We take the protection of your personal data very seriously when using the websites of our domain "koelln.com" as well as all subdomains (hereinafter referred to as the "website"). In the following, we will inform you about the collection, processing and use of your personal data when you visit these websites and use the services offered. "Personal data" is information about a person or information that relates to a person (e.g. name, address, postal address, telephone number, IP address) and which can be used to find out persons’ identities. Personal data is all information that refers to an identified or identifiable natural person. A natural person is considered to be identifiable if he or she can be identified directly or indirectly - in particular by assigning an identifier such as a name, identification number, location data or an online identification. The data protection law of the Federal Republic of Germany protects personal data, in particular by the General Data Protection Regulation ("GDPR").

1. Data Controller Responsible

Data Controller responsible pursuant to the General Data Protection Regulation (GDPR) is:

Peter Kölln GmbH & Co. KGaA
Westerstraße 22-24
D-25336 Elmshorn
+49 (0) 41 21 64 80
+49 (0) 41 21 66 39
contact[at]peterkoelln.de

2. Data subject rights

Insofar as we store and process your personal data, you are entitled to the following rights:

(1) Right to information pursuant to Art. 15 GDPR about the processing of your personal data by us for processing purposes, categories of processed data, recipients or recipient categories, duration of storage or criteria for determining the duration, right to correction, deletion, restriction to processing or objection to the processing, the right to lodge a complaint with the supervisory authority, information about the origin of the data and the existence of automated decision-making and, if applicable, information about guarantees pursuant to Art. 46 GDPR when transmitted to a third country or international organisations;

(2) Right to immediate rectification of incorrect or incomplete personal data pursuant to Art. 16 GDPR;

(3) Right to deletion of the stored personal data pursuant to Art. 17 GDPR if the data are no longer required in relation to the purposes for which they were collected or otherwise processed, if a given consent has been revoked and where there is no other legal ground, if there is an objection to the processing, and the data may no longer be processed pursuant to Art. 21(1) or (2) GDPR, if the data have been unlawfully processed, if the data have to be deleted for compliance with a legal obligation or if the data have been collected in relation to the offer of information society services pursuant to Art. 8 (1). This shall not apply to the extent that processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

(4) Right to restriction of processing pursuant to Art. 18 GDPR if you dispute the accuracy of the data (for the period required enabling to verify the accuracy), if the processing is unlawful, but you oppose to deletion and request the restriction of their use instead, if we no longer need the data for the purposes of processing, but you need the data to establish, exercise or defend legal claims, or if you have objected to the processing pursuant to Art. 21 (1) GDPR and pending the verification whether our legitimate reasons prevail.

(5) Right to object to the processing of your personal data pursuant to Art. 21(2) GDPR (if the data are processed for direct marketing purposes or pursuant to Art. 21(1e) or (f) GDPR) takes place on grounds relating to your particular situation unless we demonstrate compelling legitimate grounds for the processing which override your interests, or the processing serves to establish, exercise or defend legal claims).

(6) Right to data portability pursuant to Art. 20 GDPR, i.e., to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to transmit those data to another controller;

(7) Right to withdraw consent at any time pursuant to Art. 7(3) GDPR. As a result of the revocation of consent, we are no longer allowed to carry out data processing in future from the date of the revocation.

(8) Right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. The supervisory authority responsible for us can be found under clause 4.

(9) All requests for information, information inquiry or objections to data processing should be directed to the address mentioned under clause 1.

3. Automated decision-making

An automated decision-making is not used here.

4. Supervisory authority

The address of the supervisory authority responsible for us is:

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein
Holstenstrasse 98
24103 Kiel
mail[at]datenschutzzentrum.de
+49 (0) 431 988-1200
+49 (0) 431 988-1223

5. Storage of access data

(1) Each time our website is accessed, access data are stored in a log file on our provider's server.

(2) This data set includes for example your IP address, directory protection user, date, time of request, pages viewed, protocols, status code, amount of data, referrer, user agent and host name called up.

(3) These data are collected for technical reasons. Deletion takes place automatically after 7 days at the latest. The legal basis for the collection of this data is Art. 6 (1 f) GDPR. Our legitimate interest is to ensure the security and stability of our website.

6. CookieFirst Consent Manager 

We use the consent manager CookieFirst to provide legally compliant information and to query your preferences. 
This serves to comply with the legal obligations to provide evidence, such as the storage of consent or, if you do not consent, non-consent. 

With the "CookieFirst" function, we inform you about the use of cookies on our website and enable you to make a decision about their use.
Processing by CookieFirst Consent Manager:

• The anonymized IP number of the user;
• The date and time of consent;
• User agent of the end-user's browser;
• The URL of the provider; 
• An anonymous, random and encrypted key.
• The approved cookies of the user (cookie status), which serves as proof of consent.

The encrypted key and the cookie status are stored on the user's device using a cookie in order to establish the corresponding cookie status when the page is accessed in the future. This cookie is automatically deleted after 12 months. 
The legal basis for using the Consent Manager is Art. 6 (1 f) GDPR (weighing of interests) in conjunction with Art. 6 (1 c) GDPR (obligation to provide evidence).

We have concluded a processing contract with CookieFirst. This is a contract required by data protection law, which ensures that CookieFirst processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

7. Collection of personal data for informational use

(1) If you use the website for informational purposes only, i.e. if you do not log in, register or otherwise provide us with information, we do not collect any personal data, with the exception of the data mentioned under 5.2, which your browser transmits to technically enable the visit to the website.

(2) When using the website, so-called cookies are stored on your computer. Cookies are text files which are stored on your hard drive (assigned to the browser you are using) and through which certain information flows to the person who sets the cookie (in this case, to us). Cookies cannot run programmes or transmit viruses / malware to your computer.
E.g. we use cookies to identify you for subsequent visits if you have an account with us. Otherwise you would have to log in again for each visit.

This website uses cookies to the following extent:

• Session cookies (temporary use)
• Persistent cookies
• Third-party cookies (from third-party providers)

Session cookies are automatically deleted when you close the browser.
The legal basis for the use of session cookies is Art. 6 (s 1. 1 f) GDPR. It is our legitimate interest to be able to use cookies to optimise our website for users.

Persistent and third-party cookies are deleted after a specified period, which may differ depending on the cookie. We inform you about the exact storage duration of the third-party cookies on our CookieFirst Consent Manager and in the description of these cookies below.

The legal basis for persistent cookies and third-party cookies is Art. 6 (1 S. 1 a) GDPR. You may give us your consent by consent on the CookieFirst Consent Manager.

You can delete the cookies in the security settings of your browser at any time.
You can configure your browser settings according to your wishes and, e.g. refuse acceptance of cookies. However, we would like to point out that you may then not be able to use all functions of this website.

8. Use of functions of our website

(1) In addition to the purely informational use of our website, we can offer other services on the website to you which you can use if you are interested in. To do so, you usually have to provide personal data that we need and use to provide the respective service. If additional voluntary information are possible and requested by us, they are marked accordingly.

(2) When you contact us by e-mail, your e-mail address and, if you indicate this, your name and further contact details are stored with us in order to answer your questions and to enable us to remedy defects in the event of justified notices of defects.

(3) If you send us inquiries via the contact form, your details from the request form including the contact details you provided there for the purpose of processing the request are stored. We will not pass this data on to external third parties without your consent.
If your request is related to the fulfilment of a contract or is required to carry out pre-contractual measures these data are processed on the basis of Art. 6 (1 lit. b) GDPR. In all other cases, the processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 (1 lit. f) GDPR) or on your consent (Art. 6 (1 lit. a) GDPR) if this was queried.
The data you enter in the contact form will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions - especially retention periods - remain unaffected.

9. Integration of services

We use the third-party services listed below on our website.
 
It is possible that user data are also processed outside of the European Union. The US is currently assessed by the European Court of Justice as a country with an inadequate level of data protection according to EU standards. This could result in risks for users, because it can make it more difficult to enforce their own rights, for example. All non-European processors have committed to complying with the EU data protection standards.

The data of the users may possibly be processed for analysis purposes. This way, profiles can be created from the usage behaviour and the interests of the users derive thereof. These profiles can be used to, e.g. for placing of advertisements inside and outside the platforms that are likely to serve the interests of the users. For these purposes, cookies may be stored on the users' computers, through which the usage behaviour, the interests of the users and / or the length of stay are saved.

In the event of requests for information and the assertion of user rights, we would like to point out that these can be most effectively asserted with the respective providers. The providers only have access to the relevant data of the users and can directly take appropriate measures and provide concrete information.

For a detailed description of the respective processing, we refer to the following information on the respective providers.

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. These data are summarised in a user ID and assigned to the respective end device of the website visitor.

Furthermore, and among other things, Google Analytics allows us to record your mouse and scroll movements and clicks. Moreover, Google Analytics uses various modelling approaches to supplement the data records collected and uses machine learning technologies in the data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transferred to a Google server in the USA and stored there.

The use of this service is based on your consent according to Art. 6 (1 lit. a) GDPR and § 25 (1) TTDSG (German Telekommunikations-Telemedien-Datenschutzgesetz = German Telecommunications-Telemedia Data Protection Act). The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs.

IP anonymisation

We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en. 
More information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Demographic characteristics in Google Analytics

This website uses the "demographic characteristics" function of Google Analytics. This allows reports to be created that contain statements about the age, gender and interests of site visitors. These data come from interest-based advertising from Google as well as visitor data from third-party providers. These data cannot be assigned to a specific person.

You can deactivate this function at any time via the ad settings in your Google account or deactivate the collection of your data by Google Analytics on this website by deactivating the "Performance" and "Advertising" tabs in the cookie banner (call up by clicking on the blue round fingerprint symbol).

Order processing

We have concluded an order processing contract with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

Google Tag Manager

Google Tag Manager is a programme with which we can manage so-called website tags via a surface (and thus integrate e.g. Google Analytics and other Google marketing services into our online offer). The tool 'Google Tag Manager' itself is a cookie-free domain and does not collect any personal data. When you visit our website, however, provided you have given us your consent on the cookie notice banner, your IP address will be transmitted to Google as a prerequisite for the technical process.

With regard to the processing of users' personal data, reference is made to the following information about Google services. Google Tag Manager usage guidelines: www.google.com/intl/de/tagmanager/use-policy.html 

You grant us the necessary consent pursuant to Art. 6 (1 a) GDPR via the consent given on the cookie notice banner.
You can revoke your consent at any time with effect for the future by clicking on the blue round fingerprint symbol "Cookie Settings" on the bottom left of our pages or by making a corresponding declaration to us, Peter Kölln GmbH & Co. KGaA, Elmshorn. 

Note on data transfers to Google

All data transfers to Google in the USA are based on the EU standard contractual clauses. Further information can be found here: https://policies.google.com/privacy/frameworks?hl=en

10. Liability for contents

The contents of our pages were created with great care. However, we cannot guarantee that the content is correct, complete and up to date. As a service provider, we are responsible for our own content on these pages in accordance with general laws pursuant to § 7 (1) TMG. Pursuant to §§ 8 to 10 TMG, we as a service provider are not obliged to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information according to general laws remain unaffected. However, liability in this regard is only possible from the time we become aware of a specific legal violation. As soon as we become aware of such violations, we will remove such contents immediately.

11. Liability for links

Our pages may contain links to external third party websites, on whose content we have no influence. For this reason, we cannot accept any liability for this external content. The respective provider or operator of the pages is always responsible for the content of the linked pages. The linked pages were checked for possible legal violations at the time the link was created. No illegal content was discernible at the time the link was created. A permanent control of the content of the linked pages is not reasonable without concrete evidence of an infringement. As soon as we become aware of legal violations, we will remove such links immediately.

12. Data security

We secure our website and other systems with suitable technical and organisational measures against loss, destruction, access, modification or distribution of your data by unauthorised persons. Despite regular checks, complete protection against all risks is not possible.
Our website uses the industry standard TLS / SSL (Secure Sockets Layer) for encryption. This ensures the confidentiality of your personal data on the Internet. You can see whether an encrypted transmission is taking place by the closed key or lock symbol in the display of your browser.

14. Third party recipients

To deal with complaints and customer support and to enable us to process your concerns satisfactorily, we may have to pass on your personal data to third-party recipients. Third parties can be our suppliers, transport and logistics partners and our trading partners.

15. Duration of storage of personal data

Your data will be stored by us for as long as required for the respective purposes the processing is based on. In addition, we only store data if we are legally obliged to do so, e.g.  due to statutory retention requirements.

16. Information on the right to object

An objection to the processing of your personal data, based on Art. 6 (1 e) (data processing in the public interest) or (f) (data processing to protect legitimate interests based on balancing of interests) is possible at any time pursuant to Art. 21 GDPR. In the event of an objection, the personal data shall no longer be processed, unless the Controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.
Please direct your objection to the contact named under point 1 of this privacy policy ("Data Controller responsible").

17. Information on the right of revocation

If you have given us your consent to the processing of personal data, you can revoke this at any time. Of course, this also applies to declarations of consent given to us before May 25, 2018 (before the GDPR was in effect). The revocation of consent can only apply for the future. The lawfulness of the processing is not retrospectively removed by revocation. Please direct your revocation to the address mentioned under point 1.

18. Timeliness

This data protection declaration was last updated on November 15th, 2022. It is the current and valid version of our privacy policy.
However, we would like to point out that from time to time it may be necessary to revise this privacy policy due to actual or legal changes.

19. Data Protection Officer

If you have specific questions about the protection of your data, please contact the data protection officer of Peter Kölln GmbH & Co. KGaA:

Mrs Kerstin Lange
c / o Vater Solution GmbH
Boschstrasse 5
24118 Kiel
Email: dataprotection[at]peterkoelln.de