according to Art. 13 EU General Data Protection Regulation (GDPR) and § 32 German Federal Data Protection Act (BDSG) 2018
Leidel & Kracht Schaumstoff-Technik GmbH and Leidel & Kracht Verpackungs-Technik GmbH consider data protection of the utmost importance. With this data protection declaration, we would like to clarify which rights you have with regard to personal data. Furthermore, we would like to inform you about the type, scope and purpose of the data collected and processed by us:
First of all, we would like to briefly point out the most important aspects of data protection at Leidel & Kracht.
In the second part, you will find more detailed explanations on data protection issues if you would like to know more about them.
1. Data protection information (short version)
1.1 Who is responsible and who is responsible for data protection?
The responsible data controllers in the sense of the General Data Protection Regulation (GDPR) are:
Company: Leidel & Kracht Schaumstoff-Technik GmbH
Managing directors: Dr. Kay Nowak / E. Nowak
Address: Bremerhavener Str. 31, 50735 Köln
Phone: +49 221 97726-0
Company: Leidel & Kracht Verpackungs-Technik GmbH
Managing directors: Dr. Kay Nowak, Dipl.-Ing. (FH) Rainer Arndt
Address: Cottbuser Str. 1, 51063 Köln
Phone: +49 221 71516-0
Contact details of the data protection officer within the meaning of the GDPR:
Address: Kelvinstr. 14, 50996 Köln
Phone: +49 (0) 2236 / 490 90 80
If you have any questions or suggestions regarding data protection, you can contact our data protection officer directly at any time.
1.2 What rights do you have as the data subject?
You have the right to obtain information about what we have stored about you. Should your data stored by us be incorrect, you may request correction or deletion of this data. In addition, you may request that these data be blocked and thus further processing by us may only be carried out with your consent.
You also have the right to object to the further processing of your data at any time for reasons arising from your particular situation. Furthermore, if you wish, we will make your data that you have given us available to you for your further use. At your request, we will also send it to a recipient to be designated by you.
Furthermore, you have the right to withdraw your consent to the processing of your personal data at any time. This does not affect the legality of the processing that took place until the withdrawal.
You also have the right to complain to a supervisory authority. Corresponding addresses can be found on the websites of the Federal Commissioner for Data Protection and Freedom of Information (BFDI): https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/addresses_links-node.html
1.3 For what purpose and on what legal basis will my data be processed?
The personal data collected by us during your visit to our website will only be processed for contract processing and processing your enquiries. Processing or use of the data collected by us and communicated by you takes place exclusively for the fulfilment of the aforementioned purposes either by us, our affiliated companies and companies commissioned by us for data processing ("processors"), provided that these also meet the data protection requirements of the GDPR. (For the processing of data collected on our websites not from us but from third parties, see below: "Who receives my data?")
In addition, your data will only be collected, processed and used for other purposes (market research, consulting and information/advertising, including newsletters) if you have given us your corresponding consent or if the processing in accordance with Art. 6 para. 1 letters b-f GDPR is required, for example to protect the vital interests of natural persons or in the public interest.
We do not intend to use your personal data for any purpose other than that for which they were collected.
We do not carry out profiling within the meaning of Art. 4 GDPR with your data.
1.4 How is my data collected and who receives it?
Use of the Leidel & Kracht website is generally possible without the active provision of personal data.
An exception to this are the following elements on our web pages:
We have set cookies on our website in order to increase the convenience and functionality of our website for you. A typical field of application for cookies is the storage of a certain (login) status during web use, so that a user does not have to log in again for each subpage of a website. In order to be able to distinguish between different users, a unique identifier is usually stored in a text cookie. The identification stored in the cookie has no personal reference per se. It becomes relevant under data protection law as soon as personal data is stored in a cookie or a link is established between the cookie ID and personal data. Depending on function and intended use, a distinction is made between five categories of cookies:
- Essential cookies: This type of cookie is required for navigation on the website and for providing the basic functions of the website.
- Functional cookies: Functional cookies enable the website to store information provided by the user during the visit (login, user name, language and location selection) in order to offer the user a simplified, extended range of functions when he visits the website again.
- Performance Cookies: Performance cookies serve to improve the user experience by increasing user-friendliness. For this reason, performance cookies collect information about how the website is used (e.g.: Information on the operating system, the browser used, the number of visits, the pages called up in this context and the average length of stay).
- Analysis cookies: The cookies serve the operator of the website to understand which preferences and search terms are used to access the main and sub-pages of the website.
- Marketing cookies: Marketing cookies serve the goal of generating added value for the user through relevant content that is tailored to his or her individual interests. This cookie type is also used to measure and control the effectiveness of advertising campaigns. In addition to the frequency of site visits, the marketing cookies also record the duration of use and stay with regard to the content offered. Marketing cookies are also gladly linked to page functionalities of third parties. The information collected in this way may be passed on to third parties, such as the operator of the website.
However, you can prevent the setting of cookies at any time by means of the corresponding settings of your Internet browser and thus permanently object to this. You can use your browser settings to delete individual cookies that have already been saved or the entire cookie inventory. In the following we have compiled links to information and instructions that describe the browser settings to be made in detail and in relation to the provider:
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Google Chrome: https://support.google.com/accounts/answer/61416?hl=de
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen
You can also individually manage the cookies of many companies and features used for advertising. Use the corresponding user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices.
In addition, a large number of browsers have already implemented a "Do-Not-Track function" with which you can specify that you do not want to be "tracked" by websites. By enabling this feature, your browser tells advertising networks, websites and applications that you do not want to be tracked for behaviour-based advertising and the like. Information and instructions on how to edit this function are available from the links below, depending on the provider of your browser:
Internet Explorer: https://support.microsoft.com/de-de/help/17288/windows-internet-explorer-11-use-do-not-track
Google Chrome: https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=en
Mozilla Firefox: www.mozilla.org/de/firefox/dnt/
The following cookies are used on the website:
Cookie name: - PHPSESSID (session cookie)
If you contact Leidel & Kracht via the contact form, your personal data will be transmitted to us SSL-encrypted and automatically stored for processing or contact purposes. There is no transfer of this personal data to third parties.
You can send us online applications for job advertisements from Leidel & Kracht or unsolicited applications by email or via the entry forms of the online job exchange you use. We place the highest value on demonstrable compliance with the GDPR. For this reason, your applicant data will be deleted after six months, unless you have agreed to your data being processed for a longer period of time. This data will not be passed on to third parties unless required to do so by law or for the purpose of criminal prosecution. Leidel & Kracht has no influence on the processing of your personal data by the online job exchanges. Please refer to their data protection declarations for relevant information.
How long will my data be stored?
The data collected from you will be stored by us for the duration of the business relationship, taking into account existing retention periods.
1.6 Is the collection and storage of my data mandatory or necessary?
We collect and store the data provided by you for the fulfilment of the contract to be concluded and implemented with you. In all other respects, we are obliged to do so in accordance with tax regulations.
2. Data protection information (detailed version)
2.1 Data processing
2.1.1 General information on the use of the homepage
Use of the Leidel & Kracht website is generally possible without the active provision of personal data. If a data subject wishes to make use of special services of our company via our website (e.g. the use of the contact form), the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, the data subject generally must consent to us processing their data.
The processing of personal data, such as the name, address, email address or telephone number of a data subject, always takes place in accordance with legal requirements.
Leidel & Kracht has implemented numerous technical and organisational measures as the group responsible for the processing of personal data in order to ensure that all personal data processed via this website is protected as completely as possible. Nevertheless, Internet-based data transmissions can have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
2.1.2 Contact via the website
Due to legal regulations, the Leidel & Kracht website contains information that enables rapid electronic contact with our company and direct communication with us. If a data subject contacts the controller by email or via a contact form, any personal data transmitted by the data subject are automatically stored.
Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties. This data will be deleted once the purpose has been achieved, unless legal or official storage obligations intervene.
2.1.3 Routine deletion and blocking of personal data
We process and store personal data of the data subject only for the period necessary to achieve the processing purpose or insofar as this is provided for in the GDPR or laws or regulations.
If the processing purpose no longer applies or if a statutory storage period expires, the personal data is deleted routinely and in accordance with the statutory provisions.
2.1.4 Legal basis for processing
Art 6 I (a), GDPR serves our company as a legal basis for processing operations through which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the processing is based on Art. 6 I (b) GDPR. The same applies to such processes that are necessary to take steps at the request of the data subject prior to entering into a contract, for example in cases of enquiries about our products or services.
If our company is subject to a legal obligation which requires the processing of personal data, for example to fulfil tax obligations, the processing is based on Art. 6 I letter (c) GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person.
In addition, processing operations could be based on Article 6 I (f) GDPR if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not prevail. Efficient, customer-friendly and high-quality service provision is one of the most justified interests.
2.1.5 Data protection for applications and in the application procedure
We collect and process the personal data of applicants for the purpose of facilitating the application process. Processing may also be carried out electronically. This is particularly the case if an applicant sends corresponding application documents to the controller by electronic means, for example by email or via a web form on the website. If the data controller responsible for processing concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the data controller does not conclude an employment contract with the applicant, the application documents shall be deleted after six months at the latest.
2.2 Rights of the data subject
According to the GDPR, data subjects are entitled to the following rights. If you, as a data subject, wish to exercise one or more of these rights, you can contact our data protection officer or another employee of the data controller at any time.
2.2.1 Right to withdraw data protection consent
As a person affected by the processing of personal data, you have the right to withdraw your consent to the processing of personal data at any time with effect for the future. An email or other written declaration to us is sufficient for this purpose. You can send your withdrawal to: email@example.com or firstname.lastname@example.org
2.2.2 Right to be informed
As a data subject affected by the processing of personal data, you have the right at any time to receive free information from the data controller about the personal data stored about you and a copy of the personal data. The right to information concerns the following information:
- the purposes of processing
- the categories of personal data concerned;
- the recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
- where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- the existence of a right to rectification or erasure of the personal data concerning you or of a restriction of the processing by the person responsible or of a right to object to such processing;
- the existence of the right to lodge a complaint with a supervisory authority
- where the personal data are not collected from the data subject, any available information as to their source
- the existence of automated decision-making, including profiling, referred to in Article 22 (I) and (IV) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.
Furthermore, the data subject has a right of access to information as to whether personal data has been transferred to a third party or to an international organisation. If this is the case, the data subject has, in addition, the right to obtain information about the appropriate guarantees in connection with the transfer.
2.2.3 Right to rectification
As a data subject affected by the processing of personal data, you have the right to request the immediate correction of incorrect personal data concerning you. You also have the right, taking into account the purposes of the processing, to request the completion of incomplete personal data, including by means of a supplementary declaration.
2.2.4 Right to erasure ("Right to be forgotten")
As a data subject affected by the processing of personal data, you have the right to request that the personal data concerning you be deleted immediately, provided that one of the following reasons applies and insofar as the processing is not necessary:
- The personal data have been collected or otherwise processed for such purposes for which they are no longer necessary (i.e. the data are no longer required).
- The data subject withdraws consent to which the processing is based according to point (a) of Article 6 (I) of the GDPR, or point (a) of Article 9 (II) of the GDPR, and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21 (I) of the GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 (II) of the GDPR.
- The personal data has been unlawfully processed.
- The personal data must be erased for compliance with a legal obligation under European Union or Member State law to which the data controller is subject.
- The personal data have been collected in relation to information society services provided in accordance with Article 8 I of the GDPR.
If the personal data has been made public by Leidel & Kracht and our company as the data controller is obliged to delete the personal data in accordance with Art. 17 I GDPR, we take appropriate measures, taking into account the available technology and the implementation costs, to inform other responsible parties for data processing who process the published personal data, in particular to delete all links to this personal data or copies or replications of this personal data, insofar as the processing is not necessary. The data protection officer of Leidel & Kracht or another employee will take the necessary steps in individual cases.
2.2.5 Right to restriction of processing
As a data subject affected by the processing of personal data, you have the right to request the restriction of the processing if one of the following conditions is met:
- The accuracy of your personal information is contested by you for a period of time that allows us to verify the accuracy of your personal information.
- The processing is unlawful, you refuse to delete the personal data and instead demand a restriction on the use of the personal data.
- We no longer need the personal data for the purposes of processing, but you do need it to assert, exercise or defend legal claims.
- You have objected to the processing pursuant to Art. 21 I GDPR and it has not yet been determined whether the legitimate reasons of the person responsible outweigh yours.
2.2.6 Right to data portability
As a person affected by the processing of personal data, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to have this data communicated to another controller without hindrance by the controller, provided that the processing is based on the consent provided for in Article 6 I (a) GDPR or Article 9 II (a) GDPR or on a contract pursuant to Article 6 I (b) GDPR and that the processing is carried out using automated procedures or provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of public authority conferred on the data controller.
Furthermore, in exercising his or her right to data portability pursuant to Article 20 I of the GDPR, the data subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.
2.2.7 Right to object
As a data subject affected by the processing of personal data, you have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out in order to safeguard a legitimate interest of the data controller.
This also applies to profiling based on these provisions, whereby Leidel & Kracht points out that no profiling should be carried out.
Leidel & Kracht will no longer process personal data in the event of an objection, unless we can prove compelling reasons worthy of protection for the processing, which outweigh the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.
If Leidel & Kracht processes personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to any profiling connected with such direct advertising. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.
2.2.8 Automated individual decision-making, including profiling
As a data subject, you have the right not to be subject to a decision based exclusively on automated processing, including profiling, which has legal effect against you or significantly affects you in a similar manner, provided that the decision
- is necessary for entering into, or performance of, a contract between the you and a data controller;
- is authorised by Union or Member State law to which the data controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
- with your express consent.
Leidel & Kracht does not use any purely automated decision systems with regard to the processing of personal data that have a legal effect on you or significantly affect you in a similar way.
2.2.9 Right to lodge a complaint with a supervisory authority
As a data subject affected by the processing of personal data, you have the right of appeal to a supervisory authority, in particular in the Member State where you are staying, working or suspected of infringing, if you consider that the processing of personal data concerning you is contrary to data protection law. Corresponding addresses can be found on the websites of the Federal Commissioner for Data Protection and Freedom of Information (BFDI): https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/addresses_links-node.html
With the development of data protection law, terms have become established that are not always self-explanatory. The explanations in Art. 4 GDPR are quoted in extracts below:
(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
(2) ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
(3) ‘restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future;
(4) ‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
(5) ‘pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
(7) ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
(8) ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
(9) ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
(10) ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;
(11) ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
(12) ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.