Privacy Policy

Last update: 11. July 2022

Thank you for your interest in the informationon our website!

With the help of this Privacy Policy we would like to inform the users of our website about the type, scope and purpose of the personal data processed. Personal data in this context is all information that can be used to personally identify you as a user of our website (theoretically in an alternative way or by linking various data), including your IP address. Information that is stored in cookies is generally not or only in exceptional cases personally identifiable; however, cookies are covered by specific regulations that makes the permissibility of the use of cookies dependent on their purpose to a large extent on the active consent of the user.

In a general section of this Privacy Policy, we provide you with information on data protection, which generally applies to our processing of data, including data collection on our website. In particular, you as a data subject will be informed about the rights to which you are entitled.

The terms used in our Privacy Policy and our data protection practice are based on the provisions of the EU General Data Protection Regulation ("GDPR") and other relevant national legal provisions.

Controller according to the GDPR

KOHLSCHEIN GmbH & Co. KG
Material für Print, Display & Packaging
Feldstraße 9 | 41749 Viersen | Germany
E: info@kohlschein.com  
T: +49 2162 8966-0

Data Protection Officer:
DataFreshup GmbH | Manuel Hörmeyer
E: datenschutzbeauftragter.kohlschein@datafreshup.de
T: +49 2159 925 91 00

Data collection on our website

On the one hand, personal data is collected from you when you expressly communicate such data to us, on the other hand, data, especially technical data, is automatically collected when you visit our website. Some of this data is collected to ensure that our website functions without errors. Other data may be used for analysis purposes. However, you can use our website without a need to provide personal information.

Technologies on our website

Applicants

On our website you have the possibility to inform yourself about open positions and to apply online at the same time. 

We process the data you have provided to us in the context of an application only for the purpose of and within the scope of the application process in accordance with the statutory provisions. If your application refers to a specific job advertisement, we process the data only for the purpose of processing for this specific job. The processing of your applicant data is carried out for the implementation of pre-contractual measures at the request of an applicant in accordance with Art 6 paragraph 1 lit. b GDPR. 

Beyond the conclusion of the application process for a specific position, we process your application data only to the extent that this is necessary to safeguard our legitimate interest in accordance with Art 6 paragraph 1 lit. f GDPR (e.g. for the defense against unjustified claims) or if you have expressly consented to the processing of your application data for future job advertisements in accordance with Art 6 paragraph 1 lit. a GDPR. The same applies to unsolicited applications after comparison of your job requirements and your qualification profile with our job offers.

The absolutely necessary applicant data are marked as such or result from the respective job description. Furthermore, applicants may voluntarily provide us with additional information.

By submitting your application to us, you agree to the processing of your data for purposes of the execution of the application process in accordance with the type and scope described in this Privacy Policy.

Insofar as special categories of personal data as defined in Art. 9 paragraph 1 GDPR are disclosed as part of the application process, they will be processed in accordance with Art. 9 paragraph 2 lit. b GDPR (e.g. health data, such as severely disabled status) or on the basis of your consent in accordance with Art. 9 paragraph 2 lit. a GDPR (e.g. health data to the extent necessary for the assessment of suitability to practice the profession).

The data provided to us in an online-form will be transmitted to us in encrypted form according to the state of the art. You can also send us your application by e-mail. In this case, however, we would like to point out that e-mails are generally not sent encrypted and that you would have to provide for encryption yourself, in order to protect yourself optimally. 

In the event of a successful application, the data provided by you can be processed by us for the purposes of the employment relationship. Otherwise, if the application for a job offer is not successful, the applicant's data will be deleted after the legal deadlines have expired or, if you have expressly consented to a longer-term storage for a specific purpose, after this period has expired. 

If you have not given your consent for a longer storage, the data will basically be deleted after a period of seven months so that we can answer any follow-up questions regarding the application and fulfill our obligations to provide evidence under the Equal Treatment Act. Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements.

Cookies and Local Storage

We use cookies to make our website as user-friendly and functional as possible for you. Some of these cookies are stored on the device you use to access the site. 

Cookies are small packages of data that are exchanged between your browser and our web server whenever you visit our website. They do not cause any damage and are used solely to recognise website visitors. Cookies can only store information provided by your browser, e.g. information that you have entered into your browser or that is available on the website. Cookies cannot execute code and cannot be used to access your terminal device. 

The next time you access our website using the same device, the information stored in the cookies can then either be sent back to us (“first-party cookie”) or to a web application of third party to whom the cookie belongs (“third-party cookie”).  The information that is stored and sent back allows each web application to recognise that you have already accessed and visited the website using the browser on your device. 

Cookies contain the following information:

  • Cookie name
  • Name of the server from which the cookie originates
  • Cookie ID number
  • An expiry date, after which the cookie will be automatically deleted

We classify cookies in the following categories depending on their purpose and function:  

  • Technically necessary cookies, to ensure the technical operation and basic functions of our website. These types of cookies are used, for example, to maintain your settings while you navigate our website; or they can ensure that important information is retained throughout the session (e.g. login, shopping cart). 
  • Statistics cookies, to understand how visitors interact with our website by collecting and analysing information on an anonymous basis only. In this way we gain valuable insights to optimize both the website and our products and services. 
  • Marketing cookies, to provide targeted promotional and marketing activities for users on our website.
  • Unclassified cookies are cookies that we are trying to classify together with individual cookie providers.

Depending on the storage period, we also divide cookies into session and persistent cookies. Session cookies store information that is used during your current browser session. These cookies are automatically deleted when the browser is closed. No information remains on your device. Persistent cookies store information between two visits to the website. Based on this information, you will be recognized as a returning visitor on your next visit and the website will react accordingly. The lifespan of a persistent cookie is determined by the provider of the cookie.

The legal basis for using technically necessary cookies is our legitimate interest in the technically fault-free operation and smooth functionality of our website as described in Art. 6 paragraph 1 lit. f of the GDPR. The use of statistics and marketing cookies is subject to your consent, in accordance with Art. 6 paragraph 1 lit. a of the GDPR.  You can withdraw your consent for the future use of cookies at any time in accordance with Art. 7 paragraph 3 of the GDPR.  Your consent is voluntary. If consent is not given, no disadvantages arise. For more information about the cookies we actually use (specifically, their purpose and lifespan), refer to this Privacy Policy and to the information in our cookie banner about the cookies we use.

You can also set your web browser so that it does not store any cookies in general on your device or so that you will be asked each time you visit the site whether you accept the use of cookies. Cookies that have already been stored can be deleted at any time. Refer to the Help section of your browser to learn how to do this.
 
Please note that a general deactivation of cookies may lead to functional restrictions on our website. 

On our website, we also use so-called local storage functions (also called "local data"). This means that data is stored locally in the cache of your browser, which continues to exist and can be read even after you close the browser - as long as you do not delete the cache or data is stored within the session storage. 

Third parties cannot access the data stored in the local storage. If special plug-ins or tools use the local storage functions, you are informed within the description of the respective plug-in or tool. 

If you do not wish plug-ins or tools to use local storage functions, you can control this in the settings of your respective browser. We would like to point out that this may result in functional restrictions.

Facebook-Fanpage

We are pleased that you visit our Facebook-Fanpage. Therefore we would like to inform you about the processing of data that results from the use of our online services on Facebook. We are the controller for the operation of our Fanpage page together with Meta Platforms Ireland Limited, 4 Grand Canal Square Grand Canal Harbor, Dublin 2, Ireland in accordance with Article 26 GDPR. The data protection authority responsible for Facebook is the Irish Data Protection Authority.

The information required for joint responsibility in accordance with Art 13 paragraph 1 lit. a and b GDPR can be found in the Facebook data policy at  https://www.facebook.com/about/privacy as well as the agreement for joint controller at https://www.facebook.com/legal/terms/page_controller_addendum

The addition for responsible persons, which we have concluded with Facebook in order to determine the fulfillment of the obligation under the GDPR with regard to joint responsibility, applies. In this regard, it has been agreed with Facebook that Facebook is responsible for fulfilling the rights of data subjects in accordance with Articles 15-22 of the GDPR regarding personal data stored by Facebook after joint processing.

With our Facebook-Fanpage we operate our internet appearance in addition to this website. Therefore, the operation on the Facebook-Fanpage is in our legitimate interest within the meaning of Art 6 paragraph 1 lit. f GDPR. Your data (IP address, cookie information) and the following information / activities are processed by Facebook:

- number of calls of a page or a post or a video from a page
- information whether a page is subscribed or no longer subscribed
- information whether a page or post is marked as "Like" or "Dislike"
- information whether a page is recommended in a post or comment
- comments, shares, or responds to a posting, including the type of response
- information whether a article is hidden or reported as spam
- information wether clicking on a link from another page on Facebook or from a website outside of Facebook leads to the page
- information whether the mouse is moved over the name or the profile picture of a page to see a preview of the page content
- information whether the website, phone number, "route plan" button or another button on a page is clicked
- Information about whether you are logged in to a computer or a mobile device while visiting a page or interacting with it or its content

In order for this information to be processed, Facebook records your IP address and other information that is available on your terminal device in the form of cookies. According to Facebook, the IP address is anonymised. 

Due to the constant development of Facebook, the availability and processing of the above mentioned data is periodically changing, so we therefore have to refer to the privacy policy of Facebook for more details.

The "Insights" of our Facebook fan page are used to statistically evaluate above data and are made available to us by Facebook without any personal reference. You can find more information on this at https://www.facebook.com/help/pages/insights 

These statistics are generated and provided by Facebook. As the operator of the Facebook-Fanpage, we have no influence on the generation and display of these statistics. We cannot deactivate this function or prevent the generation and processing of data. Only Facebook decides regarding the processing of Insight data. 

We use this aggregated data to make our contributions and activities on our Facebook-Fanpage more attractive to users. In accordance with the Facebook Terms of Use, which each user has agreed to when creating a Facebook profile, we may identify subscribers and fans of the site and view their profiles and other shared information. 

If you are a registered Facebook user and use the commenting, sharing and rating features, you are also responsible for doing so. If you like our site and you click on "Like" or "Subscribe", you will appear in the list we provide and we will be able to view your public profile. You can unsubscribe at any time. Which data you share with the public is up to you. However, we do not use this data for any purpose other than operating our Facebook-Fanpage.

Please note that Facebook processes the data for its own purposes (in particular for the display of content and advertisements, the provision, protection and improvement of Facebook products) on the basis of its own Data Policy under https://www.facebook.com/policy.php and terms of use. Facebook also transfers data to countries outside the European Union and also third countries for which Facebook has, according to our information, given suitable guarantees in accordance with Art. 46 GDPR. Opt-out options can be found in the settings of your Facebook account.

As part of the Page Insights amendment, Facebook agrees to assume primary responsibility pursuant to the GDPR for the processing of Insight data and to fulfil all obligations under the GDPR with regard to the processing of Insight data (including Articles 12 and 13 GDPR, Articles 15 to 22 GDPR and Articles 32 to 34 GDPR). In addition, Facebook will make the essential contents of the Page Insights amendment available to the data subjects concerned. You can therefore directly exercise your data subject rights (rights to information, correction, deletion, restriction of processing and data transferability) vis-à-vis Facebook.

If you are currently logged in to Facebook as a user, a cookie with your Facebook ID is located on your terminal device. This enables Facebook to track that you have visited our website and how you have used it. This also applies to all other Facebook pages. Via Facebook buttons integrated into websites, Facebook is able to record your visits to these websites and assign them to your Facebook profile. This data can be used to offer content or advertising tailored to you.

If you want to avoid this, you should log off from Facebook or deactivate the "Stay logged in" function. This will delete Facebook information that can be used to identify you immediately. 

Further information on how Facebook processes personal data, including the legal basis on which Facebook relies and the possibilities for exercising the rights of data subjects vis-à-vis Facebook, can be found in the Facebook Data Policy at https://www.facebook.com/policy.php

Google Analytics

Purpose: Statistics
Recipient country: USA

We use the functions of the web analytics service Google Analytics on our website to analyse user behaviour and to optimise our website. The provider of this service is Google Ireland Limited, Barrow Street, Dublin 4, Ireland ("Google"). 

ATTENTION: Within the scope of this service, data transfer to the US takes place or cannot be ruled out. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of data protection in the case of data transfer to the US and that there are therefore various risks (such as possible access by US secret services).

Google Analytics uses cookies that enable an analysis of the use of our website.

In general, information about your use of the website is transferred to a Google server and stored there, such as the type and version of browser you used, the operating system you used, the site you visited prior to accessing our site, the host name of the computer (IP address) you used to access the site, and the time of your server request. For this purpose, we have entered into a contract with Google for contractual processing of your data.

At our request, Google will use this information to analyse the use of our website, to create reports on the activities within our website and to render additional services related to the use of our website and of the internet. According to Google, the IP address submitted by your browser will not be added to other data held by Google. 

We use Google Analytics only with IP anonymisation activated, which means we have expanded this website to include the code ‘anonymizeIP’. This ensures that your IP address is masked, so that all data is collected anonymously. Only under exceptional circumstances will a full IP address be transmitted to a Google server and truncated there.

During the website visit, the following data is collected:

  • the pages you call up, your "click path"
  • Achievement of "website goals" (conversions, e.g. newsletter registrations, downloads, purchases)
  • Your user behavior (for example clicks, duration of stay, bounce rates)
  • Your approximate location (region)
  • Your IP address (in shortened form)
  • technical information about your browser and the end devices you use (e.g. language settings, screen resolution)
  • Your internet provider
  • the referrer URL (via which website / via which advertising medium you came to our website)

The data about the use of our website is immediately deleted after expiration of the storage limits that we have set. Google Analytics gives us the following options for the storage limits: 14 months, 26 months, 38 months, 50 months or no automatic deletion. You can ask us any time for the current storage limit that we have set.

The processing of your data using Google Analytics is subject to your explicit consent in the sense of Art 6 paragraph 1 lit. a of the GDPR. You can revoke your consent at any time with effect for the future.

You can also block the collection of data by downloading and installing the browser plugin available through the link below: http://tools.google.com/dlpage/gaoptout

You can find out exactly where Google data centres are located here: https://www.google.com/about/datacenters/inside/locations/ 

For more information about how Google uses your data, and about options for settings and withdrawal of consent, refer to the Google Privacy Policy at https://policies.google.com/privacy

The data processing terms and conditions for Google products and the standard contractual clauses for data transfers to third countries can be found at https://business.safety.google/adsprocessorterms/

Google Fonts

Purpose: External media
Recipient country: USA

Google Fonts is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). 

ATTENTION: Within the scope of this service, data is transferred to the US or such a transfer cannot be excluded.

To display web fonts, the web browser you use must connect with a Google server. This informs Google that our website is being accessed via your IP address. The IP address from the browser of the device you are using to access our site is also stored by Google. If your browser does not support Web Fonts, your device will display the site using a standard font type. With each Google Font request, your IP address is automatically transferred to a Google server along with information such as your language preferences, display resolution, version and name of your browser. The usage data collected by Google enables them to determine the popularity of specific font types. Google publishes these findings on internal analytics sites (e.g. Google Analytics).

Google Fonts enables us to use fonts on our own website without uploading them to our server. Google Fonts is an important building block for maintaining the high quality of our website. All Google fonts are automatically optimised for the web. This reduces the data volume and is particularly advantageous for use on mobile devices. When you visit our site, the low file size allows for quicker loading times. Furthermore, Google Fonts are secure Web Fonts that support all major browsers.  

Google stores requests for CSS assets for one day on its servers. This enables us to use the fonts with the support of a Google style sheet. The font files are stored by Google for one year. To delete data prematurely, you must contact Google Support (https://support.google.com).

Your data will only be processed with your express consent pursuant to Art 6 paragraph 1 lit a GDPR.

You can find out exactly where Google data centres are located here: https://www.google.com/about/datacenters/inside/locations/

For more information about Google Fonts, refer to https://developers.google.com/fonts/faq and the Google Privacy Policy: https://policies.google.com/privacy

The data processing terms and conditions for Google products and the standard contractual clauses for data transfers to third countries can be found at https://business.safety.google/adsprocessorterms/ 

Google Maps

Purpose: External media
Recipient country: USA

We embed the service Google Maps on our website to make it easier to read the user’s geographical information, particularly so that we can display our location and provide you with route directions. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). 

ATTENTION: Within the scope of this service, data is transferred to the US or such a transfer cannot be excluded.

Google Maps is an online map service with which geographic information is made more readable for you as a user via a terminal device. Among other things, directions are displayed or map sections of a location can be integrated into a website. 

If you agree to Google Maps, your browser establishes a connection to Google's servers. This enables Google to know that our website has been accessed via your IP address. The use of Google Maps enables Google to collect and process data about the use of the service.

Google Maps processes for the provision of this service on the basis of your consent in addition to your IP address, among other things, entered search terms and latitude and longitude coordinates. If you use the route planner function of Google Maps, the entered starting address will also be stored. This data processing takes place exclusively through your voluntary use of Google Maps and is not within our sphere of influence.

We point out that when running this service on the part of Google (currently) a setting cookie called "NID" is set. Google Maps does not currently offer us the option to run this service in a mode without this cookie. The NID cookie contains information about your user behavior, which Google uses to optimize its own services and to provide individual, personalized advertising for you. Your consent thus also covers the setting of this cookie.

Google anonymizes data in server logs by deleting part of the IP address and cookie information after 9 and 18 months respectively.

Location and activity data is stored - depending on your decision - either 3 or 18 months and then deleted. You can also manually delete history at any time via your Google account. If you want to completely prevent your location tracking, you need to turn off the "Web and App Activity" section in your Google Account.

For further information, refer to the Google Privacy Policy:  https://www.google.com/policies/privacy/

You can find out exactly where Google data centres are located here: https://www.google.com/about/datacenters/inside/locations/

The data processing terms and conditions for Google products and the standard contractual clauses for data transfers to third countries can be found at https://business.safety.google/adsprocessorterms/

Google reCAPTCHA

Purpose: Technically required
Recipient country: USA

Our website uses the reCAPTCHA service of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") to protect against abuse by non-human visitors (bots) and to prevent spam.

ATTENTION: Within the scope of this service, data is transferred to the US or such a transfer cannot be excluded.

When reCAPTCHA is started, your browser establishes a connection to Google's servers. This enables Google to know that our website has been accessed via your IP address.

The purpose of reCAPTCHA is to check whether the data entry on our website is made by a human or by an automated programme. To do this, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters our website. For the analysis, reCAPTCHA evaluates various information.

According to our information, the following data is processed by Google:

  • the address of the page from which the visitor comes
  • IP address
  • Information about the operating system
  • Cookies
  • Mouse and keyboard behavior
  • Date and language settings
  • All Java-Script Objects
  • Screen resolution

The data collected during the analysis is forwarded to Google and used by Google. The reCAPTCHA analyses run completely in the background. 

Cookies are used for the execution of the service. These cookies require a unique identifier for tracking purposes. According to Google, the IP address is not merged with other data from other Google services unless you are logged into your Google account while using the reCAPTCHA plug-in. Furthermore, reCAPTCHA also uses the local storage on the user's end device to store data.

You can find out exactly where Google data centres are located here: https://www.google.com/about/datacenters/inside/locations/

Further information on Google reCAPTCHA can be found here: https://developers.google.com/recaptcha/

For Google's privacy policy, please see the following link: https://policies.google.com/privacy

Google Tag Manager

We use the service Google Tag Manager on our website. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

ATTENTION: Within the scope of this service, data transfer to the USA takes place or cannot be ruled out. 

When the Tag Manager is started, your browser establishes a connection to Google's servers. This informs Google that our website has been accessed via your IP address.

Google Tag Manager is used to manage website tags via an interface. This enables us to embed code snippets such as tracking codes or conversion pixels into our website without interfering with the source code. In this process, Tag Manager data is only transferred; it is not collected or stored. The Tag Manager itself is a cookie-less domain and does not process any personal data, because it is used solely to manage other services used on our website. The Tag Manager triggers other tags which in turn collect data under specific circumstances. However, the Tag Manager has no access to this data. If you have chosen to deactivate cookies on our site in general or to deactivate specific cookies, this will remain in effect for all tracking tags that are implemented using the Tag Manager.

You can find out exactly where Google data centres are located here: https://www.google.com/about/datacenters/inside/locations/

For more information about data protection, refer to the following Google websites:

Privacy Policy: https://policies.google.com/privacy
FAQ Google Tag Manager: 
https://www.google.com/intl/de/tagmanager/faq.html
Use Policy Google Tag Manager: 
https://marketingplatform.google.com/intl/de/about/analytics/tag-manager/use-policy/
Google Ads Data Processing Terms including standard contractual clauses for third country transfers: 
https://business.safety.google/adsprocessorterms/

Hosting

In the process of hosting our website, we store all data related to the operation of our website. This is necessary for enabling operation of our website. Therefore, we process this data on the legal grounds of our legitimate interest in optimising our website as described under Art. 6 paragraph 1 lit. f of the GDPR. To provide access to our website, we use the services of web hosting providers, to whom we supply the aforementioned data within the context of contractual processing in accordance with art. 28 of the GDPR.

Contact

Whenever you contact us, your information is used to process and handle your contact request in the course of fulfilling pre-contractual rights and obligations in accordance with Art. 6 paragraph 1 lit. b of the GDPR. To handle and answer your request it is necessary for us to process your data; otherwise we are unable to answer your request or only able to partially answer it. Your information can be stored in a database of customers and leads on the grounds of our legitimate interest in direct marketing as described in Art. 6 paragraph 1 lit. f of the GDPR.

We delete your request and contact information when your request has been definitively answered and there is no legally required time limit for storing this data prior to deletion (e.g. pursuant to a subsequent contractual relationship). This is usually the case when there is no further contact with you for three years in a row.

MailChimp

On our website, newsletters are sent via the MailChimp service of Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA ("Mailchimp").

ATTENTION: Within the scope of this service, data is transferred to the US or such a transfer cannot be excluded.

On our website we offer the possibility to register for a newsletter. Our newsletter contains information about our products and services as well as accompanying information, offers or promotions.

Consent to our newsletter is given in a so-called double opt-in procedure. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with a 3rd party e-mail address. Subscriptions to the newsletter are logged in accordance with Art. 6 para. 1 EU GDPR on the basis of our legitimate interest in traceability. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your stored data are also logged.

The newsletter is sent on the basis of your consent pursuant to Art. 6 para. 1 EU GDPR or, if consent is not required, on the basis of our legitimate interests in direct marketing for similar products and services pursuant to Art. 6 para. 1 EU GDPR. In the context of sending the newsletter, we also process your response behaviour on the basis of our legitimate interest pursuant to Art. 6 para. 1 EU GDPR.

You can unsubscribe from receiving our newsletter at any time by revoking your consent with effect for the future pursuant to Art. 7 (3) EU GDPR or by objecting to the processing. You will find an option to do so in the respective newsletter itself or simply contact us by e-mail. In the event of a revocation or objection, we may store your e-mail address for up to three years on the basis of our legitimate interests pursuant to Art. 6 para. 1 EU GDPR before deleting it in order to be able to prove that you have given your consent.

We would like to point out that we evaluate your user behaviour when sending the newsletter. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels which are stored by us. For the analyses, we link the above-mentioned data and the web beacons with your e-mail address. Links received in the newsletter also contain these tracking IDs. The legal basis is Art. 6 para. 1 EU GDPR.

The information is stored for as long as you are subscribed to the newsletter. After unsubscribing, we only store the data for purely statistical and anonymous purposes.

Such tracking is not possible if you have deactivated the display of images by default in your e-mail programme. In this case, the newsletter will not be displayed to you in full and you may not be able to use all the functions. If you display the images manually, the above tracking will take place.

Mailchimp's privacy policy can be found here: https://mailchimp.com/legal/privacy/

Paypal

On our website, we use the Paypal service of the external payment service provider PayPal (Europe) S.a.r.l., Luxembourg, https://www.paypal.com ("Paypal") to make payments. 

The payment service provider is used by us for the fulfilment of contracts on the basis of Art. 6 paragraph 1 lit. b GDPR and for this purpose your data necessary for the execution of the payment is transmitted to it by us. The payment service provider is a separate data controller within the meaning of Art. 24 GDPR. The payment service provider is independently responsible for the processing of the transmitted data in terms of data protection law. Should you therefore require further information or the assertion of revocation, information and other data subject rights vis-à-vis the payment service provider, we will refer you to the payment service provider.

The data processed by the payment service provider includes master data, such as your name and address, bank data, such as account number or credit card number, passwords, TANs as well as the contract, total and recipient-related details, insofar as these are absolutely necessary for the execution of the payment. However, the data entered is only processed by the payment service provider and stored by the latter. I.e. we do not receive any account or credit card-related information, but only information with confirmation or negative information of the payment. Under certain circumstances, the data may be transmitted by the payment service provider to companies that check creditworthiness.

Your data will be deleted from our system after the expiry of legal warranty and compensation obligations or other contractual or legal obligations.

The General Terms and Conditions and the data protection information and declarations of the payment service provider apply to the execution of payment transactions: https://www.paypal.com/en/webapps/mpp/ua/privacy-full

Registration of users

On our website, users can register for a user account by providing personal data (user name, name, password, e-mail address, etc.). By registering, you agree to the storage of the data in the user account for later visits. This has the advantage that you do not have to re-enter your data every time you use the website. When registering, you will be informed of mandatory data and your data will be processed in accordance with Art. 6 paragraph 1 lit. b GDPR in the context of the fulfilment of the contract for the purposes of providing the user account. We reserve the right to store your IP address and the time of an action on the basis of our legitimate interest in the protection of user accounts against misuse and unauthorised use in accordance with Art. 6 paragraph 1 lit. f GDPR. This data will not be passed on to third parties.

With a user name and password chosen by you personally during the registration process, it is ensured that only you have access to your user account. You always have access to the data stored and can update it. The password cannot be viewed by us. You always have access to your data that is stored with us. You can view and update your data at any time in your account.

Users can be informed by e-mail about administrative procedures relevant to their account, such as technical changes. If users have cancelled their user account, their data relating to the user account will be deleted, subject to a legal obligation to retain data. It is the users' responsibility to save their data in case of termination before the end of the contract.

Server Log Files

For technical reasons, particularly to ensure a functioning and secure website, we process the technically necessary data about accesses to our website in so-called server log files which your browser automatically sends to us. 

The access data we process includes:

  • The name of the website you are accessing  
  • The browser type (including version) you use
  • The operating system you use
  • The site you visited before  accessing our site (referrer URL)
  • The time of your server request
  • The amount of data transferred
  • The host name of computer (IP address) you are using to access the site

This data cannot be traced back to any natural person and is used solely to perform statistical analyses and to operate and improve our website while also optimising our site and keeping it secure. This data is sent exclusively to our website operator. The data is neither connected nor aggregated with other data sources. In case of suspicion of unlawful use of our website, we reserve the right to examine the data retroactively. This data processing takes place on the legal grounds of our legitimate interest in maintaining a technically fault-free and optimal website, as described under Art. 6 paragraph 1 lit. f of the GDPR.

The access data is deleted within a short period of time after serving its purpose (usually within a few days) unless further storage is required for evidence purposes. In such cases, the data is stored until the incident is definitively resolved.

SSL Encryption

Within your visit to our website, we use the widespread SSL procedure (Secure Socket Layer) in conjunction with the highest level of encryption supported by your browser. You can tell whether an individual page of our website is transmitted in encrypted form by the closed representation of the key or lock symbol in the lower status bar of your browser. We use this encryption procedure on the basis of our justified interest in the use of suitable encryption techniques in accordance with Art. 6 paragraph 1 lit. f GDPR.

We also make use of suitable technical and organisational security measures in accordance with Art. 32 GDPR to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments and kept state-of-the-art.

Typography

On our website, we use external web fonts (web fonts) from Hoefler & Co., 611 Broadway, Room 725, New York, NY 10012-2608, USA, for an optimized display.

This service provides fonts that are displayed on the user's terminal device / browser after a server call at Cloud.typography. The providers use so-called "cookies", text files that are stored on your computer to ensure the technical provision of the font data sets on your end device. In this context, we would like to point out that this use may result in external servers in the USA being called up. Unfortunately, we do not know at present whether Cloud.typography logs this server request and uses it further. However, we assume that the data protection information of the operating company (Hoefler & Co) also applies in this respect. Your IP address will therefore be saved in any case. The same applies to Java-Script elements that could be loaded by Cloud.typography for the purpose of browser compatibility.

Your data is processed in our legitimate interest in a uniform and attractive presentation of our online offer. In any case, this represents a legitimate interest in the sense of Art 6 paragraph 1 lit. f GDPR.

The data protection declaration (in English) of Hoefler & Co. can be found here: https://www.typography.com/policies/privacy

Webshop with customer account

We process data of our customers in particular their master data, communication data, payment data, contract data in the context of the execution of order processes in our web shop. This is done for the purpose of selecting and ordering the selected products and / or services, as well as their payment and delivery or execution.

The purpose of the processing is the provision of contractual services within the framework of the operation of our web shop, the billing of deliveries and services, the delivery of products and the performance of services. 

The processing is carried out for the purpose of fulfilling the contract on the basis of Art. 6 paragraph 1 lit. b GDPR for the processing of orders and furthermore according to Art. 6 paragraph 1 lit. c GDPR for the fulfilment of legal storage obligations based on trade and tax regulations. The mandatory data for the fulfilment of the contract are specially marked as such when they are entered in our shop system or we will inform you of them personally. We transmit the data to third parties only for the provision of our services (e.g. to involved transport or other auxiliary services such as subcontractors or telecommunications services), for the processing of payment transactions (e.g. to banks, payment service providers, tax authorities or consultants) or within the scope of our legal rights and obligations, as well as within the scope of our legitimate interest in the appropriate legal prosecution in accordance with Art. 6 paragraph 1 lit. f GDPR vis-à-vis legal advisors, courts and authorities in the event of an incident. The data will only be processed in third countries if this is absolutely necessary for the fulfilment of the contract (e.g. at the customer's request on delivery or payment) and insofar as appropriate data protection guarantees are available. Any other transfer of data to third parties will only take place with your express consent in accordance with Art. 6 paragraph 1 lit a GDPR.

Users can create a user account, e.g. by viewing their orders. User accounts are not visible to the public. If users have terminated their user account, their data will be deleted with regard to the user account unless their retention is absolutely necessary for commercial or tax reasons in accordance with Art. 6 paragraph 1 lit. c GDPR or is necessary due to our legitimate interest in enforcing the law in accordance with Art. 6 paragraph 1 lit. f GDPR. It is the responsibility of the users to secure their data before the end of the contract in the event of termination.

Within the scope of registration and in the case of renewed registration and use of our online services, we store the IP address and the time of the respective user action. The storage takes place on the basis of our legitimate interests pursuant to Art. 6 paragraph 1 lit. f GDPR, as well as in the legitimate interest of the users themselves for protection against misuse and against other unauthorized use. This data is not passed on to third parties unless it is necessary to pursue our claims or there is a legal obligation to do so pursuant to Art. 6 paragraph 1 lit. c GDPR.

The data will be deleted after expiry of statutory warranty and compensation obligations or other contractual or statutory obligations. The deletion of the data takes place after the expiry of legal warranty and compensation obligations or other contractual or legal obligations. Our customers and contractual partners are informed separately in this data protection declaration about further processing of data within the scope of marketing activities. 

Youtube

Purpose: External media
Recipient country: USA

On our website, we use the "YouTube" service to embed videos. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("YouTube").

ATTENTION: Within the scope of this service, data is transferred to the US or such a transfer cannot be ruled out.

We have activated the extended data protection mode on YouTube. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch a video. However, the disclosure of data to YouTube partners is not excluded by the extended data protection mode.

As soon as you start a YouTube video, a connection to YouTube's servers is established. This tells YouTube which of our pages you have visited. If you are logged into your YouTube account, you thereby enable YouTube to assign your surfing behaviour directly to your personal profile. This can be prevented by logging out of your account.

Furthermore, YouTube can save various cookies on your end device after starting a video or use comparable technologies (e.g. device fingerprinting). YouTube also uses the local storage on your end device. In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts.

YouTube is used in the interest of an appealing presentation of our website. This represents a legitimate interest within the meaning of Art. 6 paragraph 1 lit. f GDPR. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 paragraph 1 lit. a GDPR; the consent can be revoked at any time for the future.

The applicable privacy policy of YouTube can be found at: https://www.google.com/policies/privacy/, Opt-out option: https://adssettings.google.com/authenticated

Youtube Channel

We operate a YouTube channel of the provider Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. 

ATTENTION! Within the scope of this service, your data will be transmitted to the US or such a transmission cannot be ruled out.

We would like to point out that you use our YouTube channel and its functions on your own responsibility. This applies in particular to the possibility of discussion with other users. 

We have no influence or control over the type and scope of the data processed by Google, as well as the way in which this data is processed and used or passed on to third parties. By using Google, your personal data will be collected, transferred, stored, disclosed and used by Google and transferred to, and stored and used in, the United States, Ireland and any other country in which Google does business, regardless of your country of residence. There is a transfer to Google-affiliated companies as well as to other trustworthy companies or persons who process them on behalf of Google. 

Google processes your voluntarily entered data such as name and user name, email address and telephone number. Google also processes the content that you create, upload or receive from others when using the services. This includes, for example, photos and videos that you save, documents and spreadsheets that you create, and comments that you write on YouTube videos. Google also evaluates the content you share to determine what topics you are interested in, stores and processes messages you send directly to other users, and may use GPS data, wireless network information or your IP address to determine your location in order to serve you advertising or other content. For analysis, Google may use analytics tools such as Google Analytics. If tools of this kind are used by Google for our YouTube channel, we have neither commissioned this nor otherwise supported it in any way. 

Finally, Google also receives information when you view content, for example, even if you have not created an account. This log information may include your IP address, browser type, operating system, information about the website you visited previously and the pages you viewed, your location, your mobile service provider, the device you are using (including device ID and application ID), the search terms you used and cookie information. 

You have options to limit the processing of your data in the general settings of your Google account. In addition to these tools, Google also offers specific privacy settings for YouTube. 

For more information on using a YouTube channel, please see Google's Privacy Statement for Google products at https://policies.google.com/technologies/product-privacy

For more general information on data protection, please refer to Google's privacy policy at https://policies.google.com/privacy

Payment service provider

We use external payment service providers with whose help payments can be made to us. The specific payment service providers we use are represented on our website by a logo or referred to in our payment system.

The payment service providers are used by us for the fulfilment of contracts on the basis of Art. 6 paragraph 1 lit. b GDPR and for this purpose we transmit the data necessary for the execution of the payment to them. The respective payment service providers are responsible for their own operations within the meaning of Art. 24 GDPR. They are independently responsible for the processing of your data under data protection law. Should you therefore require further information or the assertion of revocation, information and other affected party rights against the payment service provider, we refer you to the respective payment service provider.

The data processed by the payment service providers includes master data such as your name and address, bank data such as account numbers or credit card numbers, passwords, TANs as well as contract, amount and recipient details, insofar as these are absolutely necessary for the execution of the payment. However, the data entered will only be processed and stored by the payment service providers. This means that we do not receive any account- or credit card-related information, but only information with confirmation or negative information about the payment. Under certain circumstances, the data may be transferred by the payment service provider to companies that check the creditworthiness.

The deletion of your data by us takes place after the expiry of statutory warranty and compensation obligations or other contractual or statutory obligations.

For the execution of payment transactions, the General Terms and Conditions and the data protection information or declarations of the respective payment service providers apply.

A selection of the data protection regulations of the most important payment service providers can be found here:

General information on data protection

The following provisions in its principles apply not only to the data collection on our website, but also in general to other processing of personal data.

Personal data

Personal data is information that can be assigned to you individually. Examples include your address, your name as well as your postal address, email address or telephone number. Information such as the number of users who visit a website is not personal data because it is not assigned to a person.

Legal basis for the processing of personal data

Unless more specific information is provided in this Privacy Policy (e.g. in the case of the technologies used), we may process personal data from you on the basis of the following legal principles:

  • consent in accordance with Art. 6 paragraph 1 lit. a of the GDPR - The data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes.
  • Fulfillment of a contract and pre-contractual measures pursuant to Art. 6 paragraph 1 lit. b of the GDPR - Processing is necessary for the fulfillment of a contract to which the data subject is a party or for the implementation of pre-contractual measures.
  • Legal obligation pursuant to Art. 6 paragraph 1 lit. c of the GDPR - Processing is necessary for the performance of a legal obligation.
  • Protection of vital interests pursuant to Art. 6 paragraph 1 lit. d of the GDPR - Processing is necessary to protect the vital interests of the data subject or of another natural person.
  • Reasonable interests pursuant to Art. 6 paragraph 1 lit. f of the GDPR - The processing is necessary to protect the legitimate interests of the controller or of a third party unless the interests or fundamental rights and freedoms of the data subject prevail.

Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our home country.

Transfer of personal data

Your personal data will not be transferred to third parties for purposes other than those listed in this Privacy Policy.

We will only transfer your personal data to third parties if:

  • you have given your express consent in accordance with Art. 6 paragraph 1 lit. a of the GDPR,
  • the transfer pursuant to Art. 6 paragraph 1 lit. f of the GDPR is necessary to safeguard reasonable interests, as well as to assert, exercise or defend legal claims and there is no reason to assume that you have a prevailing interest worthy of protection by not disclosing your data,
  • there is a legal obligation to transfer the data in accordance with Art. 6 paragraph 1 lit. c of the GDPR, as well as this is legally permissible and / or
  • it is required according to Art. 6 paragraph 1 lit. b of the GDPR for the processing of contractual relationships with you.

Cooperation with processors

We carefully select our service providers who process personal data on our behalf. If we commission third parties to process personal data on the basis of a data processing agreement, this is done in accordance with Art. 28 of the GDPR.

Transfer to third countries

If we process data to a third country or if this is done in the context of using the services of third parties or disclosure or transfer of data to other persons or companies, this is only done on the legal basis described above for the transfer of data.

Subject to express consent or contractual necessity, we process or allow data to be processed only in third countries  in accordance with Art. 44 - 49 of the GDPR with a recognized level of data protection or on the basis of special guarantees, such as contractual obligations through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding corporate rules.

Data transfer to the US / Discontinuation of the Privacy Shield

We would like to expressly point out that as of July 16, 2020, due to a legal dispute between a private individual and the Irish supervisory authority, the so-called "Privacy-Shield", an adequacy decision of the EU Commission according to Art 45 GDPR, which confirmed an adequate level of data protection for the US under certain circumstances, is no longer valid with immediate effect.

The Privacy Shield therefore no longer constitutes a valid legal basis for the transfer of personal data to the United States!

If a transfer of data by us to the US takes place at all or if a service provider based in the US is used by us, we refer to this explicitly in this Privacy Policy (see in particular the description of the technologies used on our website).

What can the transfer of personal data to the US mean for you as a user and what risks are involved?

Risks for you as a user are at any rate the powers of the US secret services and the legal situation in the US, which, in the opinion of the European Court of Justice, no longer ensure an adequate level of data protection. Among other things, this concerns the following points:

  • Section 702 of the Foreign Intelligence Surveillance Act (FISA) does not provide for any restrictions on the surveillance measures of the secret services or guarantees for non-US citizens.
  • Presidential Policy Directive 28 (PPD-28) does not provide effective remedies for those affected against actions by U.S. authorities and does not provide barriers to ensuring proportionate measures.
  • The ombudsman provided for in the Privacy Shield does not have sufficient independence from the executive; he cannot issue binding orders to the U.S. secret services.

Legally compliant transfer of data to the US on the basis of standard contractual clauses?

The standard contractual clauses adopted by the Commission in 2010 (2010/87/EU of 05.02.2010), Art. 46 paragraph 2 lit. c GDPR, are still valid, but a level of protection for personal data must be ensured which is equivalent to the level in the European Union. Therefore, not only the contractual relationships with our service providers are relevant, but also the possibility of access to the data by U.S. authorities and the legal system of the U.S. (legislation and jurisdiction, administrative practice of authorities).

The standard contractual clauses cannot bind authorities in the US and therefore do not yet provide adequate protection in cases in which the authorities are authorized under the law in the US to intervene in the rights of the data subjects without additional measures by us and our service provider.

Legally compliant transfer of data to the US on the basis of your consent?

It is currently controversial whether informed consent and thus a deliberate and knowingly restriction of parts of your basic right to data protection is legally possible at all.

What measures do we take to ensure that a data transfer to the US complies with the law?

Insofar as US providers offer the option, we choose to process data on EU servers. This should technically ensure that the data is located within the European Union and cannot be accessed by US authorities.

Furthermore, we carefully examine European alternatives to US tools used. However, this is a process that does not happen overnight, as it also involves technical and economic consequences for us. Only if the use of European tools and / or the immediate switch off of the US tools is impossible for us for technical and / or economic reasons, US service providers are currently still used.

For the further use of US tools we take the following measures:

As far as possible, your consent will be asked for before using a US tool and you will be informed in advance in a transparent manner about the functioning of a service. The risks involved in transferring data to the USA can be found in this section.

We make every effort to conclude standard contract clauses with US service providers and to demand additional guarantees.  In particular, we require the use of technologies that do not allow access to data, e.g. the use of encryption that cannot be broken even by US services or anonymization or pseudonymization of data, where only the service provider can make the assignment to a person.  At the same time, we require additional information from the service provider if data is actually accessed by third parties or the service provider exhausts all legal remedies until access to data is granted at all.

Storage periods in general

If no explicit storage period is specified during the collection of data (e.g. in the context of a declaration of consent), we are obliged to delete personal data in accordance with Art. 5 paragraph 1 lit. e of the GDPR as soon as the purpose for processing has been fulfilled. In this context, we would like to point out that legal storage obligations represent a legitimate purpose for the further processing of affected personal data.

Personal data will be stored and retained by us in principle until the termination of a business relationship or until the expiry of any applicable guarantee, warranty or limitation periods, in addition, until the end of any legal disputes in which the data is required as evidence, or in any event until the expiry of the third year following the last contact with a business partner.

Storage periods in particular

As part of the description of individual technologies on our website, there are specific references to the storage period of data. In our cookie table, you will be informed about the storage period of individual cookies. In addition, you always have the possibility to ask us directly about the specific storage period of data. To do so, please use the contact data listed in this Privacy Policy.

Rights of data subjects

Data subject have the right:

  • (i) in accordance with Art. 15 of the GDPR, to request information about your personal data processed by us. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned duration of storage, the existence of a right of rectification, deletion, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, where applicable, meaningful information on the details thereof;
  • (ii) in accordance with Art. 16 of the GDPR, to demand without delay the correction of incorrect or incomplete personal data stored by us;
  • (iii) in accordance with Art. 17 of the GDPR, under specific circumstances  to demand the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • (iv) in accordance with Art. 18 of the GDPR, to demand the (temporary) restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defense of legal claims or you have lodged an objection to the processing in accordance with Art. 21 of the GDPR;
  • (v) in accordance with Art. 20 of the GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller; However, this only covers those of your personal data that we process with the help of automated processes after your consent or on the basis of a contract with you;
  • (vi) in accordance with Art. 21 of the GDPR, if your personal data are processed on the basis of our legitimate interest, to object to the processing of your personal data for reasons arising from your specific situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without indicating a specific situation.
  • (vii) in accordance with Art. 7 paragraph 3 of the GDPR, you may at any time revoke your consent to us. As a result, we may no longer continue the data processing based on this consent in the future. Among other things, you have the option of revoking your consent to the use of cookies on our website with effect for the future by calling up our Cookie Settings.
  • (viii) in accordance with Art. 77 of the GDPR to complain to a data protection authority regarding the illegal processing of your data by us. As a rule, you can contact the data protection authority at your usual place of residence or workplace or at the headquarters of our company.

The responsible data protection authority for KOHLSCHEIN GmbH & Co. KG is:

Landesbeauftragte für Datenschutz und Informationsfreiheit in NRW
Kavalleriestr. 2-4, 40213 Düsseldorf, Deutschland
Tel.: +49 211/38424-0, poststelle@ldi.nrw.de

Assertion of rights of data subjects

You yourself decide on the use of your personal data. Should you therefore wish to exercise one of your above-mentioned rights towards us, you are welcome to contact us by email at datenschutzbeauftragter.kohlschein@datafreshup.de or by post, as well as by telephone.

Please assist us in specifying your request by answering questions from our responsible employees regarding the specific processing of your personal data. If there are reasonable doubts about your identity, we may request a copy of your identification.

For questions regarding data protection, you can reach us at datenschutzbeauftragter.kohlschein@datafreshup.de or at the other contact details stated in this Privacy Policy.

Viersen, on 11. July 2022