Logo Kromer GmbH

Privacy policy

We appreciate your interest in our website. Protecting your privacy when processing personal data and ensuring the security of all business data is important to us, and we take this into account in our business processes. Here, we provide you with detailed information on how we handle your data.

RESPONSIBLE ENTITY UNDER ART. 4(7) OF THE EU GENERAL DATA PROTECTION REGULATION (GDPR)

Kromer GmbH  
Nägelseestraße 37  
79288 Gottenheim  
Germany  
Phone: +49 (0) 7665 / 50207-0  
Fax: +49 (0) 7665 / 50207-22  
Email: kromer@kromer.com  
Website: www.kromer.com

DATA PROTECTION OFFICER

Dr. Ralf W. Schadowski  
Email: datenschutz@carlstahl.com  
Phone: +49 241 / 44688 25


§ 1 LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

(1) Where we obtain the consent of the data subject for processing personal data, Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

(2) For the processing of personal data necessary for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary to carry out pre-contractual measures.

(3) Where processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis.

(4) In the event that the vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6(1)(d) GDPR serves as the legal basis.

(5) If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not override the former interest, Art. 6(1)(f) GDPR serves as the legal basis for processing.


§ 2 DATA DELETION AND STORAGE DURATION

(1) The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply.

(2) Data may also be stored if this is provided for by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject.

(3) Blocking or deletion of the data also occurs when a storage period prescribed by the aforementioned regulations expires unless there is a necessity for further storage of the data for contract conclusion or contract fulfillment.


§ 3 INFORMATION ABOUT THE COLLECTION OF PERSONAL DATA

(1) Below we inform you about the collection of personal data when using our website. Personal data includes all data that can be related to you personally, such as name, address, email addresses, and user behavior.

(2) When you contact us by email or via a contact form, the data you provide (your email address, possibly your name, and phone number) will be stored by us to answer your questions. We delete the data arising in this context once storage is no longer necessary, or we restrict processing if statutory retention obligations exist.

(3) If we rely on commissioned service providers for individual functions of our service or wish to use your data for advertising purposes, we will inform you in detail below about the respective processes. We will also specify the criteria for the storage duration.

Collection of personal data when visiting our website:

When you use our website purely for informational purposes, i.e., if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (the legal basis for this is Art. 6(1)(f) GDPR):

- IP address
- Hostname
- Date and time of the request
- Time zone difference from Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request originates (referrer)
- Specific pages of our website that you access
- Browser: type, version, and language setting
- Operating system: type and version

If JavaScript is enabled:

- Screen resolution
- Color depth
- Size of the browser window
- Installed browser plugins

Use of Cookies:


§ 4 ADDITIONAL FEATURES AND OFFERS ON OUR WEBSITE

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do so, you generally need to provide additional personal data, which we use to provide the respective service and for which the previously mentioned data processing principles apply. Required fields are marked with an asterisk. Information in fields not marked in this way is purely voluntary.

(2) When you contact the service provider via email or through the contact form, your email address and, if provided, your name, telephone number, and other details will be stored by us to answer your questions.

(3) We sometimes use external service providers to process your data. These providers are carefully selected and commissioned by us, bound by our instructions, and regularly monitored.

(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this in the description of the offer.


§ 5 RIGHTS OF THE DATA SUBJECT

Below, we inform you about your rights as a data subject under Article 15 of the GDPR. You can exercise these rights at any time by contacting us directly. If you assert these rights against us, we will carefully review them in consideration of the legal requirements and obligations associated with them. We may ask you for additional information to verify your request. We will explain the results of our review and the actions we take to fulfill your request in detail. Please note that we may not always be able to fully comply with your request as desired.

This should not discourage you from asserting your rights or contacting us for clarification. We are happy to answer any questions you may have.

1. Right to Information
You have the right to request information from us at any time about whether and which of your personal data we are processing. This includes information about the purposes of processing, any recipients to whom we have disclosed your data, the planned retention period, and, if applicable, the source of this data if it was not collected directly from you. Additionally, you have the right to receive a free copy of your personal data stored with us. We reserve the right to charge a reasonable administrative fee for the creation of additional copies.

2. Right to Rectification  
You have the right to request the correction of inaccurate data that we have stored about you. This also includes the right to have incomplete personal data completed.

3. Right to Erasure
You have the right to request the deletion of your personal data stored by us. If we have published data about you, this also includes our obligation under the "right to be forgotten" according to Article 17(2) GDPR to take appropriate steps, considering available technology and implementation costs, to inform others responsible for processing the published personal data of your request to delete all links to, copies of, or replications of that data.

4. Right to Restriction of Processing  
You have the right to request the restriction of the processing of your personal data. Afterward, such data may only be processed with your consent or for a few legally defined purposes.

5. Right to Object to Processing  
If we process your personal data based on a balance of interests, you can object to the processing. This is the case if the processing is not necessary, particularly for fulfilling a contract with you, as described in the function descriptions below. When exercising such an objection, we ask you to explain why we should not process your personal data as we have done. If your objection is justified, we will review the situation and either stop or adjust the data processing or explain to you our compelling legitimate reasons for continuing the processing.

You can, of course, object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising using the contact details provided above.

6. Right to Withdraw Consent to Data Processing 
If you have given consent for the processing of your data, you can withdraw this consent at any time. Such a withdrawal affects the lawfulness of the processing of your personal data after you have communicated it to us.

7. Right to Data Portability  
You have the right to receive the personal data that you have provided to us in a structured, commonly used, and machine-readable format for the purpose of transferring it to another controller. This also includes, upon your request and considering the technical feasibility, the right to have the data transmitted directly from us to another controller.

8. Right to Lodge a Complaint with a Supervisory Authority 
 You have the right to lodge a complaint with a data protection supervisory authority about our processing of your personal data.

9. Right to Automated Decision-Making, Including Profiling  
 You have the right to be informed about the existence of automated decision-making, including profiling, as per Article 22(1) and (4) GDPR, and, at least in those cases, meaningful information about the logic involved and the significance and envisaged consequences of such processing for the data subject.


§ 6 EMAIL-BASED INFORMATION SERVICES

"Tell-a-friend" Function

(1) We offer you the so-called "tell-a-friend" function, which allows you to recommend our service to people you believe might be interested. To do this, you must enter your name, email address, and the email address of the person in our "tell-a-friend" form and, if you wish, a personal message. We will then automatically send the email in your name.

(2) Please note that you are responsible for the emails sent and are considered the data controller under the GDPR.

(3) When using this function, we initially store that and when you requested the recommendation email to be sent and the recipient's email address. However, we delete this information later. The storage serves to protect against misuse of the function. We will not use the data collected for this function for any other purpose and will store it separately from other data. We also maintain a separate, encrypted "blacklist" where users can enter a block link provided in the sent email to indicate that they no longer wish to receive messages.


§ 7 WEB ANALYTICS

The legal basis for using all web analytics tools mentioned in this section is Article 6(1) sentence 1 lit. f GDPR, i.e., the protection of our legitimate interests balanced against the interests of our website visitors. Our interest here is to analyze the use of our website by our visitors to improve our offerings and make them more interesting for you as a user. If the analysis tool used also serves other purposes or if we intend to use it for additional interests, we will inform you directly in the explanations of the respective analysis tool.

1. Use of Google Analytics

(1) This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies," which are text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is generally transmitted to and stored on a Google server in the USA. However, if IP anonymization is activated on this website, your IP address will be shortened by Google within member states of the European Union or other contracting states to the Agreement on the European Economic Area before being transmitted. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage to the website operator.

(2) The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

(3) You can prevent the storage of cookies by selecting the appropriate settings on your browser software; however, we point out that in this case, you may not be able to use all functions of this website to their full extent. Additionally, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout.

(4) This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are processed in a shortened form, which excludes personal reference. If the data collected about you is related to a person, it is immediately excluded, and the personal data is thus deleted promptly.

(5) In exceptional cases where personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

(6) Information from the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.  
User Terms: www.google.com/analytics/terms/us.html  
Privacy Overview: www.google.com/intl/en/analytics/learn/privacy.html  
Data Protection Declaration: www.google.com/intl/en/policies/privacy.


§ 8 SOCIAL MEDIA AND OTHER THIRD-PARTY SERVICES

1. Integration of Other Third-Party Services

(1) On this website, we also use services from Google Feedburner (RSS feed). By using these services, we can offer you a better user experience on our website. This serves our interest in increasing the attractiveness of our website. The legal basis for using these services is Article 6(1) sentence 1 lit. f GDPR.

(2) When visiting the website, the respective third-party provider receives information that you have accessed the corresponding subpage of our website. The data mentioned in § 5 of this declaration is also transmitted. This occurs regardless of whether this third-party provider provides a user account through which you are logged in or whether there is no user account. If you are logged in to the third-party provider, your data will be directly associated with your account. If you do not wish the data to be associated with your profile with the respective third-party provider, you must log out before activating the button. The third-party provider may store your data as a user profile and use it for advertising, market research, and/or the needs-based design of its website. Such evaluation occurs, in particular (even for users not logged in), to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact the respective third-party provider to exercise this right.

(3) For more information on the purpose and scope of data collection and its processing by the plugin provider, please refer to the privacy policies of these providers listed below. There you will also find further information about your rights and settings options to protect your privacy:

(4) Addresses of the respective providers and URLs with their privacy notices:

a) Google Inc., 1600 Amphitheater Parkway, Mountainview, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=en. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Stand: 06/2018