KLG24 Logistik GmbH
email address: email@example.com
Represented by: Steffen Grünwoldt
TYPES OF DATA PROCESSED:
- Inventory data (e.g., names, addresses).
- Contact data (e.g. email, telephone numbers).
- Content data (e.g. text entries, photographs, videos).
- Usage data (e.g. visited websites, content of interest, access times).
- Meta-/communication data (e.g. device information, IP addresses).
PURPOSE OF THE PROCESSING
- Provision of the online offer, its functions and content.
- Replying to contact requests and communication with users.
- Safety measures.
- Reach measurement / marketing
”Personal data” are all data that refer to identified or identifiable natural persons (hereinafter “data subject”); a natural person that can be directly or indirectly identified by means of assignation to an identifier such as a name, an identification number, location data, to an online identification (e.g. cookie), or to one or several particulars that are expressions of the physiological, genetic, psychological, economic, cultural or social identity of this natural person.
“Processing” means any operation, or series of operations, that is carried out with or without the help of automated procedures in connection with person-specific data. The term is comprehensive and includes virtually any handling of data.
“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;
Any natural or legal person, authority, establishment or other institution that can, alone or in conjunction with others, decide upon the purposes and means of processing of person-specific data is referred to “data controller”.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller;
ESSENTIAL LEGAL BASIS
In accordance with Article 32 GDPR and taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
Measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as their access, input, disclosure, availability and separation. In addition, we have established procedures that ensure the fulfilment of data subject rights, data erasure, and reaction to data vulnerability. Furthermore, we already consider the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 GDPR).
COOPERATION WITH PROCESSORS AND THIRD PARTIES
If we reveal data to other persons or companies (contract processors or third parties) in the course of processing, transmit, or otherwise grant them access to these data, this shall only occur on the basis of legal permission (e.g. if transmission of data to third parties such as payment service providers is required for contract performance according to Art. 6 para. 1 lit. b GDPR is required to fulfil the contract), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we instruct third parties to process data on the basis of a so-called “Data processing order agreement”, this shall occur on the basis of Article 28 GDPR.
TRANSFER TO THIRD COUNTRIES
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA), or if we use third-party services, or disclose or transfer data to third parties, this only occurs if we are required to do so in order to fulfil (pre-)contractual obligations, on the basis of your consent, on the basis of a statutory requirement or on the basis of our legitimate interests. Subject to legal or contractual concessions, we only process data or allow data to be processed in a third country under the specific conditions outlined in Art. 44 et seq. of the GDPR. This means that data is processed on the basis of special guarantees, for example the data protection level must be determined in accordance with the levels officially recognised by the EU (e.g. in accordance with the Privacy Shield Frameworks stipulated in the USA), or must comply with officially recognised contractual obligations (standard contractual clauses).
DATA SUBJECT RIGHTS
You are entitled to request confirmation whether the relevant data are processed, as well as information about this data, and other information and copies of the data pursuant to article 15 GDPR.
According to article 16 GDPR, you are entitled to request the completion or correction of data concerning your person.
In accordance with Art. 17 GDPR, you have the right to demand that the relevant data be deleted immediately or, alternatively, in accordance with Art. 18 GDPR, to request that the processing of the data be restricted.
In terms of article 20 GDPR, you are entitled to request data relating to your person that you have provided to us and to request transfer thereof to other responsible persons;
Pursuant to article 77 GDPR, you are furthermore entitled lo lodge an appeal with the competent authorities.
RIGHT OF REVOCATION
You have the right to revoke your consent in accordance with article 7 Para. 3 GDPR with effect for the future
RIGHT TO OBJECT
You can object to the future processing of your data in accordance with Art. 21 GDPR at any time. Such an objection may in particular be lodged against any processing for direct advertising purposes.
COOKIES AND RIGHT TO OBJECT IN DIRECT ADVERTISING
Small files that are saved on users’ computers are known as “cookies”. Various data can be saved within cookies. A cookie primarily serves the purpose of saving data concerning users (or the computer on which the cookie is saved) during and possibly after their visit to the online offering. Cookies that are deleted after a user leaves an online offering and shuts his browser are known as temporary cookies, “session cookies” or “transient cookies”. Cookies of this type may contain data such as the content of a shopping cart in an online shop, or a log-in status. Cookies that remain saved after closing the browser are known as “permanent” or “persistent” cookies. Particulars such as the log-in status can thus be saved when users revisit them after several days. User interests that are used for reach assessment or marketing purposes can equally be saved in these types of cookies. “Third-party cookies” are cookies that are offered by a provider other than the data controller who operates the online offer (the data controller’s own cookies are known as “first-party cookies”)
If users do not wish for cookies to be saved on their computers, we ask them to activate the appropriate option in their browser’s system preferences. You can delete stored cookies using the system preferences of your browser at any time. The exclusion of cookies can lead to function limitations in this online offer.
DELETION OF DATA
According to legal requirements in Germany, the retention period is 10 years pursuant to Art. 147 para. 1 of the German Fiscal Code (Abgabeordnung, AO), and Art. 257 para. 1 nos. 1 and 4, para. 4 of the German Commercial Code (Handelsgesetzbuch, HGB) (trading books, inventories, opening balances, annual accounts, commercial letters, accounting records, etc.), as well as 6 years pursuant to Art. 257 para. 1 nos. 2 and 3, para. 4 of the German Commercial Code (business letters).
According to legal requirements in Austria the retention period is 7 years pursuant to § 132 para. 1 of the Austrian Fiscal Code (Bundesabgabeordnung, BAO) (accounting documents, receipts/invoices, accounts, records, business papers, statement of income and expenses, etc.), 22 years in connection with real estate, and 10 years in the case of documents relating to electronically supplied services, telecommunications, broadcasting and television services provided to non-EU companies in EU Member States for which the Mini-One-Stop-Shop (MOSS) is used.
When contact is made with us (e.g. via contact form, email, telephone or social media), user data is processed for the processing and implementation of the enquiry according to article 6 para. 1 lit. b. (within the framework of contractual / pre-contractual relationships), Art. 6 para. 1 lit. f. (other requests) GDPR.
We delete the inquiries once they are no longer required. We review necessity every two years; in addition, legal archiving obligations apply.
HOSTING AND EMAIL DISTRIBUTION
The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, data storage, database services, email distribution, security services and technical maintenance that we deploy in order to operate this online offering.
In doing so, we, or our hosting service provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data on customers, interested parties and visitors of this online offering based on our legitimate interests in being able to provide an efficient and secure online offering pursuant to article 6 para. 1 lit. f of the GDPR in conjunction with article 28 of the GDPR (Concluding a Data Processing Agreement)
COLLECTION OF ACCESS DATA AND LOGFILES
On the basis of Art. 6 para. 1 lit. f) GDPR, we, or our hosting service provider, collect data regarding every access to the server that contains this service (so-called server logfiles). Access data include the name of the website visited, the file accessed, the date and time of the visit, the volume of data transferred, notification of a successful visit, the browser type and version, the user’s operating system, the referring URL (previously visited site), the IP address and the querying provider.
For security reasons (e.g. for the investigation of improper or fraudulent use), log file information is stored for a duration of no more than 7 days, then deleted. Data which must be retained as potential evidence are not deleted until the relevant incident has been ultimately clarified.
ONLINE PRESENCE IN SOCIAL MEDIA
We maintain online presences on social networks and platforms in order to communicate with active customers, interested parties, and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators apply.