Data protection

Home / Data protection

This privacy policy informs you of the type, extent and purpose of the processing of personal data (hereinafter “data”) within our online offer and the websites, function and contents connected with it, as well as external online presences including our media profile (hereinafter “online offer”). Regarding the terminology used, such as “processing” or “data controller”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).


KLG24 Logistik GmbH
Maximilianallee 2
04129 Leipzig

email address:
Represented by: Steffen Grünwoldt


  • Inventory data (e.g., names, addresses).
  • Contact data (e.g. email, telephone numbers).
  • Content data (e.g. text entries, photographs, videos).
  • Usage data (e.g. visited websites, content of interest, access times).
  • Meta-/communication data (e.g. device information, IP addresses).


  • Provision of the online offer, its functions and content.
  • Replying to contact requests and communication with users.
  • Safety measures.
  • Reach measurement / marketing


”Personal data” are all data that refer to identified or identifiable natural persons (hereinafter “data subject”); a natural person that can be directly or indirectly identified by means of assignation to an identifier such as a name, an identification number, location data, to an online identification (e.g. cookie), or to one or several particulars that are expressions of the physiological, genetic, psychological, economic, cultural or social identity of this natural person.

“Processing” means any operation, or series of operations, that is carried out with or without the help of automated procedures in connection with person-specific data. The term is comprehensive and includes virtually any handling of data.

“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

Any natural or legal person, authority, establishment or other institution that can, alone or in conjunction with others, decide upon the purposes and means of processing of person-specific data is referred to “data controller”.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller;


Pursuant to Article 13 GDPR, we hereby notify you of the legal basis of our data processing operations. Insofar as the legal basis is not identified in the privacy policy, the following applies: The legal basis for obtaining consent is pursuant to Article 6 para. 1 lit. a. and Article 7 GDPR; the legal basis for processing data in order to perform our services, to implement the measures provided for in the contract and to respond to queries is laid down in Art. 6 para. 1 lit. b) GDPR; the legal basis for processing data in order to fulfil our legal obligations is laid down in Art. 6 para. 1 lit. c) GDPR and the legal basis for processing data in order to safeguard our legitimate interests is laid down in Art. 6 para. 1 lit. f of the EU General Data Protection Regulation (GDPR). In the event that vital interests of the data subject or another natural person require the processing of personal data, Article 6 para. 1 lit. d) GDPR is the legal basis.


In accordance with Article 32 GDPR and taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and separation. In addition, we have established procedures that ensure the fulfilment of data subject rights, data erasure, and reaction to data vulnerability. Furthermore, we already consider the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).


If we reveal data to other persons or companies (contract processors or third parties) in the course of processing, transmit, or otherwise grant them access to these data, this shall only occur on the basis of legal permission (e.g. if transmission of data to third parties such as payment service providers is required for contract performance according to Art. 6 para. 1 lit. b GDPR is required to fulfil the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we instruct third parties to process data on the basis of a so-called “Data processing order agreement”, this shall occur on the basis of Article 28 GDPR.


If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA), or if we use third-party services, or disclose or transfer data to third parties, this only occurs if we are required to do so in order to fulfil (pre-)contractual obligations, on the basis of your consent, on the basis of a statutory requirement or on the basis of our legitimate interests. Subject to legal or contractual concessions, we only process data or allow data to be processed in a third country under the specific conditions outlined in Art. 44 et seq. of the GDPR. This means that data is processed on the basis of special guarantees, for example the data protection level must be determined in accordance with the levels officially recognised by the EU (e.g. in accordance with the Privacy Shield Frameworks stipulated in the USA), or must comply with officially recognised contractual obligations (standard contractual clauses).


You are entitled to request confirmation whether the relevant data are processed, as well as information about this data, and other information and copies of the data pursuant to article 15 GDPR.

According to article 16 GDPR, you are entitled to request the completion or correction of data concerning your person.

In accordance with Art. 17 GDPR, you have the right to demand that the relevant data be deleted immediately or, alternatively, in accordance with Art. 18 GDPR, to request that the processing of the data be restricted.

In terms of article 20 GDPR, you are entitled to request data relating to your person that you have provided to us and to request transfer thereof to other responsible persons;

Pursuant to article 77 GDPR, you are furthermore entitled lo lodge an appeal with the competent authorities.


You have the right to revoke your consent in accordance with article 7 Para. 3 GDPR with effect for the future


You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. Such an objection may in particular be lodged against any processing for direct advertising purposes.


Small files that are saved on users’ computers are known as “cookies”. Various data can be saved within cookies. A cookie primarily serves the purpose of saving data concerning users (or the computer on which the cookie is saved) during and possibly after their visit to the online offering. Cookies that are deleted after a user leaves an online offering and shuts his browser are known as temporary cookies, “session cookies” or “transient cookies”. Cookies of this type may contain data such as the content of a shopping cart in an online shop, or a log-in status. Cookies that remain saved after closing the browser are known as “permanent” or “persistent” cookies. Particulars such as the log-in status can thus be saved when users revisit them after several days. User interests that are used for reach assessment or marketing purposes can equally be saved in these types of cookies. “Third-party cookies” are cookies that are offered by a provider other than the data controller who operates the online offer (the data controller’s own cookies are known as “first-party cookies”)

We may use temporary or permanent cookies, and inform you of this within the framework of our privacy policy.

If users do not wish for cookies to be saved on their computers, we ask them to activate the appropriate option in their browser’s system preferences. You can delete stored cookies using the system preferences of your browser at any time. The exclusion of cookies can lead to function limitations in this online offer.

A general objection against the use of cookies for online marketing purposes can be lodged for a multitude of services, especially in case of tracking, via the US site or the EU site Furthermore, cookies can be blocked by disabling them in the browser’s settings. Please note that in this case you may not be able to use the full functionality of this online offering.


The data processed by us will be deleted or restricted in their processing in accordance with Art. 17 and 18 GDPR. Unless expressly stated otherwise in this privacy policy, data we save is erased as soon as it is no longer required for their intended purpose, insofar as its deletion does not conflict with any statutory storage requirements. If data cannot be deleted because it is required for other and legally permissible purposes, its processing shall be restricted. This means that the data will be blocked and not processed for other purposes. This applies e.g. for data that must be kept for commercial or tax reasons. <

According to legal requirements in Germany, the retention period is 10 years pursuant to Art. 147 para. 1 of the German Fiscal Code (Abgabeordnung, AO), and Art. 257 para. 1 nos. 1 and 4, para. 4 of the German Commercial Code (Handelsgesetzbuch, HGB) (trading books, inventories, opening balances, annual accounts, commercial letters, accounting records, etc.), as well as 6 years pursuant to Art. 257 para. 1 nos. 2 and 3, para. 4 of the German Commercial Code (business letters).

According to legal requirements in Austria the retention period is 7 years pursuant to § 132 para. 1 of the Austrian Fiscal Code (Bundesabgabeordnung, BAO) (accounting documents, receipts/invoices, accounts, records, business papers, statement of income and expenses, etc.), 22 years in connection with real estate, and 10 years in the case of documents relating to electronically supplied services, telecommunications, broadcasting and television services provided to non-EU companies in EU Member States for which the Mini-One-Stop-Shop (MOSS) is used.


When contact is made with us (e.g. via contact form, email, telephone or social media), user data is processed for the processing and implementation of the enquiry according to article 6 para. 1 lit. b. (within the framework of contractual / pre-contractual relationships), Art. 6 para. 1 lit. f. (other requests) GDPR.

We delete the inquiries once they are no longer required. We review necessity every two years; in addition, legal archiving obligations apply.


The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, data storage, database services, email distribution, security services and technical maintenance that we deploy in order to operate this online offering.

In doing so, we, or our hosting service provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data on customers, interested parties and visitors of this online offering based on our legitimate interests in being able to provide an efficient and secure online offering pursuant to article 6 para. 1 lit. f of the GDPR in conjunction with article 28 of the GDPR (Concluding a Data Processing Agreement)


On the basis of Art. 6 para. 1 lit. f) GDPR, we, or our hosting service provider, collect data regarding every access to the server that contains this service (so-called server logfiles). Access data include the name of the website visited, the file accessed, the date and time of the visit, the volume of data transferred, notification of a successful visit, the browser type and version, the user’s operating system, the referring URL (previously visited site), the IP address and the querying provider.

For security reasons (e.g. for the investigation of improper or fraudulent use), log file information is stored for a duration of no more than 7 days, then deleted. Data which must be retained as potential evidence are not deleted until the relevant incident has been ultimately clarified.


We maintain online presences on social networks and platforms in order to communicate with active customers, interested parties, and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.

Unless otherwise stated in our privacy policy, we process the data of users who communicate with us on social networks and platforms, e.g. write posts on our pages or send us messages.

Compiled using by RA Dr. Thomas Schwenke