We at LEONHARD KURZ Stiftung & Co. KG - hereinafter referred to as "KURZ" - attach immense importance to data protection, that is to say the protection of YOUR personal data.
We treat your personal data in confidence and in compliance with the statutory data protection regulations and this Data Protection Statement.
This Data Protection Statement applies equally for all Internet offerings (“Website(s)”) for which KURZ is considered the controller (see Section 2).
2. Controller and contact information for the data protection officer
As defined in the EU General Data Protection Regulation (GDPR) as well as other national data protection laws of the member states, and other data protection provisions, the controller is:
LEONHARD KURZ Stiftung & Co. KG
Schwabacher Strasse 482
90763 Fürth, Germany
Telephone: +49 911 71 41-0
2.2 Contact information for the data protection officer
You can contact the controller’s data protection officer at the following address:
MKM Datenschutz GmbH
data protection officer
Äußere Sulzbacher Str. 124a
90491 Nuremberg, Germany
3. Principles of processing personal data
3.1. Scope of personal data processing
As a general rule we do not process our users’ personal data unless it is necessary to enable us to present a functioning website and our content and services. As a matter of course, our users’ personal data is not processed without the user’s consent. One exception would be cases in which it is not possible to obtain the consent beforehand for practical reasons, and/or if processing of the data is permitted by legal provisions.
In particular, your data is processed for the following purposes:
- The online services offered on our Websites (e.g., newsletter, contact form, etc.) are specifically designed to help us reach our business objectives. To this end, we need to continuously optimise the services we provide online (customer satisfaction, security, user friendliness, etc.).
- The main reason we process data is if it is needed to substantiate the legal relationship, or to design or amend the content thereof.
- To send you information, including advertising materials (e.g., the newsletter).
- To lend our Websites still greater appeal; to identify points of particular interest and also publicise usage-based online advertising.
- To analyse and evaluate visitor access events and also to detect any technical problems and respond to them in good time.
3.2. Legal basis for processing personal data
If we obtain consent from the data subject to carry out processing operations on personal data, our activities are governed by Art. 6 Para. 1 letter a GDPR as the legal basis therefor. If it is necessary to process personal data in order to fulfil a contract to which the data subject is a contracting party, our activities are governed by Art. 6 Para. 1 letter b GDPR as the legal basis. This also applies for processing activities essential for pre-contractual arrangements, in response to enquiries about our products or services, for example. If we need to process personal data to comply with a legal obligation to which our company is subject, (e.g., tax obligations), the legal basis for this is Art. 6 Para. 1 letter c GDPR. If it is essential to process personal data to protect the vital interests of the data subject or another natural person, the legal basis therefor is Art. 6 Para. 1 letter d GDPR. If such processing is essential in order to safeguard the legitimate interests of our company or of a third party and these interests are not outweighed by the interests, basic rights and basic freedoms of the data subject, Art. 6 Para. 1 letter f GDPR serves as the legal basis therefor. This applies e.g. to collections and analyses for statistical purposes, which we carry out to optimise our web offerings.
3.3. Retention period and erasure of personal data
We only process and store your personal data for the period necessary to fulfil the purpose for which it is stored. When its purpose has been fulfilled or ceases to exist, your personal data is erased or blocked. It can be stored for longer than this if such provisions appear in the European or national legislatures in legally binding ordinances, laws or other regulations of the European Union to which the controller is subject. The data is also blocked or erased when a retention period stipulated in the aforementioned norms expires, unless there is a pressing need for continued retention of the data to enable the conclusion or fulfilment of a contract.
4. Providing Websites and compiling logfiles
Every time they are accessed, our Websites automatically capture a range of general data and information, which is stored temporarily in a server’s logfiles.
In this context, the following data may be captured:
- Access to the Website (date and time)
- How you came to the Website (previous page, hyperlink etc.)
- Which browser (and version) you use
- The operating system you use
- Which Internet service provider you use
- Your IP address, which is assigned to your computer by your Internet service provider for when you connect to the Internet
In rare cases, this (technical) data in the logfiles may be personal data. The temporary storage of the IP address by the system is necessary to enable the Website to be delivered to the user’s computer. To allow this, the user’s IP address has to remain stored for the duration of the session. As a rule, however, we only use this data if it is absolutely necessary for technical reasons to ensure operation and protect our Websites from attacks and misuse; in pseudonymised or anonymised form it is also used for purposes of advertising, market research and to help us design our services to meet current needs. This is why users’ IP addresses are stored as a technical precaution for a period not exceeding 7 days. They may be stored for longer. In this case, the users’ IP addresses are erased or masked so that it is no longer possible to make a connection to the accessing client. This data is not stored together with any of the user's personal data.
The legalbasis for temporary storage of the data and logfiles is Art. 6 Para. 1 letter f GDPR.
The capture of the data in order to deliver the Website and storage of the data in logfiles are both essential for enabling operation of the Website. Consequently, the user has no right of objection in this case.
5. Answering your contact requests, enquiries, requests for spare parts
On our Websites, you will find contact forms which you can use to communicate your wishes to us according to your area of interest. The data you supply in the input mask (e.g., your company, name, email address, etc.) is used by us to appropriately respond to your contact.
The legal basis for processing data where the user’s consent has been given is Art. 6 Para. 1 letter a GDPR. The legal basis for processing data associated with the contact form is Art. 6 Para. 1 letter f GDPR. If the email indicates an intent to enter into a contract, a further legal basis for processing is constituted by Art. 6 Para. 1 letter b GDPR. The data is erased as soon as it is no longer needed to fulfil the purpose for which it is collected. You can object to the further processing of your data at any time.
6. Processing your job application
You will find the necessary forms for job applications on our Websites; you can use these to provide us with your job application information (e.g., name, address, email address etc.).
In order to be able to process your application effectively, we use the applicant management system provided by our partner HR4YOU Solutions GmbH & Co. KG (“HR4YOU”). For this purpose, when you initiate an online application you are redirected to a domain operated by our partner HR4YOU, where you can enter your information. HR4YOU carries out order processing tasks on our behalf and is accordingly permitted to process the information you provide solely in accordance with our instructions. To ensure that this is the case, we have entered into a number of agreements regarding both technical and organisational measures with HR4YOU to ensure that we are able to guarantee that your application data will be protected. If your application leads to an employment contract, the information you have transmitted to us may be stored by us in your (digital) personnel file for purposes of the usual organisational and administrative process, subject to the applicable legal regulations.
The legalbasis for processing data from the job application forms is Art. 6 Para. 1 letter b GDPR. You can object to the further processing of your data at any time.
If you have given your consent, we may also process and use your personal data from the application procedure (surname, first name, residential address, email address, telephone numbers, cover letter, letter of motivation, curriculum vitae, qualifications, references, information from the application interview) for a maximum period of 1 year after the application procedure is completed. This is done to ensure that we can contact you for professional purposes and possibly let you know of a job offer from us. This data can be accessed by employees in the Human Resources department and the decision makers in the respective technical departments. You are entitled to withdraw your consent at any time without giving a reasons and with effect for the future. If you do withdraw your consent, your information will not be considered for subsequent vacancies. Your information will then be erased in keeping with the applicable provisions of the law.
We would point out here that risks are also generally associated with the transmission of data across the Internet (see Section 15.1).
7. Order processing (B2B webshop)
As part of our B2B webshop, we process your customer data in all cases to help us manage the associated business processes. On the one hand, this involves the data that is needed directly for the ordering process, such as billing and delivery addresses, which may contain personal data. If such is necessary to enable the order to be carried out, this data may also be transmitted to the transport service provider we have tasked with delivery. On the other hand, the data each customer enters in the B2B webshop user administration system themself is also processed. This enables us to track which user has submitted which purchase order. The legalbasis for processing your personal data in the B2B webshop is Art. 6 Para. 1 letter b GDPR, since this data is used for purposes of fulfilling a contract within the meaning of Art. 6 Para. 1 letter b GDPR. You can object to the further processing of your data at any time, unless we are obliged to continue storing it to comply with statutory, incorporation-related or contractual retention requirements. For more information about the cookies we use in the B2B webshop, please refer to Section 12 “Cookies” in this Data Protection Statement.
8. Newsletter mailing
On our Website, you will find the option to subscribe to our free newsletter. When you register to receive the newsletter, the information you enter in the input mask - that is to say at least your email address - is transmitted to us. In order to be able to process information for the registration process, we obtain your consent and refer you to this Data Protection Statement. The consents to distribution are obtained on the basis of Art. 6 Para. 1 letter a, Art. 7 GDPR. For the registration to receive our newsletter, we use the “double opt-in” procedure. This means that after you have given us your consent to send you the newsletter as part of the registration process, we send you a confirmation email to your email address, in which we ask you to confirm your registration. If you do not provide this confirmation within 72 hours, your registration is deleted automatically. If you confirm your wish to receive the newsletter, we store your data until you unsubscribe from the newsletter. The only purpose for which this data is stored is to enable us to send you the newsletter. We also store your IP addresses and times when you send us your registration and confirmation to prevent your personal data from being misused (e.g., registration for the newsletter using a different email address). This other personal data which is collected in the course of the registration process is typically deleted after a period of seven days.
You can withdraw your consent for us to send you the newsletter at any time. To notify us of your withdrawal, you simply need to click on the link which is provided in every newsletter email or send an email to newsletter(at)kurz.de.
9. Analysis, evaluation and optimisation of our online services
It is our stated aim to continually optimise our online offering for you. For the purposes of analysing and evaluating the behaviour of visitors to our Websites, we use Google-Analytics.
This service is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA.
10. Google Tag Manager
On our Websites, we use the service Google Tag Manager of the company Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google Tag Manager). Google Tag Manager offers a technical platform to run and bundle other web services and web tracking programs using so-called ‘tags.’ In this context, Google Tag Manager stores cookies on your computer and analyses your surfing behavior (so-called ‘tracking’) if web tracking tools are executed using Google Tag Manager. This data sent by individual tags integrated into Google Tag Manager is aggregated, stored, and processed by Google Tag Manager under a uniform user interface. All integrated ‘tags’ are listed separately again in this data protection statement. Further information on the data protection of the tools integrated in Google Tag Manager can be found in the respective section of this data protection statement. In the course of using our Websites with activated integration of tags from Google Tag Manager, data such as, in particular, your IP address and your user activities are transmitted to servers of the company Google Ireland Limited. With regard to the web services integrated using Google Tag Manager, the provisions in the respective section of this data protection statement apply. The tracking tools used in Google Tag Manager ensure that the IP address is anonymised by Google Tag Manager before transmission by means of IP anonymization of the source code. Google Tag Manager only collects anonymized IP addresses (so-called IP masking).
The legal basis for the processing of personal data:
Purpose of data processing:
On our behalf, Google will use the information obtained by means of the Google Tag Manager to evaluate your visit to this Website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage.
Length of time in storage:
Google will store the data relevant for the function of Google Tag Manager for as long as it is necessary to fulfil the booked web service. The data collection and storage are anonymized. If there is a reference to a person, the data will be deleted immediately, as long as it is not subject to any legal obligations to retain data. In any case, the deletion takes place after the expiration of the retention obligation.
Right to object and to erasure:
11. Delivery of online advertising
In order to be able to present you with online advertising which is tailored individually to your usage behaviour on our Websites, we use the following services/technologies:
Google AdWords Conversion
Google Dynamic Remarketing
Double Click by Google
The provider of these services is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA
The Websites use the YouTube video platform, which is operated by YouTube LLC, 901 Cherry Ave. San Bruno, CA 94066, USA. YouTube is a platform that enables the playback of audio and video files.When you access a page from our Internet presence, the player which is integrated in the page by YouTube creates a link to YouTube that ensures the technical transmission of the video and/or audio file. When the link to YouTube is created, data is transmitted to YouTube. The YouTube server receives information about the specific page of our Internet presence that you visited. If you also happened to be logged into your YouTube account, you would enable YouTube to associate your surfing behaviour directly with your personal profile. You can prevent this capability entirely by logging out of your YouTube account beforehand.
For more information about the collection and use of your data by YouTube and your rights in this regard and setting options for protecting your privacy, please refer to the notes on data protection there under policies.google.com/privacy.
Most of the cookies we use are of the type known as “session cookies”. They are deleted automatically at the end of your visit to our Website. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser again the next time you visit.
Deactivating cookies may have the effect of limiting the functionality of the Website. In the following section, we will provide details about the services on our Websites that use/implement cookies:
Our Websites use functions provided by the web analysis service Google Analytics to determine which content on our Websites is most interesting to you, for example. The information generated by the cookie about your use of this Website is usually transmitted to a Google server in the USA and stored there. For more information about how Google Analaytics handles user data, please refer to the Google Data Protection Statement: support.google.com/analytics/answer/6004245
Browser PluginYou can prevent cookies from being stored by making the corresponding setting in your browser software; but we would point out that in this case you may not be able to use the full range of functions offered on this Website. You can also prevent collection of the data generated by the cookie relating to your use of the website (including your IP address) and processing of that data by Google by downloading and installing the browser plugin which is available on the following link: tools.google.com/dlpage/gaoptout
Objection to data capture
You can object to the capture of your data by Google Analytics by clicking on the following link. An “opt-out” cookie is set, which prevents your data from being captured when you visit this Website in future: Deactivate Google Analytics. Deleting all of the cookies in your browser also deletes the corresponding opt-out cookie.
Contract data processing
We have entered into an agreement for contract data processing with Google, and we apply the strict regulations of the German data protection authorities to the use of Google Analytics to the fullest extent.
We use the “Activate IP anonymisation” function on this Website. However, this entails your IP address being truncated by Google beforehand within the member states of the European Union or in other signatory states of the Agreement of the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there. On the instructions of the operator of this Website, Google will use this information to analyse your use of the Website, to compile reports on Website activities and to provide additional services for the Website operator associated with Website and Internet use. The IP address that is transmitted by your browser as part of the Google Analytics function is not merged with other data by Google. The cookies stored by Google Analytics is deleted at the latest after 14 months.
13.2 Google AdWords Conversion
In the context of Google-AdWords we use the "Conversion-Tracking” analysis service on our Websites.If you have come to our Website via a Google advertisement, a cookie is placed on your computer. These conversion cookies lose their validity after 30 days and are not used to dentify you personally. If you visit certain pages on our Websites and the cookie has not expired, we and Google can see that you as a user have clicked on one of the advertisements that were placed with Google and were consequently redirected to our page.
Google uses the information collected with the aid of the conversion cookies to prepare visit statistics for our Website. From these statistics we learn the total time spent by users who have clicked on our advertisement, and also which pages of our Website were subsequently accessed by the respective user. However, neither we nor other providers who use GoogleAdwords in our advertising receive any information that enables us to identify users personally.
You can prevent the conversion cookies from being installed by making corresponding settings in your browser, for example with the browser setting that deactivates the automatic setting of cookies generally, or which specifically only blocks the cookies from the “googleadservices.com” domain.
For more detailed information and the Google Data Protection Statement, please visit:
13.3 Google Dynamic Remarketing
This function serves to present to visitors to the Website interest-specific advertisements for “similar target groups” within the Google advertising network. The browser of the Website user stores cookies which render the user recognisable when they return to Websites which belongs to the Google advertising network. On these pages, the user can then be presented with advertisements relating to the content the visitor viewed previously on Websites that use the Google Remarketing function. By its own account, Google does not collect any personal data in this process.
Option to object
For more detailed information about Google Remarketing and the Google data protection statement, please visit: www.google.com/privacy/ads/ .
13.4 DoubleClick by Google
Option to objectYou can deactivate the DoubleClick cookies by making the appropriate settings in Google directly: www.google.com/settings/ads
or on a deactivation page of the network advertising initiative (NAI): www.networkadvertising.org/managing/opt_out.asp
13.5 B2B Webshop
We use the following cookie in our B2B webshop:
- Session ID cookie: For this, a random-generated combination of letters and numbers is assigned to the respective user, e.g., to enable secure login or to store the progress in the ordering processes (products in the shopping cart). In addition his cookie is used to check whether the user has already accepted the cookie instructions (cookie banner) in the B2B webshop, which is shown on the page until it is confirmed.
The cookie stored in the B2B webshop is deleted after 12 months or sooner.
14. Data transfer
For the purposes described in Section 3.1, your data is also transmitted to the responsible offices of KURZ and to affiliates of KURZ if this is necessary in order to fulfil the stated purposes and thus conforms to the legal permission regulations or if you have given your consent for the transmission.
We are permitted to forward personal data to third parties if for example participations in promotional activities or competitions etc. are jointly offered by us with a third party provider. In these cases you will be advised in a separate notice that your personal data will be sent to third parties before it is transmitted. We use external service providers in some cases to process your personal data. These providers have been selected by us with extreme care and engaged in writing. They are bound by our instructions and are reviewed by us regularly. The service providers will not communicate this personal data to third parties.
Furthermore, we ensure that your personal data is not communicated to third parties unless we are obliged to do so by law or unless you have explicitly stated that we may do so.
15. Notes on data security
15.1 Data security on the Internet
The Worldwide Web is a publicly accessible system. If personal data is divulged online, this data is transmitted at the user’s risk. The data can be lost in transit or may fall into the hands of unauthorised third parties. KURZ has adopted measures to guarantee the confidentiality and security of your personal data
Your data is protected conscientiously from being lost, destroyed, falsified, manipulated or exposed to unauthorised access or unauthorised disclosure e.g., by the following methods:
- If you transmit your personal data to us via our Website or in an email, it will only be used for the purpose stated in Section 3.1.
- Our employees are bound individually to observe a duty to confidentiality and are obliged to observe the principles of data secrecy.
- Our security measures reflect the current state-of-the-art as far as reasonably possible.
- The security of our systems is checked regularly, so that we can permanently protect the data entrusted to us from any damage, loss or access.
- The data protection officer works continuously to ensure that the provisions of the law are maintained.
15.2 Recommendations for improving your personal data security
- You can configure your browser so that you are informed as soon as cookies are to be set, so that you can accept them globally or on a case by case basis, or reject them globally (see Section 12).
- You can see whether an Internet connection is secure, among other things, from the address. If the address begins with https, this indicates that the connection is secure (e.g. ….de). We are making every effort to convert all of our Websites to https where this has not yet been done. Another indicator is the symbol of a locked padlock in the bottom icon tray of your browser.
- We will never ask you to communicate confidential data such as a PIN number or your password by email, over the phone or by SMS, nor will we ask you to return or specify this data or enter access data directly.
16. Rights of data subjects
If personal data about you is processed, you are a data subject within the meaning of the GDPR, and you have the following rights in respect of the controller. Regarding this matter, please contact our data protection officer using the contact information provided in Section 2.2.
16.1 Right to information
You have the right require that we provide you with information about the personal data we have stored relating to you.
16.2 2 Right to rectification
You have the right to require that personal data relating to you be corrected and/or completed immediately.
16.3 Right to restriction of processingYou have the right to require that the processing of your personal data be restricted if you are contesting the accuracy of the data, if the processing is unlawful but you reject the option to have it erased and we do not need the data any more but you need it to enforce, exercise or defend your legal rights or you have submitted an objection to the processing in accordance with Art. 21 Para. 1 GDPR. If the processing of the personal data relating to you has been restricted, apart from saving it, this data can only be processed with your consent or in order to enforce, exercise or defend legal rights or to protect the rights of another natural or legal person or for reasons of substantive public interest of the union or of a member state. If the restriction of processing has been restrained pursuant to the above conditions, you will be informed by us before the restriction is cancelled.
16.4 Right to erasure (“right to be forgotten”)
You have the right to request the erasure of personal data relating to you that is stored with us, unless it is essential for the exercise of the right to the free exchange of opinion and information, processing to fulfil a legal obligation for reasons of public interest or for enforcing, exercising or defending legal rights.
16.5 Right to notification
If you have exercised your right to rectify, erase or restrict processing (16.2-15-4), we will notify all recipients to whom we have disclosed personal data relating to you of this rectification or erasure of the data or of the restriction of processing thereof unless this proves impossible or is associated with unreasonable additional effort.
16.6 Right to data portability
You have the right to have personal data that you provided to us delivered to you or a third party in a structured, standard, machine-readable format. If you require that the data be transmitted directly to another controller, this will only be done if it is technically possible.
16.7 Right to object
If your personal data is processed on the basis of legitimate interests as stipulated in Art. 6 Para. 1 letter f GDPR, you have the right to file an objection to the processing pursuant to Art. 21 GDPR. The controller will discontinue processing personal data relating to you unless it can prove the existence of compelling reasons worthy of protection for continuing to process it which outweigh your interests, rights and freedoms or if processing serves the cause of enforcing, exercising or defending legal rights.
16.8 Right to withdraw consents relating to data protection law
You have the right to withdraw your consent under data protection law at any time with effect for the future. The data that is collected before such withdrawal becomes legally enforceable is unaffected thereby.
16.9 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular within the Member State of your habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to you infringes the GDPR. The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
17. Updating of this Data Protection Statement
It may be necessary (e.g., in the light of changes to the law) to update our Data Protection Statement. We therefore reserve the right to amend or supplement this Data Protection Statement whenever necessary. We will publish the change here. We therefore recommend that you review this Data Protection Statement regularly to ensure that your knowledge is up to date.