Data protection

Information about the collection of personal data

a) Below, we provide information about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, email addresses, user behaviour.

b) The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (hereinafter referred to as ‘GDPR’) is

Kunststofftechnik KRUG GmbH
Schusterstr. 6-8
D-35236 Breidenbach
Email: compliance(at)krug-breidenbach.de

You can contact our data protection officer at:

gds Gesellschaft für Datenschutz Mittelhessen mbH
Auf der Appeling 8
D-35043 Marburg- Cappel
Telephone: +49 (0) 6421 804 13 10
Email: datenschutz(at)gdsm.de

c) If we use contracted service providers for individual functions of our offering or wish to use your data for advertising purposes, we will inform you in detail about the respective processes below.

Contact by email, telephone, fax

a) When you contact us by email, telephone or fax, the data you provide and the personal data resulting from this (e.g. name, enquiry, email address, telephone number) will be stored by us for the purpose of processing your enquiry and in the event of follow-up questions. We will not pass this data on to third parties without your consent.

b) The data you send us via contact enquiries will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for which it was stored no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

c) The processing of this data is based on Art. 6 para. 1 lit. b GDPR, provided that your request is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 para. 1 lit. a GDPR) if this has been requested.

Contact via contact form

a) When you contact us via a contact form, the data you provide and the personal data derived from it (e.g. name, enquiry, email address, telephone number) will be stored by us for the purpose of processing your enquiry and in the event of follow-up questions. We will not pass on this data to third parties without your consent.

Data processing for applications

You can apply on our website in the ‘Careers’ section via our online application portal, by email or by post. We require the following data in the online application form: surname, first name, email address, telephone number, gender, address and place of residence. In addition, we process the information we receive from you during the application process, e.g. through your application letter, CV, references, correspondence, telephone or verbal information. In addition to your contact details, information about your education, qualifications, work experience and skills is particularly relevant to us.

Your data will initially be processed exclusively for the purpose of the application process. If your application is successful, they will become part of your personnel file and will be used for the purpose of establishing and terminating the employment relationship and will be deleted in accordance with the regulations applicable to personnel files. If we are unable to offer you employment at this time, we will continue to process your data for up to six months after sending the rejection letter in order to defend ourselves against any legal claims, in particular those alleging discrimination in the application process. You have the option of giving us your consent to store the data you have provided for more than 6 months for possible future contact for professional purposes. In this case, the data will be stored for a period of 1 year, after which the personal data will be completely deleted. You can revoke your consent at any time with future effect. If you receive any reimbursement of expenses or if other tax-relevant transactions have taken place, the corresponding accounting documents will be retained in accordance with the applicable retention requirements for budgetary and tax purposes. Your data will initially be accessible to our Human Resources department, but also to the specialist department of the position you have applied for and, if necessary, to the accounting department. Our administrators and processors have the technical ability to access data processed by IT systems – they are strictly bound by our instructions. Our service provider has also been carefully selected and appropriate contractual agreements and technical precautions have been taken to maintain a level of data protection. In certain cases, we may need to disclose your personal data to third parties, such as our bank if you are to receive a reimbursement of costs, or to the postal service if we communicate with you by letter.

The legal basis for data processing in the application process and as part of the personnel file is Section 26 (1) sentence 1 BDSG and Article 6 (1) lit b GDPR and, if you have given your consent, for example by sending information that is not necessary for the application process, Article 6 (1) lit a GDPR. The legal basis for data processing after rejection is Art. 6 para. 1 lit. f GDPR. The legal basis for storage for budgetary and tax purposes is Art. 6 para. 1 lit. c GDPR in conjunction with § 147 AO (German Fiscal Code). The legitimate interest in processing on the basis of Art. 6 para. 1 lit. f GDPR is the defence against legal claims. We do not generally require special categories of personal data within the meaning of Art. 9 GDPR for the application process. We kindly ask you not to send us any such information in advance. If, in exceptional cases, such information is relevant to the application process, we will process it together with your other application data. This may, for example, concern information about a severe disability, which you can provide to us voluntarily and which we then have to process in order to fulfil our special obligations with regard to severely disabled persons. In these cases, the processing serves to exercise rights or fulfil legal obligations under labour law, social security law and social protection law. The legal basis for data processing is then Art. 9 para. 2 lit. b GDPR, §§ 26 para. 3 BDSG, 164 SGB IX. In exceptional cases, it may be necessary to obtain information about your health or a disability or information from the Federal Central Register, i.e. about previous convictions, in order to assess your suitability for the intended activity. The legal basis for this is Section 26 BDSG. Your data will not be used by us for automated decision-making or profiling.

Collection of personal data when visiting our website

a) When you use our website for informational purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security on the basis of Art. 6 para. 1 lit. f GDPR and in accordance with § 25 TTDSG:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred
Website from which the request originates
Browser
Operating system and its interface
Language and version of the browser software.

b) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information flows to the entity that sets the cookie (in this case, us). Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offering more user-friendly and effective overall.

Use of cookies:

a) This website uses the following types of cookies, the scope and functionality of which are explained below:

Transient cookies (see b)
Persistent cookies (see c).

b) Transient cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called session ID, which allows various requests from your browser to be assigned to the same session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.
c) Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete cookies at any time in your browser's security settings.
d) We use cookies that are technically necessary and that make your visit to our website possible in the first place. If we use cookies that are not technically necessary, we will obtain your consent for this.
e) The legal basis for the use of cookies that are technically necessary for the display and necessary functions of our website is Section 25 (2) TTDSG and Art. Art. 6 para. 1 sentence 1 lit. f GDPR (legitimate interest). If we do not use technically necessary cookies for the display and necessary functions of our website, we will obtain your consent. The legal basis for the use of these cookies is Section 25 (1) sentence 1 TTDSG and Art. 6 para. 1 sentence 1 lit. a GDPR.

f) You can give any necessary consent in our Consent Manager when you first visit our website and then manage it at any time Cookie settings

g) Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our website.

h) A list of all cookies used, a description of the legally required information on the individual cookies and the (de)activation of your consent(s) can be found under Cookie settings

Processing for the fulfilment of contractual or pre-contractual obligations (Art. 6 (1) (b) EU GDPR)

Personal data is processed for the purpose of your use of our website, to fulfil a contract with you as a service provider, when you use our network and when we are in contact with you. The purposes of data processing and the necessity thereof are primarily determined by the specific purposes defined by the aforementioned legal relationships.

Within the framework of a contract with you as a customer, this includes, in particular, the establishment, design, fulfilment, consultation and billing of such a contract, together with the services you have used, as well as the exchange of personal data with necessary business partners (e.g. transferring or receiving network operators when changing providers). When you use our network, we also exchange data with other network operators to the extent necessary to establish and maintain the connection, as well as for billing and invoicing, including debt collection. This also includes storing data about your payment behaviour. We need this data to be able to carry out dunning procedures or a possible suspension of services.

In addition, in accordance with the TKG, we collect the connection identifiers used and other traffic data when you use our telecommunications network by dialling a number that is realised in our network. In this case, we collect data for establishing and maintaining the connection and for billing purposes. For this purpose, your subscriber network operator, who provides your connection, will, under certain circumstances, provide us with your name and address and charge for the connection. In addition, we continue to collect data from publicly accessible sources (e.g. commercial registers, your websites, press articles, etc.) and obtain data from credit agencies within the scope of permissibility under Art. 6 lit. f) EU GDPR.

Processing also takes place for the purpose of processing your enquiries and establishing customer relationships or a comparable contact relationship, as well as for job applications.

For the aforementioned purposes, it may also be necessary for us to pass on your data to group companies or external service providers within the scope of order processing.

Data transfer to third parties

Within our company, persons who are entrusted with processing your data will have access to it to the extent that this is necessary or appropriate. Service providers and vicarious agents employed by us, such as service providers in the field of IT services, telecommunications and logistics, may also have access to personal data for these purposes if they comply with our written data protection instructions and the general data secrecy within the scope of order processing and, where applicable, the telecommunications secrecy.

In addition, when providing services on our network, data is exchanged with the network operators involved, in particular when establishing and maintaining connections across network boundaries and for billing and debt collection purposes. This transfer only takes place to the extent necessary. The details of the data exchange and data processing depend on the type of service used. Further details can be obtained from your subscriber connection provider, who enables you to select the services provided on our network.

We work with third parties to collect debts.

In particular, we will not transfer personal data to third parties for advertising or address trading purposes.

Data transfer to a third country or to international organisations

Data will only be transferred to countries outside the EU or the EEA (‘third countries’) if this is necessary for the performance of the contractual relationship (contract for the use of the services provided on our network). In the case of other contractual relationships, such as a contact relationship, such data transfer will only take place to fulfil this contractual relationship or if this is exceptionally appropriate due to a legitimate interest. The same applies to the use of our websites from locations outside the EU or the EEA.

Duration of data storage

When you use our websites, we store your IP address and usage data for the duration of your visit. In addition, your IP address is stored if this is necessary for data security and to investigate or prevent security or data protection violations, whereby the appropriateness is determined by the specific threat situation. In this case, IP addresses are only stored for as long as is appropriate for the aforementioned purposes, generally not exceeding three months. In the event of a criminal complaint or prosecution or the enforcement of claims against persons who commit security or data protection violations, the data may be stored and used until the claims have been finally clarified or enforced.

For the purpose of establishing, executing and fulfilling a contract with you as a customer of telecommunications services, we store the data until the end of the contract and beyond, namely until the end of the calendar year following the year in which the contract is terminated. Upon expiry of this period, the data will not be deleted but blocked, as we are required by commercial and tax law to store the data for up to 10 years. This storage also applies to invoice amounts. Specifically, we store the individual connections and the resulting billing data for a period of three calendar months, provided that this is necessary for billing purposes with you or other network operators. If the party liable for payment (e.g. you or the user/end customer liable for payment) raises objections within the specified period, the data will be stored until the objections have been clarified or the claim has been settled. Further storage will only take place in exceptional cases if this is permitted under the TKG (e.g. troubleshooting, investigation and prevention of misuse).

If you, as the end user, use a service provided on our network, we will process and store your data within the scope of this usage process for as long as it lasts and is necessary for its use. After the end of the usage process, we will store this data for a period of 3 calendar months if this is necessary for billing purposes with you or other network operators. If the party liable for payment (e.g. user/end customer) raises objections within the specified period, the data will be stored until the objections have been clarified or the claim has been collected. Further storage will only take place in exceptional cases if this is permitted under the TKG (e.g. troubleshooting, investigation and prevention of misuse).

Within the framework of a contact relationship, contact details and communication data are stored and used to the extent necessary for the respective communication purpose or to the extent appropriate for the purpose.

Collection of outstanding claims

Insofar as the collection of an outstanding claim becomes necessary within the scope of our legitimate interests on the basis of the contractual relationship or in any other way – and the interests of the data subject requiring the protection of personal data do not outweigh these interests – we commission legal entities to collect the claim. The data required for collection will be transferred to the commissioned legal entity. The legal basis is Article 6(1)(b) and Article 6(1)(f) of the EU GDPR.

Further functions and offers of our website

In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do so, you will usually need to provide additional personal data, which we will use to provide the respective service and to which the aforementioned principles for data processing apply.

In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

Furthermore, we may pass on your personal data to third parties if we offer promotions, competitions, contract conclusions or similar services together with partners. You will receive more detailed information on this when you provide your personal data or below in the description of the offer.

If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this in the description of the offer.

Data security

The personal data we collect and store is treated confidentially and protected against loss, alteration and unauthorised access by third parties through appropriate technical and organisational measures. Your personal data is transmitted in encrypted form via the Internet. We use SSL encryption (TLS 1.2 or higher) for data transmission.

Automated decisions, profiling

We do not make any automated decisions (including profiling) using the personal data we collect when you visit our website.

Your rights

a) You have the following rights vis-à-vis us with regard to your personal data:

Right to information (Art. 15 GDPR),
Right to correction (Art. 16 GDPR) or deletion (Art. 17 GDPR),
Right to restriction of processing (Art. 18 GDPR),
Right to object to processing (Art. 21 GDPR), see section 6 for more details.
Right to data portability (Art. 20 GDPR).

b) You also have the right to complain to a data protection supervisory authority about our processing of your personal data (Art. 77 GDPR).

Objection or revocation of the processing of your data

a) If you have given your consent to the processing of your data, you can revoke this at any time. Such revocation affects the lawfulness of the processing of your personal data after you have notified us of your revocation.

b) Insofar as we base the processing of your personal data on the balancing of interests, you may object to the processing. This is the case if the processing is not necessary for the performance of a contract with you, which is explained by us in the following description of the functions. If you exercise such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either stop or adjust the data processing or inform you of our compelling legitimate grounds for continuing the processing.

You can, of course, object to the processing of your personal data for advertising and data analysis purposes at any time.

Cookie consent with Usercentrics

This website uses cookie consent technology from Usercentrics to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies and to document this in accordance with data protection regulations. The provider of this technology is Usercentrics GmbH, Rosental 4, 80331 Munich, website: usercentrics.com/en/ (hereinafter ‘Usercentrics’). When you enter our website, the following personal data is transferred to Usercentrics:

Your consent(s) or the revocation of your consent(s)
Your IP address
Information about your browser
Information about your device
Time of your visit to the website

Furthermore, Usercentrics stores a cookie in your browser in order to be able to assign the consents you have given or their revocation. The data collected in this way is stored until you request us to delete it, delete the Usercentrics cookie yourself or the purpose for data storage no longer applies. Mandatory legal storage obligations remain unaffected.
Usercentrics is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR. We have concluded a contract for order processing with Usercentrics. This is a contract required by data protection law, which ensures that Usercentrics processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

Hosting

Hosting of this website: The Internet offering is provided by Mittwald CM Service GmbH & Co. KG as a technical service provider on our behalf and in accordance with our specifications. The personal data collected on this website is stored on the host's servers. This may include IP addresses, contact enquiries, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website. The hosting provider is used for the purpose of fulfilling our contractual obligations towards our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f GDPR). Our host will only process your data to the extent necessary to fulfil its performance obligations and will follow our instructions regarding this data. The host's server location is in Germany.

Supplier self-disclosure

Supplier self-disclosure is a multi-page questionnaire used to obtain systematic information about and from suppliers. This process serves to pre-select new suppliers and evaluate existing suppliers in the context of purchasing and procurement. In the supplier self-disclosure, you can provide your first name, last name, business email address or telephone number, among other things. We process this data on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. The processing of this data may be carried out on the basis of Art. 6 para. 1 lit. b GDPR, provided that the self-disclosure you have provided to us is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of the self-disclosure provided to us in accordance with Art. 6 para. 1 lit. f GDPR. No data will be passed on to third parties. If processing is based on your consent, you can revoke this consent at any time with future effect. In all other cases, the data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. If the data is subject to statutory retention periods, it will be deleted immediately after expiry of these periods.

Use of Google Maps

On this website, we use Google Maps via an API based on your consent in accordance with Art. 6 para. 1 lit. a GDPR. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function. The provider is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

To ensure data protection on this website, Google Maps is deactivated when you first visit this website. A direct connection to Google's servers is only established when you activate Google Maps yourself. This prevents your data from being transferred to Google when you first visit the site.

After activation, Google Maps will store your IP address and location information. This is then usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer after Google Maps has been activated. For cases in which personal data is transferred to the USA, Google has submitted to the EU-U.S. Data Privacy Framework, www.dataprivacyframework.gov/s/.
For more information on how user data is handled, please refer to Google's privacy policy: https://www.google.de/intl/de/policies/privacy/.

Matomo

Our website uses the open source web analytics service Matomo. Matomo uses so-called ‘cookies’. These are text files that are stored on your computer and enable an analysis of your use of the website. For this purpose, the information generated by the cookie about your use of our website is stored on our server. The IP address is anonymised before storage. Matomo cookies remain on your device until you delete them.

If consent has been given, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR; consent can be revoked at any time.

The information generated by the cookie about your use of our website will not be passed on to third parties. You can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all functions of our website to their full extent. If you do not agree to the storage and use of your data, you can refuse storage in the consent tool.

Data processing by social networks

We maintain publicly accessible profiles on social networks. The specific social networks we use are listed below.

Social networks such as Facebook etc. can generally analyse your user behaviour in detail when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media sites triggers numerous data processing operations that are relevant to data protection. Specifically:

If you are logged into your social media account and visit our social media site, the operator of the social media portal can associate this visit with your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you both within and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are logged in or have been logged in.

Please also note that we cannot track all processing operations on social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and privacy policies of the respective social media portals.

Legal basis
Our social media presence is intended to ensure the most comprehensive presence possible on the Internet. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).

Responsible party and assertion of rights
When you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during your visit. You can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).

Please note that despite our joint responsibility with the social media portal operators, we do not have complete control over the data processing operations of the social media portals. Our options are largely determined by the company policy of the respective provider.

Storage period
The data collected directly by us via our social media presence will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, you revoke your consent to its storage or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Facebook
We have a profile on Facebook. The provider is Meta Platforms, Inc., 1 Hacker Way, Menlo Park, California 94025, USA.

We have entered into a joint processing agreement (Controller Addendum) with Facebook. This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings yourself in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

For details, please refer to Facebook's privacy policy: https://www.facebook.com/about/privacy/.

Instagram
We have a profile on Instagram. The social network Instagram is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. Details on how they handle your personal data can be found in Instagram's privacy policy: https://help.instagram.com/581066165581870.

XING
We have a profile on XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

LinkedIn
We have a profile on LinkedIn. The provider of this service is LinkedIn Ireland Unlimited Community, Wilton Place, Dublin 2, Ireland. Information about which of your data is processed by LinkedIn and for what purposes can be found at: LinkedIn Privacy Policy.