UWG.


Use of Rapidmail:

Description and purpose of processing: We use rapidmail to send newsletters. The provider is rapidmail GmbH, Wentzingerstraße 21, 79106 Freiburg, Germany. Among other things, rapidmail is used to organise and analyse the sending of newsletters. The data you enter for the purpose of subscribing to the newsletter is stored on rapidmail servers in Germany. If you do not wish to be analysed by rapidmail, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. For the purpose of analysis, the emails sent with rapidmail contain a so-called tracking pixel, which connects to the rapidmail servers when the email is opened. This way, we can determine whether a newsletter message has been opened. We can also use rapidmail to determine whether and which links in the newsletter message have been clicked on. Optionally, links in the email can be set as tracking links, with which your clicks can be counted.

Legal basis for the processing: The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR.

Recipients of data: The data recipient is rapidmail GmbH.

Processing of data outside the European Union (EU): Data is not transferred to third countries.

Deletion of data: We will store the data you provide as part of your consent for the newsletter until you unsubscribe. After you unsubscribe, the data will be deleted from our and rapidmail’s servers. Data stored by us for other purposes (e.g., email addresses for the member area) will remain unaffected by this.

Possibility of revocation: You can withdraw your consent to data processing at any time, with effect for the future. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

More data protection information: For more information, please refer to rapidmail’s data security information at https://www.rapidmail.de/datensicherheit

For more information on the analysis functions of rapidmail, please see the following link: https://www.rapidmail.de/wissen-und-hilfe.

Rights of the data subject:

  • Right of access by the data subject (Art. 15 GDPR)

You have the right to request confirmation as to whether personal data concerning you is being processed. In this case, you have a right to information about this personal data and the information listed in Art. 15 GDPR.

  • Right of rectification (Art. 16 GDPR)

You have the right to demand the immediate correction of incorrect personal data concerning you and, if necessary, the completion of incomplete data.

  • Right of erasure (Art. 17 GDPR)

You have the right to demand that personal data concerning you will be deleted immediately by us if one of the reasons listed in Art. 17 GDPR applies.

  • Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have lodged an objection to the processing for the duration of the examination by the controller.

  • Right to data portability (Art. 20 GDPR)

In some instances, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party.

  • Right of withdrawal (Art. 7 GDPR)

Suppose the processing of data is based on your consent. In that case, you are entitled to withdraw your consent to the processing of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected.

  • Right to object (Art. 21 GDPR)

If data processing is carried out based on Art. 6 para. 1 lit. e or f GDPR, you have the right to object to processing your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. You can find the respective legal basis for processing in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defence of legal claims (objection under Art. 21 (1) GDPR). Suppose your personal data are processed for direct marketing purposes. In that case, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct marketing. If you object, your personal data will no longer be used for direct marketing (objection under Art. 21 (2) GDPR).

  • Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

You also have the right to complain to the competent supervisory authority. You can contact the data protection supervisory authority responsible for your residence or federal state or the data supervisory authority responsible for us in Lower Saxony. The address is Postfach 221 in 30002 Hannover or by email: poststelle@lfd.niedersachsen.de


Contact

You can contact us anytime if you have further questions about data protection. You can reach us under “Controller”. To assert your rights, please send an email to the following address: datenschutz@kag-hannover.de


Change of our privacy policy for Rapidmail:

We reserve the right to change our security and data protection measures. In such cases, we will also adapt our data protection information accordingly. Please, therefore, note the current version of our privacy policy.

Status of the privacy policy: 25.11.2024

Lukas Hamer
Data protection officer
+49 (0) 511 674 93 – 20
datenschutz@kag-hannover.de

Kählig Antriebstechnik GmbH
Pappelweg 4
30179 Hannover

Headquarter Hannover
+49 (0) 511 674 93 – 0
info@kag-hannover.de

Kählig Antriebstechnik GmbH
Pappelweg 4
30179 Hannover