Privacy Statement

PRIVACY STATEMENT REGARDING USE OF OUR WEB SHOPS

We would like to inform you about the personal data that will be processed when you use our web shop. This statement informs you about how we will use your data as a visitor to our web shop.

As a registered user, you can use a lot more functions than guest users. In order for you to be able to use these functions, we must store and process your data. We therefore request that you consent to the storage and processing of your data when you register as a user of our web shop. But it goes without saying that you can also order as a guest in our webshop without registration and consent.

Contents

Controller’s name and contact detailsCollection and storage of personal data as well as type, purpose and legal basis

a) When simply visiting our websites

b) When ordering as a guest

c) Registration and login to the web shop

d) Consent to use data in the web shop

e) When using the contact form

Passing on data to third parties

a) For payment processing

b) Payment against invoice

c) Payment by credit card

d) For shipment

When and for what purpose does KAISER+KRAFT use ‘cookies’?Web analytics

a) Google Analytics

b) wiredminds

c) Google remarketing

d) Use of Criterio

e) Use of Hotjar

Rights of data subjectsRight of objectionData securityUp-to-dateness of and amendment to this privacy statement

Controller’s name and contact details

This privacy statement applies to the processing of data by:

Controller:

KAISER+KRAFT GmbH, Presselstr. 12, 70191 Stuttgart, Germany

E mail: export@kaiserkraft.com

Telephone: +49 711 3465 6999

Fax: +49 711 3465 6100

Our data protection officer can be contacted under the contact data above.

Collection and storage of personal data as well as type, purpose and legal basis

a) When simply visiting our websites

You can visit our websites without disclosing your identity. In any case, data will be collected in log files, via search engines and in forms.

The following information is collected without any input from you:

The IP address of the requesting computerThe date, duration and time of accessThe name and URL of the file accessed, i.e. the websites which you visit at our shopThe website from which access was made (referrer URL)The browser you are using and, if applicable, your computer’s operating system, geographic origin, language setting and your access provider’s nameWhen you use the search function on our websites, the search terms you entered

We process this data for the following purposes:

To enable uninterrupted use of our Internet offering (connection establishment)To improve use of our websiteTo ensure system security and stabilityFor technical administration of the network infrastructure and to optimize the search function on our websitesTo track cases of misuse

The legal basis for processing the data is Art. 6 (1) sentence 1 lit. f of the General Data Protection Regulation (GDPR). Our legitimate interest follows from the above-listed purposes of data collection. Under no circumstances will we use the data collected in order to draw conclusions about your person.

This data remains stored until it is automatically deleted. The data will be deleted when the above-mentioned purpose no longer exists.

We also use cookies and analytics services when our website is visited. For more details, please refer to sections 4 and 5 of this privacy statement.

b) When ordering as a guest

When you order products as a guest on our website, we will collect the following information:

Company nameYour title, first name, surname as the customerA valid e mail addressAddressPayment data, depending on the payment method you selected (for example, bank details)

This data is collected for the following purposes:

To identify you as our contract partnerTo check the data entered for plausibilityTo handle payment for your orderTo settle any warranty claims that you may have and to assert any claims that we may have against you

The data will be processed at your request, and pursuant to Art. 6 (1) sentence 1 lit. b and lit. f GDPR, it is required for the above-mentioned purposes for the performance of the contract as well as pre-contractual measures.

Like most of our customers, you are probably interested in knowing how long it will take for your shipment to arrive. That's why you can track your shipments in our shop.

This means that we must process the data that you entered for the delivery address. To this effect, we co-operate with the shipping service providers who transport your shipments and with a service provider who has undertaken to comply with the data protection laws.

In order to ensure smooth and easy processing of your order and fast clarification of any queries, you can also enter additional data:

your telephone number andan alternative shipping address.

You are not obliged to disclose this data.

The personal data which we collect for the order will be stored until expiry of the statutory warranty obligation and then automatically deleted, unless we are obliged to store such data for a longer period pursuant to Art. 6 (1) sentence 1 lit. c GDPR because of storage and documentation obligations under tax and commercial law or unless you have consented to further storage pursuant to Art. 6 (1) sentence 1 lit. a GDPR.

c) Registration and login to the web shop

Your data helps us to customize and continuously improve your shopping experience. As a registered user, you can use more functions than guest users. In order for you to be able to use these functions, we must store and process your data. You will therefore have to consent to the storage and processing of your data when you register as a user of our web shop.

When you register as a user in our web shop, we request the following data from you:

Address of your companyYour title, first name and family name as a customer and user of our web shopTelephone numberE mail addressProfessional positionGeneral data of your company

We collect this data in order to be able to identify you as our contract partner.

The data will be processed at your request and, pursuant to Art. 6 (1) sentence 1 lit. b GDPR, it is required for the above-mentioned purposes for the performance of the contract as well as pre-contractual measures.

In keeping with our understanding as a supplier of business equipment, we only store and process data from your professional environment. Data concerning your private environment, such as your private address, is neither stored nor processed by us when you order any items for your professional activities.

The personal data which we collect for registration and login will be stored by us until you revoke your consent to such processing or until we discontinue the processing of the data unless we are obliged to store such data for a longer period pursuant to Art. 6 (1) sentence 1 lit. c GDPR because of storage and documentation obligations under tax and commercial law or unless you have consented to further storage pursuant to Art. 6 (1) sentence 1 lit. a GDPR.

d) Consent to use data in the web shop

If you have registered as a user and log in to the web shop, you consent to the storage, processing and use of your personal data in accordance with this privacy statement.

Detailed data of your use of our web shop will be recorded for the duration of your registration. This primarily includes the following details:

The duration of the visitThe items searched for, viewed and tagged on our websiteThe items purchased (order history)Your navigation on our websiteThe origin website and the exit page

This data is collected, stored and processed so that we can customize and continuously improve your shopping experience and provide you with convenience features (for example, access to your personal order history and stored shopping baskets that you need several times) in the web shop.

By registering and logging in to our web shop, you also agree to our use of your e mail address and the detailed data of your use of our web shop as follows:

If you have not yet completed the purchase for a shopping basket that you have set up in our web shop, we can send you an e mail as a reminder. In this way, we can send you offers that are precisely tailored to your profile. You can unsubscribe from this service at any time within the e mail.We will regularly send you our (personalized) newsletter by e mail. We use the detailed data of your use of our web shop in order to personalize the newsletter for you. In this way, we can send you special offers that are not available to unregistered users from time to time and on special occasions.

In our web shop, you can also view the data of your previous orders, save shopping baskets and create notepads for future purchases.

Data processing pursuant to Art. 6 (1) sentence 1 lit. a GDPR is based on your consent.

The detailed data concerning your use of our web shop which we collect will be stored by us until you revoke your consent to such processing or until we discontinue the processing of the data unless we are obliged to store such data for a longer period pursuant to Art. 6 (1) sentence 1 lit. c GDPR because of storage and documentation obligations under tax and commercial law.

e) When using the contact form

You can send us general enquiries using the contact form provided on our website. A valid e mail address or telephone number must be provided so that we can respond to your enquiry.

Any other personal data, such as your name, address or telephone number is not collected unless you voluntarily disclose this information. This data is collected in order to know who the enquiry originated from and to be able to answer it using your preferred channel (post, telephone or e mail).

Data processing for the purpose of contacting us is based on Art. 6 (1) sentence 1 lit. a GDPR on the basis of your voluntary consent or on the basis of Art. 6 (1) lit. b GDPR and/or to safeguard our legitimate interests pursuant to Art. 6 (1) lit. f GDPR.

It is our legitimate interest to be able to respond to customer enquiries and to thereby ensure functioning customer service.

The personal data which we collect when the contact form is used will be deleted after your request has been dealt with, unless we are obliged to store it for a longer period of time pursuant to Art. 6 (1) sentence 1 lit. c GDPR because of storage and documentation obligations under tax and commercial law.

f) When an error occurs

If you visit our websites, errors may occur during use. If an error occurs, the error and the context that is necessary to analyse and correct this error are transferred to us and evaluated with tools such as “Sentry”.

The following information is collected without your intervention:

the date and time at which the error occurred,the name and URL of the retrieved file, i.e. the website you visited when the error occurred,the website from which access was made (referrer URL),the browser you are using and if applicable, the operating system of your computer,the error message that occurred and where the error occurred in our application (Stacktrace).

We process this data for the following purposes:

to improve the use of our websiteto ensure system security and stability

The legal basis for data processing is Art. 6, para. 1, sentence 1(f) GDPR. Our legitimate interest arises from the purposes for data collection listed above. Under no circumstances will we use the data collected for the purpose of drawing conclusions about your person.

This data is stored until automated deletion. The data will be deleted if the above-mentioned purpose no longer applies.

Passing on data to third parties

a) For payment processing

Your personal data will be passed on to third parties to the extent permitted by law and required pursuant to Art. 6 (1) sentence 1 lit. b GDPR for the purpose of maintaining contractual relationships with you.

This includes, in particular, the transfer of payment data to payment service providers or banking institutes in order to carry out payment transactions. These third parties are not permitted to use this data passed on to them for any other than the aforementioned purposes.

b) Payment against invoice

If you wish to purchase against invoice, we will obtain credit information from Deltavista GmbH, Freisinger Landstr. 74, D-80939 München on the basis of your express consent in accordance with Art. 6 (1) sentence 1 lit. a and b GDPR and if this is necessary for the conclusion or fulfilment of the contract.

Your personal data required for the credit check (first and last name, street, house number, postcode, city, date of birth, telephone number and, in the case of a direct debit purchase, the bank account details given) will be transmitted to the above-mentioned external service provider.

Deltavista calculates a score on the basis of scientifically recognized mathematical/statistical methods. The score value is a forecast of default probability. As a result of this forecast, we may require more secure forms of payment (such as prepayment).

Within the scope of credit assessment, we also use information which we collected from our customers or received from another European company of the TAKKT Group. The list of these companies can be found here.

The collection of personal data and the transmission to the aforementioned third parties is carried out for the purpose of determining solvency probability in order to make a balanced decision on the establishment, implementation or termination of the contractual relationship.

In our legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f GDPR and in the legitimate interest of our customers, we exchange information on very unusual orders with the other European companies of the TAKKT Group. This can, for example, be the case when large quantities of goods are ordered by different buyers for shipment to the same address. By exchanging information about such transactions, we not only want to avoid subsequent payment defaults, but also to protect our customers from misuse of customer accounts and/or our customers' identities.

c) Payment by credit card

When you pay by credit card (Visa/MASTER Card), the payment data which you enter will be recorded and stored by Ingenico GmbH (Pfalzburger Straße 43 44, 10717 Berlin, Germany) pursuant to Art. 6 (1) sentence 1 lit. b GDPR and not passed on to any company other than those involved in the payment process.

When paying by credit card, you accept the payment provider’s Terms and Conditions. We will not collect or store payment data in this case.

Data is processed for the purpose of payment processing.

Please refer to your credit card company's privacy policy for more information.

e) For shipment

We always strive to ship your items as quickly as possible.

Your personal data will be passed on to third parties to the extent permitted by law and required pursuant to Art. 6 (1) sentence 1 lit. b GDPR for the purpose of maintaining contractual relationships with you.

This includes the transmission of data to the shipping service provider.

Data is processed for the purpose of shipping your order.

When and for what purpose does kaiserkraft use ‘cookies’?

We use cookies on several pages. A separate note is displayed in each case. Cookies are small text files that are stored on your computer/device (laptop, tablet, smartphone, etc.).

Cookies do no damage your device, nor do they contain viruses, Trojans or other malware.

We use the so-called session cookies in order to recognize that you already visited certain pages of our website, that you already logged in to your user account or to display your shopping basket. Session cookies are automatically deleted when you leave our site.

Other cookies remain on your device for a certain defined period of time. They enable us to recognize your computer during your next visit (so-called permanent cookies). These cookies enable us to welcome you with your user name, for example, so that you do not need to re-enter your password or fill in forms with your data for future orders. However, this does not mean that we are directly able to identify you.

The purpose of cookies is to make your visit to our website attractive and to enable the use of certain functions.

Data processing by cookies is necessary for the above-mentioned purposes in order to protect our legitimate interests and those of third parties pursuant to Art. 6 (1) sentence 1 lit. f GDPR.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is generated. However, complete deactivation of cookies can mean that you will not be able to use all of the functions of our website. For information regarding the cookie settings in your browser, click here.

Web analytics

Like many other providers, kaiserkraft also uses various methods to analyse the use of our websites.

The tracking and targeting measures listed below and used by us are carried out on the basis of Art. 6 (1) sentence 1 lit. f GDPR.

We use these tracking measures in order to ensure a requirement-compliant design and the continuous optimization of our website. On the other hand, we use the tracking measures in order to statistically analyse the use of our website and to evaluate it for the purpose of optimizing our offering for you.

The targeting measures used by us are designed to ensure that you only receive advertising on your devices that is oriented towards your actual or assumed interests.

These interests are to be deemed to be legitimate within the meaning of Art. 6 (1) sentence 1 lit. f GDPR.

The respective data processing purposes and data categories are described in the corresponding tracking and targeting tools.

a) Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (‘Google’). This is an effective tool for evaluating and marketing our website.

Google Analytics uses cookies. The information generated by the cookie about your use of this website, including the abbreviated IP address, is sent to a Google server in the US for storage.

Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage.

Google may also forward this information to third parties if this is required by law or if third parties process this data on behalf of Google.

Under no circumstances will Google associate the IP address with other Google data.

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking this link. This will set an opt-out cookie which will prevent your data from being recorded when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Click here for the Google Analytics terms of use.

b) Google remarketing

This website uses the remarketing function of Google Inc. (‘Google’).

The purpose of this function is to present interest-based advertisements to visitors to the website as part of the Google advertising network. The visitor's browser stores cookies that enable recognition of the visitor when visiting websites that belong to Google's advertising network. These pages can then present advertisements to the visitor relating to content previously accessed by the visitor on websites that use Google's remarketing function.

If you do not wish to use Google's remarketing function, you can generally deactivate it by making the appropriate settings at http://www.google.com/settings/ads. Alternatively, you can disable the use of cookies for interest-based advertising through the Advertising Network Initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp. For more information about Google Remarketing and Google's privacy statement, please visit: http://www.google.com/privacy/ads/.

c) Use of Criteo

Criteo tools have been integrated on our websites. These tools collect anonymized information on the surfing behavior of the visitors of our websites for marketing reasons. The data collected will not be used to personally identify you as a visitor of our websites. Criteo is specialized in the creation and delivery of personalized advertising via “Criteo Dynamc Retargeting” and “Criteo Sponsored products”. The aim is to show you advertising and products which are relevant for you as far as possible – based on your current surf behavior and search behavior.

If you no longer wish to receive advertising from Criteo, please follow the company’s instructions on cookie opt-out: https://www.criteo.com/de/privacy/

d) Use of Hotjar

This website uses Hotjar, an analytics software of Hotjar Ltd. (‘Hotjar’) (http://www.hotjar.com, 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta, Europe). Hotjar enables usage behaviour (clicks, mouse movements, scroll heights, etc.) on our website to be measured and evaluated. The information generated by the tracking code and cookies about your visit to our website is transmitted to and stored on the Hotjar servers in Ireland.

The following information can be recorded by your device and browser:

The IP address of your device (collected and stored in an anonymized format)Your e mail address, including your first and last name, if you made this information available to us via our websiteThe screen size of your deviceThe device type and browser informationThe geographic location (only the country)The preferred language for displaying our websiteLog data

The following data is automatically generated by our servers when Hotjar is used:

Referring domainPages visitedThe geographic location (only the country)The preferred language for displaying our websiteThe date and time of access to the website

Hotjar uses this information to evaluate your visit to our website, to create use reports and to evaluate other services concerning the use of the website and the Internet evaluation of the website.

Hotjar also subcontracts external service providers, such as Google Analytics and Optimizely. These third parties can store information that your browser transmits during your visit to the site, such as cookies or IP requests. For more information on how Google Analytics and Optimizely store and use data, please refer to their respective privacy statements.

The cookies used by Hotjar have different ‘lifetimes’. Some remain valid for up to 365 days, others remain valid only during the current visit.

You can prevent Hotjar from collecting the data by clicking on following link and following the instructions there: https://www.hotjar.com/opt-out.

Rights of data subjects

You have the right:

pursuant to Art. 15 GDPR to request information regarding your personal data processed by us. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data, if this was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on their details;pursuant to Art. 16 GDPR, to demand immediate rectification of incorrect data or completion of personal data stored by us;pursuant to Art. 17 GDPR, to request erasure of your personal data stored by us unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;pursuant to Art. 18 GDPR, to restrict the processing of your personal data in as far as you dispute the accuracy of the data, if the processing is unlawful but you reject the erasure of data and we no longer need the data, but if you need such data in order to assert, exercise or defend legal claims or if you have filed an objection to processing pursuant to Art. 21 GDPR;To request transfer of personal data stored by us in accordance with Art. 20 of the GDPR (General Data Protection Regulation). If, in conjunction with your right to data transfer, you request the personal data provided to us, we will transmit the data to you in a structured, common and machine-readable format.pursuant to Art. 7 (3) GDPR, to revoke your prior consent at any time. As a result, we are then no longer permitted to continue processing data based on this consent in the future andpursuant to Art. 77 GDPR, to complain to a regulatory authority. For this purpose, you can generally contact the regulatory authority responsible for your usual place of residence or workplace or our company’s registered office.

The contact details of the regulatory authority responsible for our company’s registered office are as follows:

Der Landesbeauftragte für den Datenschutz Baden-Württemberg

Königstraße 10a

70173 Stuttgart

Telefon 0711/615541-0

Telefax 0711/615541-15

E-Mail: poststelle@lfd.bwl.de

Right of objection

If your personal data is processed on the basis of our legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR in as far as the reasons for this are based on your specific situation or if you object to direct advertising. In the latter case, you have a general right of objection which we will implement without the need to specify a particular situation.

If you wish to exercise your right of revocation or objection, simply send an e mail to export@kaiserkraft.com.

Data security

Please remember that transmitting information and data over the Internet always poses a security risk. We have therefore implemented technical and organizational measures to protect your personal data. These measures protect your data from unauthorized processing, loss, as well as unauthorized alteration and unauthorized access. Our security measures are continuously improved in line with technological developments.

The Internet offerings of KAISER+KRAFT work with 256 bit TLS encryption. TLS stands for ‘Transport Layer Security’ and is an encryption method that guarantees secure communications on the World Wide Web. Data is transmitted via a secure HTTPS connection. This protects the data from unauthorized manipulation or alteration, so that third parties can neither read nor download the data. As soon as you access our website, the encryption function is activated. A lock appears in the lower screen bar as the encryption icon. All the following pages are then TLS-protected.

Up-to-dateness of and amendment to this privacy statement

This data protection declaration is currently valid and has the revision status as per 18 May 2018.

Due to the further development of our website and offerings on this website or due to changed legal or official requirements, it may become necessary to revise this privacy statement. You can view and print the latest version of this privacy statement at any time on the website at

https://www.export.kaiserkraft.com/notes-on-data-protection/