We take the protection of your personal data very seriously when using the websites of our domain "koelln.com" as well as all subdomains (hereinafter referred to as the "website"). In the following, we will inform you about the collection, processing and use of your personal data when you visit these websites and use the services offered. "Personal data" is information about a person or information that relates to a person (e.g. name, address, postal address, telephone number, IP address) and which can be used to find out persons’ identities. Personal data is all information that refers to an identified or identifiable natural person. A natural person is considered to be identifiable if he or she can be identified directly or indirectly - in particular by assigning an identifier such as a name, identification number, location data or an online identification. The data protection law of the Federal Republic of Germany protects personal data, in particular by the General Data Protection Regulation ("GDPR").
1. Data Controller Responsible
Data Controller responsible pursuant to the General Data Protection Regulation (GDPR) is:
2. Data subject rights
Insofar as we store and process your personal data, you are entitled to the following rights:
(1) Right to information pursuant to Art. 15 GDPR about the processing of your personal data by us for processing purposes, categories of processed data, recipients or recipient categories, duration of storage or criteria for determining the duration, right to correction, deletion, restriction to processing or objection to the processing, the right to lodge a complaint with the supervisory authority, information about the origin of the data and the existence of automated decision-making and, if applicable, information about guarantees pursuant to Art. 46 GDPR when transmitted to a third country or international organisations;
(2) Right to immediate rectification of incorrect or incomplete personal data pursuant to Art. 16 GDPR;
(3) Right to deletion of the stored personal data pursuant to Art. 17 GDPR if the data are no longer required in relation to the purposes for which they were collected or otherwise processed, if a given consent has been revoked and where there is no other legal ground, if there is an objection to the processing, and the data may no longer be processed pursuant to Art. 21(1) or (2) GDPR, if the data have been unlawfully processed, if the data have to be deleted for compliance with a legal obligation or if the data have been collected in relation to the offer of information society services pursuant to Art. 8 (1). This shall not apply to the extent that processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
(4) Right to restriction of processing pursuant to Art. 18 GDPR if you dispute the accuracy of the data (for the period required enabling to verify the accuracy), if the processing is unlawful, but you oppose to deletion and request the restriction of their use instead, if we no longer need the data for the purposes of processing, but you need the data to establish, exercise or defend legal claims, or if you have objected to the processing pursuant to Art. 21 (1) GDPR and pending the verification whether our legitimate reasons prevail.
(5) Right to object to the processing of your personal data pursuant to Art. 21(2) GDPR (if the data are processed for direct marketing purposes or pursuant to Art. 21(1e) or (f) GDPR) takes place on grounds relating to your particular situation unless we demonstrate compelling legitimate grounds for the processing which override your interests, or the processing serves to establish, exercise or defend legal claims ).
(6) Right to data portability pursuant to Art. 20 GDPR, i.e., to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to transmit those data to another controller;
(7) Right to withdraw consent at any time pursuant to Art. 7(3) GDPR. As a result of the revocation of consent, we are no longer allowed to carry out data processing in future from the date of the revocation.
(8) Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. The supervisory authority responsible for us can be found under clause 4.
(9) All requests for information, information inquiry or objections to data processing should be directed to the address mentioned under clause 1.
3. Automated decision-making
An automated decision-making is not used here.
4. Supervisory authority
The address of the supervisory authority responsible for us is:
5. Storage of access data
(1) Each time our website is accessed, access data are stored in a log file on our provider's server.
(2) This data set includes for example your IP address, directory protection user, date, time of request, pages viewed, protocols, status code, amount of data, referrer, user agent and host name called up.
(3) These data are collected for technical reasons. Deletion takes place automatically after 7 days at the latest. The legal basis for the collection of this data is Art. 6 (1 f) GDPR. Our legitimate interest is to ensure the security and stability of our website.
6. CookieFirst Consent Manager
We use the consent manager CookieFirst to provide legally compliant information and to query your preferences.
This serves to comply with the legal obligations to provide evidence, such as the storage of consent or, if you do not consent, non-consent.
Processing by CookieFirst Consent Manager:
- The anonymized IP number of the user;
- The date and time of consent;
- User agent of the end-user's browser;
- The URL of the provider;
- An anonymous, random and encrypted key.
- The approved cookies of the user (cookie status), which serves as proof of consent.
The encrypted key and the cookie status are stored on the user's device using a cookie in order to establish the corresponding cookie status when the page is accessed in the future. This cookie is automatically deleted after 12 months.
The legal basis for using the Consent Manager is Art. 6 (1 f) GDPR (weighing of interests) in conjunction with Art. 6 (1 c) GDPR (obligation to provide evidence).
7. Collection of personal data for informational use
(1) If you use the website for informational purposes only, i.e. if you do not log in, register or otherwise provide us with information, we do not collect any personal data, with the exception of the data mentioned under 5.2, which your browser transmits to technically enable the visit to the website.
(2) When using the website, so-called cookies are stored on your computer. Cookies are text files which are stored on your hard drive (assigned to the browser you are using) and through which certain information flows to the person who sets the cookie (in this case, to us). Cookies cannot run programmes or transmit viruses / malware to your computer.
- Session cookies (temporary use)
- Persistent cookies
- Third-party cookies (from third-party providers)
Session cookies are automatically deleted when you close the browser.
Persistent and third-party cookies are deleted after a specified period, which may differ depending on the cookie. We inform you about the exact storage duration of the third-party cookies on our CookieFirst Consent Manager and in the description of these cookies below.
The legal basis for persistent cookies and third-party cookies is Art. 6 (1 S. 1 a) GDPR. You may give us your consent by consent on the CookieFirst Consent Manager.
You can delete the cookies in the security settings of your browser at any time.
You can configure your browser settings according to your wishes and, e.g. refuse acceptance of cookies. However, we would like to point out that you may then not be able to use all functions of this website.
8. Use of functions of our website
(1) In addition to the purely informational use of our website, we can offer other services on the website to you which you can use if you are interested in. To do so, you usually have to provide personal data that we need and use to provide the respective service. If additional voluntary information are possible and requested by us, they are marked accordingly.
(2) When you contact us by e-mail, your e-mail address and, if you indicate this, your name and further contact details are stored with us in order to answer your questions and to enable us to remedy defects in the event of justified notices of defects.
(3) If you send us inquiries via the contact form, your details from the request form including the contact details you provided there for the purpose of processing the request are stored. We will not pass this data on to external third parties without your consent.
If your request is related to the fulfilment of a contract or is required to carry out pre-contractual measures these data are processed on the basis of Art. 6 (1 lit. b) GDPR. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6(1 lit. f) GDPR) or on your consent (Art. 6(1 lit. a) GDPR) if this was queried.
The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions - especially retention periods - remain unaffected.
9. Integration of services
We use the third-party services listed below on our website.
It is possible that user data are also processed outside of the European Union. The US is currently assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU standards. This could result in risks for users, because it can make it more difficult to enforce their own rights, for example. All non-European processors have committed to complying with the EU data protection standards.
The data of the users may possibly be processed for analysis purposes. This way, profiles can be created from the usage behaviour and the interests of the users derive thereof. These profiles can be used to, e.g. for placing of advertisements inside and outside the platforms that are likely to serve the interests of the users. For these purposes, cookies may be stored on the users' computers, through which the usage behaviour, the interests of the users and / or the length of stay are saved.
In the event of requests for information and the assertion of user rights, we would like to point out that these can be most effectively asserted with the respective providers. The providers only have access to the relevant data of the users and can directly take appropriate measures and provide concrete information.
For a detailed description of the respective processing, we refer to the following information on the respective providers.
This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (hereinafter referred to as "Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses so-called "cookies". These are text files that are stored on your computer or mobile device and enable an analysis of your use of the website. The information collected by cookies about your use of this website is usually transferred to a Google server in the USA and stored there. The storage of Google Analytics cookies and the use of any analysis tools only take place on the basis of a consent you may have given us as a user with a click of the mouse (e.g. consent to the storage of cookies); processing is therefore carried out exclusively on the basis of Art. 6 (1 lit. a) GDPR. As a user, you can revoke your consent to tracking at any time by deactivating the "Performance" and "Advertising" tabs in the cookie banner (accessed by clicking on the blue round fingerprint symbol on the bottom left of our pages). Alternatively, you can deactivate tracking by Google Analytics by installing the Google Analytics Opt-out Browser Add-on (see section "Browser plugin").
We have activated the IP anonymisation function on the website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before it is transmitted to the USA. The full IP address is transferred to a Google server in the USA and abbreviated there in exceptional cases only. On our behalf, Google will use this information to evaluate the use of the website by all website visitors, to compile reports on website activities and to provide other services related to website and internet use to us as the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can manage browser cookies via your browser settings. The help function of most web browsers explains how to prevent your browser from accepting new cookies, how to let your browser notify you when you receive a new cookie, how to deactivate cookies and when cookies expire. If you deactivate all cookies in your browser, neither we nor third parties will transfer cookies to your browser. In this case, you may not be able to fully use all functions of this website. However, if you do so, you may have to manually adjust some settings each time you visit a website, and some features and services may possibly not work.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
We, Peter Kölln GmbH & Co. KG as the operator of the website, have concluded a processing contract with Google, under which Google has undertaken to strictly comply with the requirements of German data protection law and, if required, any other applicable data protection standards. We ourselves comply with the legal requirements of all applicable data protection standards, in particular the requirements of the GDPR, when using Google Analytics and the data collected and stored within the scope of using Google Analytics.
Demographic characteristics on Google Analytics
The website uses "demographic features" function of Google Analytics. This allows reports to be created that contain information about the age, gender and interests of website visitors.
These data come from interest-based advertising from Google and visitor data from third-party providers. These data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account.
Data stored at Google at user and event level which are linked to cookies, user identifications (e.g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymised or deleted after 38 months. For details, see the following link: https://support.google.com/analytics/answer/7667196?hl=en
Google Tag Manager
Google Tag Manager is a programme with which we can manage so-called website tags via a surface (and thus integrate e.g. Google Analytics and other Google marketing services into our online offer). The tool 'Google Tag Manager' itself is a cookie-free domain and does not collect any personal data. When you visit our website, however, provided you have given us your consent on the cookie notice banner, your IP address will be transmitted to Google as a prerequisite for the technical process.
With regard to the processing of users' personal data, reference is made to the following information about Google services. Google Tag Manager usage guidelines: www.google.com/intl/de/tagmanager/use-policy.html
You grant us the necessary consent pursuant to Art. 6 (1 a) GDPR via the consent given on the cookie notice banner.
You can revoke your consent at any time with effect for the future by clicking on the blue round symbol "Cookie Settings" on the bottom left of our pages or by making a corresponding declaration to us, Peter Kölln GmbH & Co. KGaA, Elmshorn.
Note on data transfers to Google
All data transfers to Google in the USA are based on the EU standard contractual clauses. Further information can be found here: https://policies.google.com/privacy/frameworks?hl=en
10. Liability for contents
The contents of our pages were created with great care. However, we cannot guarantee that the content is correct, complete and up to date. As a service provider, we are responsible for our own content on these pages in accordance with general laws pursuant to § 7 (1) TMG. Pursuant to §§ 8 to 10 TMG, we as a service provider are not obliged to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information according to general laws remain unaffected. However, liability in this regard is only possible from the time we become aware of a specific legal violation. As soon as we become aware of such violations, we will remove such contents immediately.
11. Liability for links
Our pages may contain links to external third party websites, on whose content we have no influence. For this reason, we cannot accept any liability for this external content. The respective provider or operator of the pages is always responsible for the content of the linked pages. The linked pages were checked for possible legal violations at the time the link was created. No illegal content was discernible at the time the link was created. A permanent control of the content of the linked pages is not reasonable without concrete evidence of an infringement. As soon as we become aware of legal violations, we will remove such links immediately.
12. Data security
We secure our website and other systems with suitable technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. Despite regular checks, complete protection against all risks is not possible.
Our website uses the industry standard TLS / SSL (Secure Sockets Layer) for encryption. This ensures the confidentiality of your personal data on the Internet. You can see whether an encrypted transmission is taking place by the closed key or lock symbol in the display of your browser.
We would like to point out that data transmission on the Internet (e.g. when communicating by email) can have security gaps. It is not possible to completely protect data from third-party access.
13. Disclosure of data
Your personal data will only be disclosed to third parties
- if you have given your express consent pursuant to Art. 6 (1 clause 1 a) GDPR;
- if the disclosure is required to fulfil contractual obligations pursuant to Art. 6 (1 clause 1 b) GDPR
- if we are legally obliged to disclose the data for the purpose of Art. 6 (1 sentence 1 c) GDPR;
- if disclosure of the data is in the public interest for the purpose of Art. 6 (1 e) GDPR or;
- if disclosure of the data is required pursuant to Art. 6 (1 s. 1 f) GDPR in order to protect our legitimate interest or the legitimate interests of a third party, unless your interests in the protection of your data outweigh them.
14. Third party recipients
To deal with complaints and customer support and to enable us to process your concerns satisfactorily, we may have to pass on your personal data to third-party recipients. Third parties can be our suppliers, transport and logistics partners and our trading partners.
15. Duration of storage of personal data
Your data will be stored by us for as long as required for the respective purposes the processing is based on. In addition, we only store data if we are legally obliged to do so, e.g. due to statutory retention requirements.
16. Information on the right to object
An objection to the processing of your personal data, based on Art. 6 (1 e) (data processing in the public interest) or (f) (data processing to protect legitimate interests based on balancing of interests) is possible at any time pursuant to Art. 21 GDPR. In the event of an objection, the personal data shall no longer be processed, unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
17. Information on the right of revocation
If you have given us your consent to the processing of personal data, you can revoke this at any time. Of course, this also applies to declarations of consent given to us before May 25, 2018 (before the GDPR was in effect). The revocation of consent can only apply for the future. The lawfulness of the processing is not retrospectively removed by revocation. Please direct your revocation to the address mentioned under point 1.
19. Data Protection Officer
If you have specific questions about the protection of your data, please contact the data protection officer of Peter Kölln GmbH & Co. KGaA:
Mrs Kerstin Lange
c / o Vater Solution GmbH