Data Protection Declaration of Kurtz Holding GmbH & Co Beteiligungs KG

We would like to welcome you on your visit to our website and appreciate your interest in our company. We take the protection of your personal data very seriously. We use your data in line with the applicable legislative provisions on the protection of personal data, in particular the EU General Data Protection Regulation (EU GDPR) and the German legislation that applies to us. We are using this data protection declaration to inform in detail you about how Kurtz Holding GmbH & Co Beteiligungs KG processes your personal data and your related rights.

In this context, personal data is that information that makes it possible to identify a natural person. In particular, this includes your name, date of birth, address, telephone number, email address and your IP address.
Anonymous data are deemed to exist if no kind of personal connection to the user can be established.

Responsible Authority and Data Protection Officer

Kurtz Holding GmbH & Co. Beteiligungs KG
Frankenstr. 2
Industriegebiet Wiebelbach
97892 Kreuzwertheim

Germany
www.kurtzersa.com
Phone: +49 (9342) 807-0
Fax: +49 (9342) 807-404
email: info@kurtzersa.de

Contact to the Data Protection Officer (atarax Group)
dataprotection@kurtzersa.de

Your Rights as an Affected Person

At this point we would firstly like to inform you of your rights as an affected person. These rights are set out in Sections 15 – 22, EU GDPR. These cover:
•    the right to information (Section 15, EU GDPR);
•    the right to have your data deleted (Section 17, EU GDPR);
•    the right to have your data corrected (Section 16, EU GDPR);
•    the right to data transportability (Section 20, EU-GDPR);
•    the right to restriction of data processing (Section 18, EU GDPR) ;
•    the right to object to having your data processed (Section 21, EU GDPR).

To assert these rights, please contact: dataprotection@kurtzersa.de. The same applies if you have any questions to your data being processed by our company. You are also entitled to appeal to a data protection supervisory authority.

Rights of Objection

Please note the following in connection with the right to object:

If we use your personal data for the purpose of direct advertising, you will be entitled to object to our processing them for this purpose at any time without giving reasons. This will also apply to profiling if it is directly connected with direct advertising.

If you object to your data being processed purpose of direct advertising, we will no longer process your data for these purposes. You may object free of charge without following any particular form to: info@kurtzersa.de.

If we process your data for the purpose of safeguarding your legitimate interests, you can object at any time for reasons arising from this particular situation; this also applies to profiling based on these provisions.
We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for doing so that outweigh your interests, rights and freedoms or if processing data serves to assert, exercise or defend legal interests.

Purposes and Statutory Bases of Data Using

When processing your personal data, we will observe the provisions of the EU GDPR and all other applicable data protection provisions. The statutory bases for data processing arise in particular from Section 6 EU GDPR.

We use your data to initiate business transactions, fulfil contractual and statutory obligations, carry out contractual relationships, offer products and services and to reinforce customer relationships, which may also include analyses for marketing purposes and direct advertising. The statutory bases of data processing are formed by the contract (purchase contract, Section 6, I, 1 (b) GDPR), consent (Section 6 I, 1 [a] GDPR) and data processing (Section 6 I, 1 [f] GDPR) in cases of legitimate interest.

Your consent also constitutes a data protection law-related provision that requires permission to be given. In this case, we are informing you here of the purposes of data processing and your right to rescind your consent. Should your consent also concern processing special categories of personal data, we will point this out to you explicitly in the consent (Section 88, Subsection 1 EU GDPR).

Special categories of personal data as defined by Section 9, Subsection 1 EU GDPR, will only be processed if this is required by legislative provisions and if there is no reason to assume that your legitimate interests outweigh exclusion from processing (Section 88, Subsection 1 EU GDPR).

Passing on Personal Data to Third Parties

We will pass on your data only on the basis of legislative provisions or if the related consent has been given. Otherwise, personal data will not be passed to third parties unless we are obliged to do so further to compelling legislative provisions (forwarding to external quarters such as regulatory authorities or criminal prosecution authorities).

Recipients of Data / Categories of Recipients

Within our company we will ensure that only those persons who need your data to carry out contractual and statutory obligations actually receive them. The data will be transmitted to the Sales, Service and Communications Departments only.

In many cases, service providers assist our operational departments to carry out their tasks. The necessary agreements have already been concluded with all service providers. Where orders are processed, our Purchasing Department will ensure that the necessary data-processing agreements have been concluded.

Transfer of Data to Third-Party Countries /

Intention to Transfer Data to Third-Party Countries

Data will only be transferred to third-party countries (outside the European Union and / or the European Economic Area) if this is required for fulfilling contractual obligations, if it is prescribed by law or if you have given us your consent to do so.

We will transfer your personal data to a service provider or a group member company outside the European Economic Area if your enquiries concern the branches in these third-party countries (USA, Mexico, Russia and China).

Maintaining this level of data protection is guaranteed by EU standard contractual clauses.

Storage Periods of Your Data

We will store your data for as long as we need them for each purpose of processing. Please note that numerous retention periods require that data will (need to) be stored for the future. In particular, this will affect retention periods required by commercial or tax law, such as the German Commercial Code or the German Fiscal Code, etc.). If there are no further retention obligations in place, the data will be routinely deleted after the intended purpose has been achieved.

We can also retain data if you have given us your consent to do so or if there is a legal dispute, in which case, we will use it as evidence as part of statutory expiry periods which can last up to 30 years; the regular expiry period is three years.

Secure Transfer of Your Data

In order to protect data stored with us as far as possible against coincidental or deliberate manipulation, loss, destruction or access by unauthorised persons, we use appropriate technical and organisational security measures. The security levels are constantly checked in cooperation with security experts and adapted to new security standards.

Data is transferred from and to our website in encrypted form only. For our web presence, we offer the HTTPS transfer protocol using the latest encryption protocols. We also offer our content encryption for users of our contact forms and for job applications. Only we are able to decrypt these data. Other modes of communication are also available, such as the postal system.

Obligation to Provide Data

Various kinds of personal data are necessary for establishing, performing and ending a contractual obligation and fulfilling the related contractual and statutory obligations. The same applies to the use of our website and the various functions it provides.

We have summed up details on this in the abovementioned point. In certain cases, data must be obtained or provided due to statutory requirements. Please note that we cannot use your enquiry or execute the contractual obligation on which it is based without these data being provided.

Categories, Sources and Origin of Data

Which data we use is determined by each situation. This depends on whether you place an order online, enter an enquiry in our contact form, send us a job application or submit a complaint.

Please note that, where appropriate, we may also make information available separately for special processing situations such as uploading job application documentation or in a contact enquiry.

We Collect and Use the Following Data on Visits to Our Website:

•    name of the internet service provider;
•    details about the website from which you are visiting us;
•    the web browser and operating system used;
•    the IP address allocated by your internet service provider;
•    requested files, the data volume transferred, downloads/file export;
•    details about the webpages on our site that you call up, including date and time.

For reasons of technical security, (in particular to ward off attempted attacks on our web server), these data are stored in accordance with Section 6, Subsection 1, (F) EU GDPR. After seven days at the latest, these data will be anonymised by shortening the IP address so that no reference to the user can be made.

We Collect and Use the Following Data from Contact Enquiries:

•    last name, first name
•    contact data
•    honorific
•    details on requests and interests.

We Collect and Use the Following Data When an Order is Placed:

•    honorific
•    last name, first name
•    delivery address
•    invoice address
•    email address
•    payment conditions
•    delivery conditions
•    current shopping cart.

We Collect and Use the Following Data from Online Job Applications:

•    last name, first name
•    address
•    contact data (email address, telephone number)
•    documents sent, such as covering letter, professional/vocational qualifications (incl. further education/training), job references, CVs, internship certificates (data on previous employers)
•    desired salary
•    "how did you find us?"
•    has the applicant worked for us before?
•    earliest starting date
•    we also use data from publicly available lists, e.g. job networks, if this is legally permitted.

We Collect and Use the Following Data from Newsletters:

•    last name, first name
•    email address
•    honorific
•    analysis data from assessing newsletters

Contact Forms / Making Contact by Email / Seminar registrations

(Section 6, Subsection 1 (a & b) EU GDPR)

Our website has a contact form which can be used for contacting us electronically or for registering for seminars for the Hammer Academy. If you write to us using the contact form, we will process the data you provide in the contact form to contact you and answer your questions and requests or to register for seminars if you have registered for them.

The principle of data minimization and data avoidance is followed here, since you only have to provide the data that we absolutely need to contact you. These are your e-mail address and the message field itself. In addition, your IP address is processed for technical reasons and for legal protection. All other data are optional fields and can be entered optionally (e.g. to answer your questions more individually).

If you contact us by e-mail, we will process the personal data provided in the e-mail only for the purpose of processing your request.

Newsletters (Section 6, Subsection 1 (a) EU GDPR)

You can subscribe to a free newsletter on our website. The email address you give when registering for the newsletter, your name and honorific will be used to send personalised newsletters.

In this context, the principle of data economy and data avoidance will be observed as only the email address is marked as a required field (where appropriate: your name for personalised newsletters). We also use your IP address for reasons of technical necessity and to protect ourselves legally when you subscribe to a newsletter.

We send newsletters using the so-called "double opt-in" method. This means that you will only receive advertising via email if you have explicitly confirmed beforehand that we should activate the newsletter service. We do this by notifying you by email and asking you to confirm by clicking on a link in this email that you would like to receive our newsletters at this email address.

We also use a newsletter tracking pixel which tells us whether you have opened the newsletter (or not) and which links in the newsletter you have clicked on.

Your personal data will not be passed on to third parties and will be used solely for the abovementioned purpose.

In future you will naturally have the opportunity to de-register from our distribution list at any time by using the "Abmelden" / "Unsubscribe" link. This will cancel your consent with effect for the future. You can do this via email at: info@kurtzersa.de or in writing to: Kurtz Holding GmbH & Co. Beteiligungs KG, Zentralbereich Kommunikation (CC), Frankenstrasse 2, 97892 Kreuzwertheim.

Your data will be retained until such time as you revoke your consent and no further statutory storage deadline periods exist.

You can of course terminate this subscription at any time using the deregistration option in the newsletter, thereby rescinding your consent. Alternatively, you can terminate your newsletter subscription directly at any time via our internet site.

Web Shop (Section 6 Subsection 1 lit. b EU GDPR)

We use the data given by you in the order form only to perform or execute the contractual relationship unless you not consent to its further use.

We will observe the principle of data economy and data avoidance if you are obliged to give us only those data that we absolutely need in order to fulfil the agreement and / or fulfil our contractual obligations i.e. your name, address, email address and the payment data required for the payment methods selected, or data which we are legally required to obtain.

We will also process your IP address for reasons of technical necessity and legal safety. Without these data, we regret that we will have to decline to conclude any contracts as we will not be able to execute then or we will have to terminate an existing contract. You may naturally provide even more data on your own initiative if you wish.

Registration / Customer Accounts (Section 6, Subsection 1 (a & b) EU GDPR)

On our website we offer users the opportunity to register and provide personal data. The advantage is that you will in particular be able to see your ordering history and that the data you have given are stored for the order form. If you place a subsequent order, you will not have to enter these data again.

In other words, registration is required either to fulfil an agreement (via our online shop) with you, carry out pre-contractual measures, or registration is possible if guest access is provided.

We observe the principle of data economy and data avoidance in this context as the only data required for registration are marked with a star (*) as a required field. These data are: your email address and password, including repeating a password, for example.

For ordering in our online shop, we also need details on the invoice address (honorific, first name, last name, postal address, email address, company name, department, function). Should the delivery address differ from the invoice address, you should give the above details for the delivery address as well.

By registering at our web shop, the user's IP address, the date and the time of registration are also stored (technical background data). On pressing the "Send" button, you consent to your data being processed.

Please note that the password issued by you will be stored by us in encrypted form. Employees at our company will not be able to read this password. In other words, you are not able to give them any information. Should you forget your password, use the "Forgotten your password?" button. This means that we will receive an email from you with your email address, last name and first name. We will set up an initial password and will inform you of this via email. When you next log in again, you will need to assign yourself a new personal password.

In this case, use the "Forgotten your password?" function. This will send you a new, automatically-generated password via email. None of our employees is authorised to ask you for your password, whether by telephone or in written form. So please never tell anybody your password if you receive any such enquiries.

On concluding the registration procedure, your data will be stored with us for use in the protected customer area. When you log on to our internet site using your email address (as your user name) and your password, these data will be provided for activity by you on our internet site, e.g. for orders in our online shop). Orders placed can then be seen in your ordering history. You can make alterations to the invoicing or delivery address here.

Registered persons have the opportunity to have alterations or corrections made to their invoicing or delivery address in their ordering history by our sales department if you contact them. You can reach the relevant contact via the "Contact" button and by naming the relevant sales area.

You can of course have your registration and / or your customer account re-cancelled or deleted. To do this, just contact our sales department via email. The relevant contact can be reached via the "contact" button and then by giving the name of the sales section in question.

Payment Systems (Section 6, Subsection 1 (a & b) EU GDPR),

Credit Checks (Section 6; Subsection 1, (f) EU GDPR)

In our online shop, you are able to pay on account (invoice). To enable this, we collect the relevant payment data in order to process your order and your payment. For reasons of technical necessity and legal safety we also use your IP address.

We observe the principle of data economy and avoidance by requiring you to give us only those data that we absolutely need to process payments and thereby process your order or to collect those data that we are required to by law.

Without these data, we will be obliged to decline to conclude a contract as we will not otherwise be able to perform it.

Note on Payment by Invoice: If you place an order in our online shop, we carry out a credit check. To do this, we send the credit-related data to a credit agency via our accounting department to find out about any default risks.

Advertising Purposes: Existing Customers (Section 6, Subsection 1, (f) EU GDPR)

Kurtz Holding GmbH & Co Beteiligungs KG and its affiliated companies are interested in fostering a customer relationship with you and sending you information and offers on products in the Electronics, Production Equipment, Moulding Machines, Automation & Components business areas. We therefore use your data in order to send you relevant information and offers via email or the postal system.
If you do not want us to do this, you can object at any time to the use of your personal data for direct advertising purposes. This also applies to profiling if it is connected with direct advertising. If you object, we will no longer process your data for this purpose.

You can object without giving reasons, free of charge, without following any particular form. If possible, please contact us via email to info@kurtzersa.de or via post to: Kurtz Holding GmbH & Co Beteiligungs KG, Zentralbereich Kommunikation (CC), Frankenstraße 2, 97892 Kreuzwertheim, Germany.

Applications Portal (Section 6 Subsection 1 lit. a, b EU GDPR)

We are pleased that you are interested in working for the Kurtz Ersa Group. We are aware of the importance of your data and use the personal data you give in the application form only for the purpose of carrying out the application process effectively and correctly and for making contact in the application process. We will not pass you data on to third parties without your consent.

The application form asks you to give us your personal data. When processing it, we observe the principle of data economy and avoidance by requiring you to give us only the data that we need to thoroughly examine your application documents such your CV, your first and last names, or to obtain those data that we are legally required to by law. These compulsory details are marked with a star (*).We also process your IP address for reasons of technical necessity and legal safety.

Without these data we regret that we will be unable to examine your application documents. In this case, our applications system will prevent permit application documents from being uploaded. You naturally have the opportunity to provide other voluntary details in the application form.

We implement relevant security measures in order to protect the security and confidentiality of your data as far as possible. Your application documents are transmitted to us in encrypted form by our applications system.

We will store your data for the abovementioned purpose until the applications process has been completed and the relevant deadlines have expired – no later than after 170 days after you receive notification. However, you can let us store your documents for a longer period and compare them for other vacancies that fit your profile.

To do this, we need your consent, which you can give us by clicking on the Checkbox before uploading your application documents. In this case, we will store your data for 12 months. You can naturally rescind your consent by telephone at any time with effect for the future without giving reasons at 09342 / 807-432 or email at: Corinna.Sommer@kurtzersa.de or by post at: Kurtz Holding GmbH & Co. Beteiligungs KG, z.Hd./Att.: Frau Sommer, Frankenstr. 2, 97892 Kreuzwertheim, Germany.

Automated Individual Decisions

We use no solely automated processing procedures to arrive at decisions.

Cookies

(Section 6, Subsection 1 (f) EU GDPR)

Our website uses so-called "cookies" in several places. These are used to make our offer more user-friendly, more effective and safer. Cookies are small text files that are stored and saved on your end device.
Most of the cookies we use are so-called "session cookies". These are automatically deleted after your visit. Permanent cookies are automatically deleted from your computer when their period of validity (usually six months) is reached or if you delete them yourself before the period of validity expires.
The cookies we use are used, for example, to display our site correctly and to display images correctly.
It is therefore in our legitimate interest to set these technically necessary cookies in accordance with Art. 6 para. I lit. f EU-DS-GVO.
Most web browsers accept cookies automatically. However, you can usually change the settings of your browser if you prefer not to send the information. You can then still use the offers on our website without any restrictions.

Translated with www.DeepL.com/Translator (free version)

User Profiles / Web-Tracking Procedure

Use of Google Analytics
This website uses functions of the Google Analytics web analysis service. The provider is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Google Analytics uses so-called "cookies". Cookies are web files that are stored on your computer and analyse your use of our website. The information on your use of this website which is generated by the cookie is usually transmitted to a Google server in the USA and stored there. You can find more information on how Google Analytics handles user-data in its data protection declaration: https://support.google.com/analytics/answer/6004245?hl=en

Browser Plugin
You can prevent cookies storing data by making the corresponding changes to the settings in your browser software. However, we would point out that in this case, you may not be able to make full use of all functions on this website. You can also prevent the recording of the data generated by the cookie when you use our website and prevent Google from using and processing the data on your visit to the website (including your IP address) by downloading and installing the following browser plug-in available: https://tools.google.com/dlpage/gaoptout?hl=en

Objections to Data-Gathering
You may prevent Google Analytics from recording your data by clicking the following link. This will place an "opt-out cookie which will prevent your data from being collected by future visitors to this website: Deactivate Google Analytics

Source: eRecht24

Contract Data-Processing
We have a contract data-processing agreement with Google and we implement in full the strict guidelines of the German data protection authorities on the use of Google Analytics.

IP Anonymisation
We use the "IP Anonymisation Activation" function on this website. However, this means that Google will firstly shorten your IP address within member states of the European Union or in other member states of the Agreement on the European Economic Zone. Your full IP address will be transmitted to a Google server in the USA and abbreviated there only in exceptional cases.

Google will use this information to analyse your use of this website and compile reports on website activities on behalf of the operator of this website in order to provide it with additional services relating to the use of this website and the internet. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Use of LeadLab from Wiredminds

Our website uses the pixel-code technology of WiredMinds GmbH (www.wiredminds.de) for Analysis of visitor behaviour. The IP address of a visitor is processed. The processing is done solely for the purpose of collecting company-relevant information such as the company name. IP addresses of natural persons are excluded from further use (whitelist procedure). Under no circumstances will the IP address be saved in LeadLab.
When processing the data, it is in our special interest to protect the data protection rights of natural persons. Our interest is based on Art. 6 para. 1 lit. (f) DSGVO. The data we collect at no time allows us to draw conclusions about an identifiable person. WiredMinds GmbH uses this information to create anonymous user profiles related to the visit behaviour on our website. The data collected in this process is not used to personally identify the visitor to our website.

Exclude from Wiredminds-tracking.

Links Social Media

Links Social Media
On our website you will find links to the social media services of Facebook, Twitter, Google+, YouTube, Pinterest and Instagram. Links to the social media services websites can be recognized by the respective company logo. If you follow these links, you will reach the corporate profile of Kurtz Ersa at the respective social media service. When you click on a link to a social media service, a connection to the servers of the social media service is established. This will transmit to the servers of the social media service that you have visited our website. In addition, further data is transmitted to the provider of the social media service. These are for example:

- Address of the website on which the activated link is located
- the date and time when the website was accessed or the link was activated
- Information about the browser and operating system used
- IP address

If you are already logged in to the corresponding social media service at the time the link is activated, the provider of the social media service may be able to determine your user name and possibly even your real name from the data transmitted and assign this information to your personal user account with the social media service. You can exclude this possibility of assignment to your personal user account, if you log out of your user account before.
The servers of the Social Media Services are located in the USA and other countries outside the European Union. The data may therefore also be processed by the provider of the Social Media Services in countries outside the European Union. Please note that companies in these countries are subject to data protection laws which generally do not protect personal data to the same extent as in the member states of the European Union.
Please note that we have no influence on the scope, type and purpose of data processing by the provider of the Social Media Service. Further information on the use of your data by the social media services integrated on our website can be found in the privacy policy of the respective social media service.

Online Offers for Children

Persons under 16 years of age may not send us any personal data or make any declarations of consent without the permission of their parents or guardians. We call on all parents und guardians to take active part in the online activities und interests of their children.

Links to Other Providers

Our website also contains links – which are clearly recognisable – to the internet presences of other companies. If links to websites of other providers are present, we have no influence over this. We cannot therefore accept any guarantee or liability for this content. Each individual provider or operator of internet sites is responsible for this content at all times.

The links to these sites were checked for any possible breaches of the law und ascertainable infringements of the law when they were established. When the links to these sites were established, no illegal content was ascertainable. However, without adequate indications of breaches or infringements of the law, permanent control or checking of the linked sites is not reasonable. Where breaches or infringements of the law become known, links of this nature will be removed promptly.

Ersa Apps

If  you  have  a  smartphone or end device running  on  iOS/Android   ,  location  services need  to  be  enabled  for  your  smartphone  to  search  for  Bluetooth  signals  from  Ersa products. Please note that no location data is collected in this process.