Data Protection Policy

Thank you very much for your interest in our website. The protection of personal data is an important concern to us. We observe the legal regulations on data protection and data security.

We are subject in particular to the provisions of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act in the version valid as of 25/05/2018 (“BDSG”) and the German Telemedia Act (“TMG”). Accordingly, we also have a right to gather and use personal data to the extent that this is required to enable you to use our internet offer at www.kolb-ct.com, including all services and features contained in it.

Below, please find information as to which personal data we gather when you use our website and take advantage of the services and features available on it, as well as information about the purposes for which we use this data.

I. Name and address of the data controller

The data controller in the definition of the EU General Data Protection Regulation and other, national data protection laws of the Member States as well as further data protection regulations is:

kolb Cleaning Technology GmbH
Karl-Arnold-Str. 12
47877 Willich
Phone: +49 2154 9479-38
E-Mail: info@kolb-ct.com
Website: www.kolb-ct.com

II. Name and address of the data protection officer

The data protection officer of the data controller is:

Johannes Schwiegk
Datenzeit GmbH
Friedrich-Engels-Allee 200
42285 Wuppertal
Phone: +49 202 94794940
E-Mail: datenschutz@datenzeit.de
Website: https://www.datenzeit.de/

III. General remarks on data processing

1. Scope of the processing of personal data

We process the personal data of our users generally only to the extent that this is required for providing a functional website and our contents and services. The personal data of our users are processed normally only with the user’s consent. An exception applies in such cases where it is not possible to obtain prior consent for practical reasons and the processing of the data is permitted under legal regulations.

2. Legal basis for the processing of personal data

If we obtain a consent declaration from the data subject for the processing of personal data, Art. 6 (1) lit. a) EU General Data Protection Regulation (GDPR) applies as the legal basis.

In the processing of personal data that is required for the fulfilment of a contract to which the data subject is a party, Art. 6 (1) lit. b) GDPR serves as the legal basis. This also applies to processing that is required to conduct pre-contractual measures.

Where processing of personal data is required for the fulfilment of a legal obligation imposed on our company, Art. 6 (1) lit. c) GDPR serves as the legal basis.

In the case that vital interests of the data subject or another natural person necessitate the processing of personal data, Art. 6 (1) lit. d) GDPR serves as the legal basis.

If the processing serves to protect a justified interest of our company or of a third party and if the interests, civil rights and fundamental freedoms of the data subject do not outweigh the interest mentioned first, Art. 6 (1) lit. f) GDPR serves as the legal basis for the processing.

3. Data deletion and period of storage

The personal data of the data subject will be deleted or blocked as soon as the purpose for storing it ceases to apply. Storing can also take place beyond this point in time if this has been provided by the European or national legislator in directives, laws and other regulations under EU law, which apply to the data controller. The data will also be blocked or deleted when a storage period expires that is prescribed by said standards, unless there is a necessity for the continued storage of the data for a contract conclusion or contract fulfilment.

IV. Provision of the website and creation of logfiles

1. Description and scope of the data processing

On each retrieval of our website, our system automatically gathers data and information from the computer system of the accessing computer.

The following data is gathered in this process:

• IP address
• Date and time of the retrieval
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the retrieval (concrete page)
• Access status/HTTP status code
• Respectively transferred data volume
• Referrer website
• Browser
• Operating system and its interface
• Language and version of the browser software

We cannot attribute these data to identifiable persons. We will not combine these data with data from other sources.

The legal basis for the temporary storing of the data is Art. 6 (1) lit. f) GDPR.

2. Purpose of the data processing

The temporary storing of the IP address by the system is necessary to enable a delivery of the website to the computer of the user. For this purpose, the user’s IP address must remain stored for the duration of the session. The storage also takes place to ensure the functionality of the website. In addition, the data helps us optimise the website and ensure the security of our IT systems. The data is not analysed for marketing purposes in this context.

These purposes are also justified interests of ours in the data processing pursuant to Art. 6 (1) lit. f) GDPR.

3. Duration of the storing

The data will be deleted as soon as it is no longer needed to achieve the purpose for gathering it. This will be the case when the respective session is ended in the case that data is gathered for the purpose of providing this website. Moreover, the data will be deleted at the latest after seven days. Storing beyond this point is possible. In that case, the users’ IP addresses will be deleted or anonymised, so that it will not be possible anymore to attribute them to the retrieving client.

4. Possibility for objection and removal

The gathering of the data for the purpose of providing the website and the storing of the data in logfiles is necessarily required for the operation of the website. Consequently, there is no possibility to object for the user.

V. Use of cookies

a) Description and scope of the data processing

Besides the aforementioned data, cookies are stored on your computer when you use this website. Cookies are small text files that are stored on your hard drive as attributed to the browser you use and through which we receive certain information. Cookies cannot execute any programs or infect your computer with viruses. They serve to make the online offer overall more user-friendly and more effective. This website currently only uses technically necessary cookies. That is why we do not use a consent management tool or cookie banner.

b) Legal basis for the data processing

The legal basis for the processing of personal data by means of cookies is Art. 6 (1) sent. 1 lit. a), c), and f) GDPR.

c) Purpose of the data processing

The purpose of using technically necessary cookies is to simplify the use of websites for the users. Some features of our website cannot be offered without the use of cookies. In addition, we need to use cookies to be able to fulfil our legal obligations and duties of accountability pursuant to the GDPR. For these, it is required that the browser is recognised even after changing to other web pages. The user data gathered by the technically necessary cookies is not used to create user profiles. Analysis cookies are used for the purpose of improving the quality of our website and its contents. They will be set only upon the user’s consent (Art. 6 (1) sent. 1 lit. a) GDPR). We find out from the analysis cookies how the website is used and we can thereby continuously optimise our offer. These purposes also constitute our legitimate interest in the processing of personal data pursuant to Art. 6 (1) sent. 1 lit. f) GDPR.

d) Duration of the storing, possibility for objection and removal

Cookies are stored on the user’s computer and transmitted from it to our website. Therefore, as a user, you also have full control over the use of cookies. Cookies already stored can be deleted at any time. This can also be done in an automated process.

VI. Job applications

1. Description and scope of the data processing

Your job applicant data will be screened by the HR department upon receipt of your application. Qualified applications will then be passed on internally to the managers of the departments with the relevant vacancy. The further process will then be coordinated. On principle, only persons have access to your data at our company, who require this access to ensure the correct processing of our application procedure. The data will be processed exclusively in computing centres located within the Federal Republic of Germany.

2. Legal basis for the data processing

The primary legal basis for the processing of your personal data in this application process is Sec. 26 BDSG in the version valid as of 25/05/2018. Accordingly, it is permitted to process the data that is required in the context of the decision on whether to establish an employment relationship.

If the data should be needed after the end of the application procedure, as the case may be, for filing legal claims, data processing may take place on the basis of the requirements under Art. 6 GDPR, in particular the protection of legitimate interests pursuant to Art. 6 (1) lit. f) GDPR. Our interest will then be in the enforcement of or defence against claims.

3. Purpose of the data processing

We process the data that you have sent us in connection with your application in order to review your qualification for the position (or, if applicable, other vacant positions at our company) and carry out the application process.

4. Duration of the storing

Data of job applicants will be deleted after 6 months in case we decline the application.

In case you have consented to the continued storing of your personal data, we will adopt your data into our applicant pool. The data will be deleted from it after expiration of two years.

If you are selected to fill a vacant job in the course of the application process, the data will be migrated from the application data system into our HR information system.

VII. Registration in our customer area

1. Description and scope of the data processing

We offer customers the possibility on our website to register in our customer area in order to manage contracts/orders and retrieve documents. The data is entered in an input mask in the process and it is transmitted to us and stored by us. No data will be transferred to third parties.

The consent of the user for the processing of this data is obtained in the course of the registration process.

2. Legal basis for the data processing

The legal basis for our processing of the data is your consent pursuant to Art. 6 (1) lit. a) GDPR.

If the registration serves for the fulfilment of a contract to which the user is a party or for the execution of pre-contractual measures, the additional legal basis for the processing of the data is Art. 6 (1) lit. b) GDPR.

3. Purpose of the data processing

A registration of the user is required for the fulfilment of a contract to which the user is a party or for the execution of pre-contractual measures.

4. Duration of the storing

The data will be deleted as soon as it is no longer needed to achieve the purpose for gathering it.

This will be the case [sic for the data gathered] during the registration process for the fulfilment of a contract or the execution of pre-contractual measures whenever the data is no longer needed for the execution of the contract. A necessity to store personal data of the contractual partner can also apply after conclusion of the contract, in order to fulfil contractual or legal obligations.

5. Possibility for objection and removal

As a user, you have the option at any time to cancel the registration. You can have the data stored about you be changed at any time.

If the data is required for the fulfilment of a contract or execution of pre-contractual measures, a premature deletion of the data is possible only if no contractual or legal obligations are opposed to a deletion.

VIII. Contact form and email contact and call-back service

1. Description and scope of the data processing

We provide a contact form for service requests on our website, which can be used to contact us electronically. If a user uses this option, the data entered in the input mask will be transmitted to us and stored by us.

Your informed consent on the processing of the data with reference to this Data Privacy Statement will be documented as part of the transmission process.

It is further possible to contact us via our website using the specified email address (info@kolb-ct.com). In that case, the user’s personal data that is transmitted in the email will be stored, in particular also the data that you indicate when you fill out and attach our form for the requirement analysis.

In addition, we offer a call-back service by telephone. Use of the call-back service is voluntary. To be able to offer this service to you, we provide an input mask in which we query the following required information: salutation, your name, phone number, postal code, and your company name. If you use the service, this information will be stored by us.

The data will not be passed on to third parties in this context. The data will be used exclusively for the processing of the communication.

2. Legal basis for the data processing

The legal basis for our processing of the data is your consent pursuant to Art. 6 (1) lit. a) GDPR.

If the contact by email aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) lit. b) GDPR.

3. Purpose of the data processing

The processing of the personal data from the input mask serves the sole purpose of our processing of the communication and, in the case of contact by email, the data processing has the sole purpose of our processing of your request that has been sent by email.

The other personal data processed in the course of the transmission process serves to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of the storing

The data will be deleted as soon as it is no longer needed to achieve the purpose for gathering it. This is the case regarding the personal data transmitted by email when the respective communication with the user is finished. The communication is terminated when it can be seen based on the circumstances that the relevant facts have been clarified conclusively.

5. Possibility for objection and removal

The user has the possibility at all times to revoke his/her consent to the processing of personal data. If the user contacts us by email, he/she can object at any time to the storing of his/her personal data. In such a case, the communication cannot be continued.

All personal data that has been stored in the course of the contacting will be deleted in that case.

An opt-out option is available at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

X. Web analysis through Matomo

1. Description and scope of the data processing

We use the open source software tool Matomo (formerly PIWIK) on our website to analyze the surfing behavior of our users. In the configuration we use, no cookies (for cookies, see already above) are set on users' computers. The recognition of returning users is achieved with the help of a so-called "digital fingerprint", which is stored anonymously and changed every 24 hours. With the "digital fingerprint", user movements within our online offering are recorded using pseudonymized IP addresses in combination with user-side browser settings in such a way that it is not possible to draw conclusions about the identity of individual users.

If individual pages of our website are called up, the following data is stored by means of the "digital fingerprint":

• Two bytes of the IP address of the user's calling system.
• The web page called up
• The website from which the user reached the accessed website (referrer)
• The subpages accessed from the accessed website
• The time spent on the website
• The frequency with which the website is accessed

The software runs exclusively on the servers of our website. A storage of the personal data of the users only takes place there. The data is not passed on to third parties. The software is set in such a way that the IP addresses are not stored completely, but 2 bytes of the IP address are masked (ex: 192.168.xxx.xxx). In this way, an assignment of the shortened IP address to the calling computer is no longer possible.

2. Legal basis for the data processing

The legal basis for the processing of users' personal data is Art. 6 (1) lit. f DSGVO.

3. Purpose of the data processing

The processing of the users' personal data enables us to analyze the surfing behavior of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continuously improve our website and its user-friendliness. In these purposes also lies our legitimate interest in processing the data according to Art. 6 para. 1 lit. f DSGVO. By anonymizing the IP address, the interest of users in their personal data protection is sufficiently taken into account.

4. Duration of the storing

The data is deleted after the periods specified above or when it is no longer required for our recording purposes.

5. Possibility for objection and removal

For more information on the privacy settings of the Matomo software, please see the following link: matomo.org/docs/privacy/. Your right of rectification, deletion and objection according to Art. 16, 17 and 21 DSGVO is pointed out; for more details see chapter X.

XI. Rights of data subjects

If personal data of you is processed, you are a data subject in the definition of the GDPR and you have the following rights in relation to the data controller:

1. Right to obtain confirmation

You can demand a confirmation from the data controller of whether personal data relating to you is being processed by us.

If such processing applies, you can demand information from the data controller regarding the following aspects:

(1) the purposes for which the personal data is processed;

(2) the categories of personal data that is processed;

(3) the recipients or categories of recipients to whom personal data relating to you has been disclosed or will be disclosed in the future;

(4) the planned duration of the storing of the personal data relating to you or, if this cannot be specified concretely, the criteria for determining the storage             duration;

(5) applicability of a right to correction or deletion of the personal data relating to you, a right to restrict the processing by the data controller or a right to object to this processing;

(6) applicability of a right to lodge complaint with a supervisory authority;

(7) all available information on the origin of the data if the personal data has not been gathered from the data subject;

(8) applicability of an automated decision-making process including profiling according to Art. 22 (1) and (4) GDPR and – at least in these cases – explanatory information about the involved logic and scope, as well as the intended effects for the data subject from such processing.

You have the right to demand information of whether the personal data relating to you is being transmitted to a third country or an international organisation. In this connection, you can request being informed about the suitable guarantees according to Art. 46 GDPR relating to the transmission.

2. Right to correction

You have a right to the correction and/or completion in relation to the data controller, insofar as the processed personal data relating to you is incorrect or incomplete. The data controller has to make the correction without delay.

3. Right to restrict the processing

On the following conditions, you can request the limitation of the processing of personal data relating to you:

(1) if you deny the correctness of the personal data relating to you for a period that enables the data controller to check the correctness of the personal data;

(2) the processing is illegitimate and you reject the deletion of the personal data, and instead request the limitation of the use of the personal data;

(3) the data controller no longer needs the personal data for the purposes of the processing, but you require it for the assertion, exercise or defence of legal claims; or

(4) if you have raised an objection against the processing according to Art. 21 (1) GDPR and if it is not certain yet if the justified interests of the data controller outweigh your reasons.

If the processing of the personal data relating to you has been limited, this data may be processed – other than for storing – only with your consent or only to assert, exercise or defend legal claims or to protect the rights of another natural person or legal entity, or for reasons of a compelling public interest of the European Union or of a Member State.

If the limitation of the processing has been applied according to the aforementioned conditions, you will be informed by the data controller before the limitation is lifted.

4. Right to erasure

a) Obligation for erasure

You can demand from the data controller that the personal data relating to you is to be deleted immediately and the data controller will be obligated to delete this data immediately if one of the following reasons applies:

(1) The personal data relating to you is no longer required for the purposes for which it has been gathered or otherwise processed.

(2) You revoke your consent that served as the basis for the processing according to Art. 6 (1) lit. a) or Art. 9 (2) lit. a) GDPR and there is no other legal basis for the processing.

(3) You raise an objection according to Art. 21 (1) GDPR against the processing and there are no outweighing justified reasons for the processing, or you object to the processing according to Art. 21 (2) GDPR.

(4) The personal data relating to you is processed illegitimately.

(5) The deletion of the personal data relating to you is required to fulfil a legal obligation according to EU law or the laws of the Member States that apply to the data controller.

(6) The personal data relating to you has been gathered with regard to offered services of the information society according to Art. 8 (1) GDPR.

b) Information to third parties

If the data controller has made the personal data relating to you publicly accessible and if it is obligated to delete it according to Art. 17 (1) GDPR, it will take appropriate measures, also of technical nature, in consideration of the available technology and implementation costs, in order to inform the parties, who are responsible for the data processing and who process the personal data, of the fact that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.

c) Exceptions

The right to deletion does not apply if the processing is required

(1) to exercise the right to free speech and information;

(2) to fulfil a legal obligation that applies to the processing pursuant to EU law or the laws of the Member States that apply to the data controller, or to fulfil a task in the public interest or in exercise of public power that has been delegated to the data controller;

(3) for reasons of the public interest in matters of public health according to Art. 9 (2) lit. h) and i) as well as Art. 9 (3) GDPR;

(4) for archiving purposes that are in the public interest, for scientific or historic research purposes or for statistical purposes according to Art. 89 (1) GDPR, insofar as the right referred to under Section a) is expected to render the realisation of the processing objectives impossible or obstruct it to significant extent; or

(5) for the assertion, exercise or defence of legal claims.

5. Right to information

If you have asserted the right to the correction, deletion or limitation of the processing against the data controller, it will be obligated to inform all recipients to whom personal data relating to you has been disclosed of this correction or deletion of this data or the limitation of the processing, unless this proves to be impossible or if such is tied to disproportionate effort or expense.

You have the right in relation to the data controller to be informed of these recipients.

6. Right to data portability

You have the right to receive the personal data relating to you that you have made available to the data controller in a structured, common and machine-readable format. You have furthermore the right to transmit this data to another data controller without obstruction by the data controller to whom the personal data has been made available, insofar as

(1) the processing is based on a consent according to Art. 6 (1) lit. a) GDPR or Art. 9 (2) lit. a) GDPR or a contract according to Art. 6 (1) lit. b) GDPR, and

(2) the processing takes place by means of automated processes.

In exercise of this right, you moreover have the right to effect that the personal data relating to you is transmitted directly from one data controller to another data controller insofar as this is technically practicable. Freedoms and rights of other persons must not be impaired thereby.

The right to data portability does not apply to the processing of personal data that is required to fulfil a task in the public interest or in exercise of public power that has been delegated to the data controller.

7. Right to object

You have the right to object at any time, for reasons that result from your particular situation, to the processing of the personal data relating to you that takes place on the basis of Art. 6 (1) lit. e) or lit. f) GDPR; this also applies to profiling based on these provisions.

The data controller will cease the processing of the personal data relating to you, unless it can prove compelling reasons for the processing that qualify for protection and which outweigh your interests, rights and freedoms, or if the processing serves the purpose of asserting, exercising or defending against legal claims.

If the personal data relating to you is processed to operate direct marketing, you have the right to object at any time to the processing of the personal data relating to you for the purpose of such advertising; this also applies to profiling if it is connected to such direct marketing.

If you object to the processing for the purposes of direct marketing, the personal data relating to you will no longer be processed for these purposes.

You have the option to exercise your right to object in connection with the use of the services of the information society – notwithstanding Directive 2002/58/EC – by means of automated procedures, in which technical specifications are used.

8. Right to revoke the consent according to data protection laws

You have the right to revoke your consent according to data protection laws at any time. The legitimacy of the processing that has taken place up until your objection will not be affected by the revocation of the consent.

9. Automated decision in the individual case including profiling

You have the right not to be subjected to a decision that is exclusively based on automated processing – including profiling – which develops legal effect in relation to you or which causes similar significant obstructions for you. This does not apply if the decision

(1) is required for the conclusion or the fulfilment of a contract concluded between you and the data controller;

(2) is permissible based on the legal regulations of the EU or the Member States that apply to the data controller and if these legal regulations contain appropriate measures to protect your rights and freedoms as well as your justified interests; or

(3) is made with your explicit agreement.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR, unless Art. 9 (2) lit. a) or lit. g) GDPR applies and appropriate measures for the protection of rights and freedoms as well as your justified interests have been taken.

Regarding the cases referred to in (1) and (3), the data controller will take appropriate measures to protect rights and freedoms as well as your justified interests, which includes at least the right of a person of [sic] the data controller to take influence, to present own standpoints and to challenge the decision.

10. Right to lodge complaint with a supervisory authority

Without prejudice to other administrative or in-court appeal, you have the right to lodge complaint with a supervisory authority, in particular in the Member State of your domicile, your workplace or the place of the suspected violation if you believe that the processing of personal data relating to you violates the GDPR.

The supervisory authority with which complaint has been filed will inform the complainant of the status and the results of the complaint including the possibility of appeal in court pursuant to Art. 78 GDPR.

XII. Changes to this Data Privacy Statement

The further development of the internet and our own internet offer can also have effects on the handling of personal data. We therefore reserve the right to change this Data Privacy Statement in the future within the scope of the applicable data protection laws and, if necessary, adjust it to the changed data processing. The current version of the Data Privacy Statement can be retrieved at all times in the “Data protection” area or under “Data Privacy Statement”.