Data protection

KORDA-Ladenbau GmbH More information on data protection

KORDA-Ladenbau GmbH (hereinafter referred to as the Operator) appreciates your interest in our company and our products and services, and wants to ensure you feel secure about how your personal data is protected within our company.

Protecting user privacy is key, in particular to ensuring the future of web-based business models and developing a web-based economy. We have provided this data protection declaration to underscore our commitment to protecting your privacy.

Our employees and the service companies we employ are obligated to maintain confidentiality and to comply with the regulations of the General Data Protection Regulation and other relevant data protection provisions.

Personal data of data subjects, such as a name, address, e-mail address or telephone number, is always processed in accordance with the General Data Protection Regulation and in compliance with national data protection laws applicable to the Operator. This data protection declaration is designed to inform the public about the type, scope and purpose of the personal data we collect, use and process. In addition, it is intended to inform data subjects about their rights in relation to data processing.

As a controller, the Operator has taken a wide range of technical and organizational measures to ensure the most seamless possible protection for the personal data processed through this website. However, web-based data transmissions may be subject to gaps in security, and there is no way to guarantee absolute protection for your data. Because of this, all data subjects are also welcome to transmit personal data to us through alternative means, for instance by telephone or by mail.

We take the protection of your personal data seriously and strictly comply with the regulations of data protection laws.

Definitions

The Operator's data protection declaration uses terms defined by European directives and legislatures when the General Data Protection Regulation (GDPR) was enacted. Our data protection declaration should be easy to read and understand for the general public, our guests, and our business partners. To ensure this, we would like to define the terms we use in this declaration in advance.

The following are some of the terms used in this data protection declaration:

Personal data

Personal data is all information that refers to an identified or identifiable natural person (hereinafter referred to as a “data subject”). A natural person is considered identifiable if they can be identified either directly or indirectly, in particular by being associated with an identifier like a name, an ID number, location data, an online ID or one or more specific features that express the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person.

Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

Processing
Processing is any procedure or series of procedures carried out using automated processes associated with personal data, such as collecting, recording, organizing, ordering, storing, adjusting or changing such data, reading data out, querying data, using data, disclosing it through transmission, distribution or any other form of delivery, comparing or linking the data, and restricting, deleting, or destroying it.

Restriction of processing
Restriction of processing is marking stored personal data for the purpose of restricting its future processing.

Profiling
Profiling is any kind of automated processing of personal data that consists of using this personal data in order to analyze any personal aspect of any natural person, in particular to analyze or predict aspects related to that person's work performance, economic position, health, personal preferences, interests, reliability, behavior, residence or change in location.

Pseudonymization
Pseudonymization is processing personal data in such a manner so that the personal data can no longer be associated with a specific data subject unless further information is added, if this additional information is stored separately and if technical and organizational measures are taken to ensure that the personal data cannot be associated with an identified or identifiable natural person.

Controller
The controller is the natural or legal person, official agency, institution or other entity that makes decisions on the purposes and methods used for processing personal data either alone or in conjunction with other entities. If the purposes and methods used for this processing are stipulated by EU law or by the law of its member states, the controller or the specific criteria for naming the controller may be stipulated by EU law or by the law of the member state.

Processor
A processor is a natural or legal person, official agency, institution or other entity that processes personal data on behalf of the controller

Recipient
A recipient is a natural or legal person, official agency, institution or other entity to which personal data may be disclosed, regardless of whether it is a third party or not. Official agencies that may receive personal data as part of a specific investigation under EU law or the law of the member states, however, are not considered recipients.

Third party
A third party is a natural or legal person, official agency, institution or other entity besides the data subject, the controller, the processor and persons authorized to process the personal data under the direct responsibility of the controller or processor.

Consent
Consent is any informed approval granted voluntarily by the data subject for the specific instance in an unmistakable manner, in the form of a declaration or another clear confirmatory action by which the data subject indicates that he or she is in agreement with processing of their personal data (for instance contacting us via the contact form).

Legal basis of processing

Art. 6 I lit. a serves as the legal basis for data processing if we have obtained consent for a specific processing purpose. If the personal data must be processed to fulfill a contract to which the data subject is a contractual party, as is the case, for instance, for processing necessary to deliver goods or to perform other services or return services, then the processing is based on Art. 6 I lit. b GDPR. The same applies to other processing necessary to carry out pre-contractual measures, for instance if a data subject submits an inquiry regarding our products or services. If our company is subject to a legal obligation that requires us to process personal data, for instance to fulfill tax-related obligations, then the processing is based on Art. 6 I lit. c GDPR. In rare cases, it may be necessary for us to process personal data in order to protect the vital interests of the data subject or another natural person. If processing is based on a legitimate interest, then it is carried out pursuant to Art. 7 I lit. f.

Rights of data subjects

If the data subject would like to assert one or more of the following rights, then they may contact our Data Protection Officer or another employee of the controller at any time to do so

Right to confirmation
All data subjects have the right, granted under European directives and by the legislature, to request a confirmation from the controller of whether it processes their personal data. If a data subject would like to take advantage of this right to confirmation, they can contact our Data Protection Officer or another employee of the controller at any time to do so.

Right to information
All data subjects whose personal data is processed have the right, granted by European directives and the legislature, to request information free of charge on the personal data saved about them by the controller, and to receive a copy of said information. Furthermore, European directives and the legislature specify that the data subject must be provided information on the following:s

  • the purposes of processing
  • the categories of personal data that are processed
  • the recipients or categories of recipients to whom personal data has been disclosed or will be disclosed, in particular recipients in third countries or international organizations
  • if possible, the planned duration for which personal data will be stored or, if this is not possible, the criteria for determining this duration
  • the existence of their right to rectification or deletion of their personal data or to restrict processing by the controller, or the right to object to said processing
  • the existence of their right to submit complaints to a supervisory authority
  • if the personal data was not collected from the data subject: all available information on the origin of the data
  • the existence of any automated decision-making processes, including profiling in accordance with Article 22 para. 1 and 4 GDPR and – at least in such cases – clear information on the logic involved as well as the scope and intended effects of such processing for the data subject

Furthermore, the data subject has the right to receive information on whether their personal data has been transmitted to a third country or an international organization. If this is the case, then the data subject furthermore has the right to receive information on relevant guarantees related to the transmission.s

Right to rectification
Any data subject whose personal data is processed has the right, granted by European directives and the legislature, to request prompt rectification of their incorrect personal data. Furthermore, data subjects have the right to request that incomplete personal data be supplemented, in consideration of the purpose of processing – including via a supplementary declaration.

Right to deletion (right to be forgotten)
Any data subject whose personal data is processed has the right, granted by European directives and the legislature, to request that the controller promptly delete their personal data if one of the following reasons apply, and if the processing is not required:

  1. Personal data was collected for such purposes or processed in any other manner for which it no longer required
  2. The data subject revokes the consent upon which the processing is based in accordance with Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR, and there is no other legal basis for processing.
  3. The data subject submits an objection to the processing in accordance with Art. 21 para. 1 GDPR, and there are no legitimate grounds for processing that take priority, or the data subject objects to the processing in accordance with Art. 21 para. 2 GDPR.
  4. Personal data was processed illegally.
  5. Personal data must be deleted to fulfill a legal obligation under EU law or the law of the member states to which the controller is subject.
  6. Personal data was collected in relation to information society services in accordance with Art. 8 para. 1 GDPR.

If personal data was publicized by the Operator, and if our company is obligated to delete the personal data in accordance with Art. 17 para. 1 GDPR, then the Operator shall take appropriate measures, including technical measures in line with available technology and implementation costs, to inform other controllers responsible for data processing that the data subject has requested that these other controllers delete all links to this personal data or copies or duplicates of this personal data, insofar as the processing is not required. The Operator's Data Protection Officer or another employee shall do whatever is necessary in the individual case to do so.

Right to restrict processing
Any data subject whose personal data is processed has the right, granted by European directives and the legislature, to request that the controller restrict processing if one of the following applies:

  1. The data subject disputes that the personal data is correct for a long enough period allowing the controller to review the correctness of the personal data.
  2. Processing is illegal, the data subject rejects deletion of the personal data, and instead requests a restriction to the use of the personal data
  3. The controller no longer requires the personal data for the purposes of processing, although the data subject requires it to assert, exercise or defend against legal claims.
  4. The data subject has submitted an objection to processing in accordance with Art. 21 para. 1 GDPR, and it is not yet clear whether the legitimate interests of the controller outweigh those of the data subject.

Right to data portability
Any data subject whose personal data is processed has the right, granted by European directives and the legislature, to receive their personal data which the data subject has provided to a controller in a structured, commonly used and machine-readable format. Furthermore, they have the right to transmit this data to another controller without being prevented from doing so by the controller to whom the personal data was provided, insofar as processing was based on their consent in accordance with Art. 6 para. 1 letter a GDPR or Art. 9 para. 2 letter a GDPR, or on a contract in accordance with Art. 6 para. 1 letter b GDPR, and the processing is carried out via automated procedures, if the processing is not necessary to carry out any task that is in the public interest or for the public good as assigned to the controller.

Furthermore, in exercising their right to data portability according to Art. 20 para. 1 GDPR, data subjects have the right to ensure that personal data is transmitted directly from one controller to another, insofar as this is technically feasible and this does not affect the rights and freedoms of any other persons.

Right to object
Any data subject whose personal data is processed has the right, granted by European directives and the legislature, to object to the processing of their personal data in accordance with Art. 6 para. 1 letters e or f GDPR for reasons related to their personal situation. This also applies to any profiling carried out based on this provision.

If an objection is submitted, the Operator will no longer process the personal data, unless we have protected mandatory reasons for the processing that outweigh the interests, rights and freedoms of the data subject, or if the processing is carried out in order to assert, exercise or defend against legal claims.

If the Operator processes personal data for the purpose of direct advertisement, then the data subject shall have the right to object to processing of their personal data for the purpose of such direct advertisement. This also applies to profiling, insofar as it is associated with such direct advertisement. If the data subject submits an objection to the operator regarding this processing for the purpose of direct advertisement, then the Operator shall no longer process the personal data for this purpose.

Furthermore, the data subject has the right to object to the processing of their personal data, which the Operator carries out for academic or historical research purposes or for statistical purposes in accordance with Art. 89 para. 1 GDPR, unless such processing is required to fulfill their duties which are in the public interest.

Data subjects are furthermore entitled to exercise their right to object via an automated process using technical specifications in conjunction with information society services, regardless of directive 2002/58/EC.

Automated decisions, including profiling
Any data subject whose personal data is processed has the right, granted by European directives and the legislature, to not be subject to any decision-making process which is based solely on automated processing – including profiling – if said decision would have legal effects for them or significantly impact them in some other manner, insofar as the decision is (1) not necessary to conclude or fulfill a contract between the data subject and the controller or (2) is permitted under the legal regulations of the EU or its member states to which the controller is subject, and if these legal regulations contain appropriate measures to safeguard the rights, freedoms and legitimate interests of the data subject or (3) is carried out with the express consent of the data subject.

If the decision is (1) required to conclude or fulfill a contract between the data subject and the controller or (2) completed with the express consent of the data subject, then the Operator shall take appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the data subject, including at least the right for the controller's personnel to be involved in the decision and the rights to disclose their own position and to contest the decision.

Right to revoke consent under data privacy law
Any data subject whose personal data is processed has the right, granted by European directives and the legislature, to revoke their consent to the processing of their personal data at any time.

Use and transmission of personal data

Personal data that you share with us through our website or in some other manner is collected, processed and stored in order to correspond with you for the purpose for which you provided us the data. Furthermore, we may use this data to provide you with occasional offers and to inform you about new products or services or other information which may interest you. You can contact excite@korda.de to this use of your data at any time by informing us, for instance via an e-mail.

We only transmit personal data to third parties if this is necessary to perform our own services. The third party provider may only use this personal data to provide the requested service or carry out the necessary transaction, which it will do so on our behalf. We obligate our service providers to comply with data protection laws. We never transmit, sell, or otherwise your personal data to third parties for marketing purposes.

The Operator may be forced to disclose your data and associated information based on a court or official order. Furthermore, we reserve the right to use your data to assert or defend against legal claims. In accordance with applicable law, we furthermore reserve the right to store and transmit personal and other data in specific instances in order to identify and combat illegal actions, attempted fraud, or other violations of the Operator’s Terms of Use.

Website contact options

As required by law, our website includes information allowing you to contact us quickly via electronic means and to communicate directly with us. We have provided a general e-mail address for this purpose. If a data subject contacts the processor via e-mail or using the contact form, then the personal data provided by the data subject will be saved automatically. Such personal data provided voluntarily by a data subject to the controller will be stored for the purpose of processing the inquiry or for contacting the data subject. This personal data will not be provided to third parties.

Secure online communication

We take technical and organizational measures to transmit and store your data in such a way that it is not accessible to third parties.

In general, however, there is no way to ensure absolute security online. In comparison to communication by phone, for instance, data transmitted online is easier for third parties to detect, record, or even modify.

To ensure our communications with you remain confidential, we use AES 256 bit SSL encryption. Based on current state of the art technology, this form of encryption is considered secure, and newer generation operating systems and browsers support this level of security. You may need to upgrade your PC's operating system and browser to take advantage of this high-level encryption technology.

If you send us non-encrypted e-mail communications, it may not be possible to ensure complete data security. We recommend sending us confidential information by mail.

Data processing on this website

For security-related and technical reasons, the Operator automatically processes information in its system protocols that your browser sends to us. This information includes, primarily:

  • Browser type / version
  • Operating system used
  • The URL (website) accessed on our systems
  • Referrer URL (the website that referred you to our website)
  • Host name and complete IP address of the accessing computer
  • Date and time of access
  • Accessed data volume and data types.

We do not combine this data with other data sources,
nor do we carry out any statistical evaluations based on this data.

A note on IP addresses: IP addresses are required for our servers to transmit the website and other data to your browser. IP addresses serve as the “addresses” for information you request from our web servers, however under the law they are also considered personal data. Therefore, we only use them to the extent that this is required for technical reasons.

Cookies

Several areas of our website use cookies. Cookies are small text files stored on your computer and saved by your browser. They serve to make our website more user-friendly, more effective, and more secure.

We use the following cookies:

  • PHPSESSID: Required to create the user session; contains a 32-character alphanumeric string, and is deleted when you close your browser

Most of the cookies we use are called “session cookies” (such as the cookie “PHPSESSID”) and are valid for your user session. They are deleted automatically after the end of your visit (when you close your browser). All cookies on our website contain technical information in an anonymized or pseudonymized form, and do not contain any personal data.

If you would like to prevent cookies from being saved, you must select “Do not accept cookies” in your browser settings. If your browser does not accept cookies, however, the functionality of our website may be severely restricted. Some functions will no longer be available to you.

Web analytics with Matomo (formerly. Piwik)

User actions on our website are recorded and analyzed using the tracking software Matomo (www.matomo.org). User IP addresses are saved anonymously for this purpose, meaning the last two octets in the IP address are replaced by a 0. This means that the collected data cannot be traced back to any particular individual.

We only use the tracking software to adjust our website to current technical requirements and to optimize our website for users. Data is not transmitted to third parties.

The tracking software is operated on a separate, encrypted server by a partner company located in Germany. Statistical data and any personal data (for instance via a registration or contact form) is therefore stored separately on different servers. This makes it absolutely impossible to link personal data and statistical data.

Objections

You have the right to object to the collection of anonymized data by Mamoto.

The objection will be stored in the form of an opt-out cookie, so that you will need to declare your desire to opt-out once again, for instance, if you delete all browser cookies.

Use of YouTube in expanded data protection mode

We use the provider YouTube to integrate videos. These videos are embedded in expanded data protection mode. If this is not technically possible (for instance due to display logics or video controls), then we use a two-click solution to do so. In this case, we will explicitly inform you in advance that we use YouTube to play the video.

Like most websites, YouTube uses cookies to collect information about visitors to its website. YouTube uses such information, for instance, to record video statistics, prevent fraud, and improve user-friendliness. The collection of such information also creates a connection to the Google DoubleClick network. When you launch a video, this may trigger further data processing procedures. Further information about data protection at YouTube is available at: www.youtube.com/youtube-privacy

Routine deletion and blockage of personal data

The controller processes and stores personal data of data subjects only for the length of time necessary to achieve the purpose for which the data was stored, or if required by European directives and legislatures or by another legislature in the law or in regulations to which the controller is subject.

If the purpose for which the data was stored no longer applies, or if an archiving term stipulated by European directives or legislatures or another responsible legislature expires, then the personal data is blocked or deleted based on routine statutory retention periods.

Term for storing personal data

Personal data is stored for as long as required by applicable statutory retention periods. After the end of this period, data is deleted routinely if it is no longer required to fulfill or to initiate a contract.

Updates to this data protection declaration

If the Operator introduces new products or services, changes its web processes, or if the website and IT security technology in use is developed further, then this data protection declaration will be updated. Therefore, we reserve the right to amend or supplement this declaration as necessary. We will publish changes on this website. This declaration was last updated in November 2019

Right to information / deletion and amendment of personal data

If you have questions that were not answered by this data protection declaration, or if you would like further information on any point, please contact us.

If you no longer consent to the storage of your personal data, or if your data is no longer correct, we will correct, block or delete your data in accordance with the law if you request that we do so. Upon request, we will provide you with information on the personal data we have stored on you. To receive this information, please contact:

KORDA-Ladenbau GmbH
Max-Planck-Straße 116
32107 Bad Salzuflen, Germany

Tel:+49 (0)5232 6006-0
E-Mail:excite@korda.de

Please note that we will require personal proof of identification from you if you request information on your stored data from us.

Data Protection Officer

If you have general questions on how we collect, process or use your personal data, or if you would like general information on data protection, please write to:

KORDA-Ladenbau GmbH
Max-Planck-Straße 116
32107 Bad Salzuflen, Germany

Tel:+49 (0)5232 6006-0
E-Mail:excite@korda.de