DE EN

Data Protection

Kappa optronics GmbH

Foreword

Data Privacy Notice for Kappa optronics GmbH

We, Kappa optronics GmbH, including our subsidiaries (hereafter referred to in common as: “the company”, “we” or “us”) take the protection of your personal data seriously. Our data privacy notice is modularly constructed. It consists of a general section covering the processing of personal data that comes into use every time a web page is accessed (A. General) and a special section, the content of which relates only to the processing situation specified therein. with a description of the respective offer or product.

In order to locate the sections which are applicable to you, please note the following overview of this data privacy notice’s organization:

Contents

Foreword. 1

A. General 2

(1) Definition of Terms. 2

(2) Name and Address of the Party Responsible for Processing. 3

(3) Data Protection Officer’s Contact Information. 3

(4) Legal Bases of Data Processing. 4

(5) Data Erasure and Duration of Storage. 4

(6) Data Security. 4

(7) Work with Contracted Processors. 4

(8) Prerequisites for Transfer of Personal Data to Third Countries. 4

(9) No Automated Decision Making (Including Profiling) 5

(10) Obligation to Provide Personal Data. 5

(11) Legal Obligation to Transfer Certain Data. 5

(12) Your Rights. 5

(13) Changes to the Data Privacy Notice. 6

B. Web Page Visits. 6

(1) Explanation of Function. 6

(2) Processed Personal Data. 6

1. Log Data. 7

2. Consent using Usercentrics. 7

3. Hosting. 8

(3) Forms, E-Mail Communication. 8

(4) Duration of the Data Processing. 8

(5) Transmission of Personal Data to Third Parties; Legal Basis. 8

(6) Use of Cookies, Plugins, and Other Services on Our Website. 9

a) Cookies. 9

c) YouTube with Expanded Data Privacy. 9

d) Google Maps. 10

(9) Analysis Tools and Advertising. 11

Google Tag Manager 11

Google Analytics. 11

Google Ads. 12

Google Conversion Tracking. 12

(10) Registration on this Website. 13

C. Newsletter 13

Mailingwork. 14

D. ION CRM.. 14

E. Microsoft 365. 15

F. Processing of Customer Data (Request for Proposal/Tender, Contract Initiation, Contract Conclusion and Postcontractual Data Processing) 17

Data Categories. 17

Duration of Storage. 17

Legal Basis. 17

Data Reconciliation with the Financial Sanctions List 18

G. Social Media. 18

LinkedIn Plugin. 19

Google My Business. 19

H. Applications. 20

I. Events and Trade Fairs. 22

1. Purpose and Legal Foundation of Processing. 22

2. Duration of Storage and Logout 22

3. Necessity of Supplying Personal Data. 22

 

A. General

(1) Definition of Terms

Following the model set forth by Art. 4 of the GDPR, the following term definitions underlie this data privacy notice:

–   "personal data" (Art. 4 Par. 1 of the GDPR) is all information that relates to an identified or identifiable natural person (“data subject”). A person is identifiable if she/he/they can be identified directly or indirectly, particularly by means of connection to an identifier such as a name, identification number, online identifier, location data, or with the aid of information regarding the person’s physical, physiological, genetic, psychological, economic, cultural or social identifying characteristics. Identifiability can also exist as a connection to such information or to other supplementary knowledge. Neither the manner in which the information comes to be, nor the form or embodiment of the information is of consequence (even photographs, video and/or audio recordings can contain personal data).

–   "processing" (Art. 4 Par. 2 of the GDPR) refers to any operation by which personal data is handled, whether or not by automated means (i.e., those supported by technology). This particularly encompasses the collection (i.e., acquisition), recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction of personal data as well as the alteration of a definition of goal or purpose which originally formed the basis of the data processing.

–   "controller" (Art. 4 Par. 7 of the GDPR) is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

–   "third party" (Art. 4 Par. 10 of the GDPR) is any natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data; this also includes other persons who are legally affiliated with companies so involved.

–   "processor" (Art. 4 Par. 8 of the GDPR) is any natural or legal person, public authority, agency or body that processes personal data on behalf of the controller, particularly according to the instructions of the controller (i.e., IT service providers). As regards data privacy, a processor is notably not a third party.

–   "consent" (Art. 4 Par. 11 of the GDPR) of the data subject refers to any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which she/he/they, by a statement or clear affirming action, signifies agreement to the processing of personal data relating to her/him/them.

(2) Name and Address of the Party Responsible for Processing

We are the controller responsible for processing personal data in accordance with Art. 4 Par. 7 of the GDPR:

Kappa optronics GmbH

Kleines Feld 6

37130 Gleichen

GERMANY

Telephone +49 5508 974-0

Fax +49 5508 974- 188

E-Mail: info@kappa-optronics.com

Website: www.kappa-optronics.com

Further information on our company can be found in the imprint details on our Internet page:

www.kappa-optronics.com/en/about-this-site/

(3) Data Protection Officer’s Contact Information

Our data protection officer is at your disposal at any time to respond to any questions or for consultation. Contact information is:

Kappa optronics GmbH

Data Protection Officer

Kleines Feld 6

37130 Gleichen

GERMANY

Telephone +49 5508 974-0

E-Mail: datenschutz@kappa-optronics.com

(4) Legal Bases of Data Processing

We only process your personal data if we have a legal basis for doing so.

For the processing operations carried out by us, we indicate the applicable legal basis in each case below. A processing operation may also be based on several legal bases.

(5) Data Erasure and Duration of Storage

For the processing operations that we undertake, in the following we state how long the data is stored in our facility in each case and when it is erased or locked. Provided that no express duration of storage is subsequently indicated, your personal data is erased or locked as soon as the purpose or legal basis for storage lapses. Storage of your data occurs in general only on our servers in Germany, subject to any transfer or disclosure as needed in accordance with the regulations in A (7) and A (8).

However, storage can extend beyond the time given in the event of a (threatened) legal dispute with you, or of another legal proceeding, or if storage is foreseen due to legal regulations to which we as the controller are subject (for example, Par. 257 of the German Commercial Code, Par. 147 of the Regulation of Taxation). If the storage period prescribed by legal regulations lapses, blocking or erasure of the personal data will occur, unless a legal basis exists which requires that we continue to store it.

(6) Data Security

We make use of appropriate technical and organizational security measures in order to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or unauthorized access by third parties (i.e., TLS encryption for our website) taking into account the state of the technology, implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach (including the probability and effects thereof) for the data subject. Our security measures are continually being improved pursuant to technological development.

We are happy to provide more information on this topic upon request; please contact our data protection officer (see A (3)).

(7) Work with Contracted Processors

As with any large company, we rely upon external domestic and international service providers (for example, for the areas of IT, logistics, telecommunications, sales, and marketing) to handle our business activities. These providers act solely in accordance with our instructions and are contractually obligated pursuant to Art. 28 of the GDPR to observe all legal regulations.

Insofar as personal data from you are passed on to our subsidiaries or from our subsidiaries to us (for example, for promotional purposes), this takes place based upon existing order processing relationships.

(8) Prerequisites for Transfer of Personal Data to Third Countries

Within the context of our business relationships, your personal data may be disclosed or revealed to third-party organizations which may be located outside of the European Economic Area (EEA), and thus in third countries. Processing of this sort occurs exclusively to fulfill contractual and business obligations and to build and maintain your business relationship with us. We will inform you subsequently of the details in question regarding this disclosure at points when such is relevant.

The European Commission certifies data protection comparable to the EEA standard for some third countries using so-called adequacy decisions (a list of these countries as well as a copy of the adequacy decisions can be found here: ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, in other third countries, into which personal data is transferred as needed, it is possible that such consistently high levels of data protection do not exist, potentially due to lacking statutory provisions. In such cases, we make certain that data protection is sufficiently guaranteed. This is possible using binding company legislation, standard contractual clauses of the European Commission for the Protection of Personal Data, certificates, or recognized codes of conduct. Please contact our data protection officer (see A. (3)) if you would like more information on this topic.

(9) No Automated Decision Making (Including Profiling)

We do not intend to use personal data collected from you for automated decision-making processes (including profiling).

Profiling

(10) Obligation to Provide Personal Data

Within the context of our business relationship, you must make personal data available that is necessary for establishing and maintaining the corresponding business relationship and for fulfilling the contractual obligations attached therewith, or that we are legally obligated to collect. Without this data, we will generally not be in a position to enter into a business relationship with you or to fulfill the obligations that would result from it.

(11) Legal Obligation to Transfer Certain Data

We may potentially be subject to a particular legal obligation to provide personal data processed legally for third parties, to public authorities in particular (Art. 6 Par. 1 Sect. 1 (c) of the GDPR).

(12) Your Rights

You may assert your rights as a data subject with regard to your processed personal data at any time using the contact information provided earlier under A. (2). As a data subject, you have the right:

–   to demand information about the data processed by us in accordance with Art. 15 of the GDPR. In particular, you may demand information regarding the purpose of processing, category of data, categories of recipients to whom your data is or has been disclosed, the planned duration of storage, the existence of a right of rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data, provided it was not collected by us, as well as of the existence of automated decision making including profiling and, as applicable, meaningful information regarding its details;

–   pursuant to Art. 16 of the GDPR, to demand rectification of incorrect data or the completion of incomplete data that we have stored;

–   pursuant to Art. 17 of the GDPR, to demand the erasure of your data that we have stored, insofar as processing is not necessary for the exercise of the right of free expression and information, to fulfill a legal obligation, for reasons of public interest, or to establish, exercise or defend a legal claim;

–   pursuant to Art. 18 of the GDPR, to demand the restriction of processing of your data, provided that you contest the accuracy of the data or the processing is unlawful;

–   pursuant to Art. 20 of the GDPR, to receive your data that you have made available to us in a structured, commonly used and machine-readable format or to demand that the data be transmitted to another controller (“data portability);

–   pursuant to Art. 21 of the GDPR, to lodge an objection, provided that the processing occurs on the basis of Art. 6, Par. 1, Sect. 1 (e) or (f) of the GDPR.  This applies in particular if the processing is not necessary to fulfill a contract with you. Provided that it does not concern an objection against direct marketing, we ask that, when exercising such an objection, you provide the reasons why we should not process your data as we otherwise would. In the event of your justified objection, we then review the situation and either cease or modify the processing, or demonstrate to you the compelling reasons worthy of protection on which basis we will continue the processing;

–   pursuant to Art. 7 Par. 3 of the GDPR, to withdraw your consent from us at any time, provided that such consent had previously been granted (even prior to applicability of the GDPR, i.e., prior to 25 Dec 2018) — consent was freely given, informed and unambiguous in the form of a declaration or another clear, confirming act that you are/were in agreement with the processing of affected personal data for one or more specific purposes. As a result, we will no longer be permitted to continue the data processing based upon this consent, and

–   pursuant to Art. 77 of the GDPR, to lodge a complaint with a supervisory data privacy authority regarding the processing of your personal data in our company, with the supervisory data privacy authority responsible for us:

The Lower Saxony Federal State Office for Data Protection
Postfach 221, 30002 Hannover
Prinzenstraße 5, 30159 Hannover
Telephone: (0511) 120-4500, Monday, Wednesday, Friday 9:00 AM -12:00 PM CET, at all other times: Answering Machine
Fax: 0511 120-4599
E-Mail: poststelle@lfd.niedersachsen.de

(13) Changes to the Data Privacy Notice

In the context of continued development of data protection law as well as of technological or organizational changes, our data privacy statement will be reviewed regularly for needed modification or amendment. You will be notified of changes on our website particularly at https://www.kappa-optronics.com . This data privacy notice is current as of April 2021.

 

B. Web Page Visits

(1) Explanation of Function

Our website provides information about our company, areas of activity, offers and the ability to contact us. When visiting our web pages, personal data from you may be processed.

(2) Processed Personal Data

When using web pages for information purposes, the following categories of personal data are collected, stored and processed by us:

1. Log Data

When you visit our web pages, a so-called server log file is stored temporarily and anonymously on our web server which consists of:

–   the page from which the page was requested (the so-called referrer URL)

–   the name and URL of the requested page

–   the date and time of the request

–   the description of the type, language, and version of the web browser used

–   the IP address of the requesting computer, abbreviated such that a personal connection can no longer be established

–   the amount of data transferred

–   the operating system

–   notice whether the request was successful (access status/HTTP status code)

–   the GMT time zone difference

Processing log data serves statistical purposes and to improve the quality of our website, particularly the stability and security of the connection (legal basis is Art. 6 Par. 1 Sect. 1 (f) of the GDPR). These files are erased within 4 days.

2. Consent using Usercentrics

This website uses a consent tool from Usercentrics to secure and document your consent to store certain cookies on your end device or to use particular technologies to secure and document same. The provider of this tool is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany; website:

usercentrics.com/de/ (hereafter referred to as “Usercentrics”).

When you access our website, the following personal data will be transmitted to Usercentrics:

your consent and revocation of same

your IP address

information about your browser

information about your end device

time of your website visit

Furthermore, Usercentrics will store a cookie on your browser in order to be able to match your consents granted as well as their withdrawal to you. Data recorded in this manner is stored until you request its erasure, the Usercentrics cookie itself erases it, or the purpose of the data storage lapses. Compelling legal storage requirements remain unaffected.

Usercentrics’ services are used in order to secure the legally required consent for use of certain technologies. The legal basis in this matter is GDPR Art. 6 Par. 1 (c).

We have signed a processing contract with the provider to ensure the provider’s adherence to legal data privacy regulations.

3. Hosting

Our website is hosted by an IT service provider.

Löwenstark Digital Solutions GmbH, Petzvalstr.38, 38104 Braunschweig, GERMANY

We have executed a data processing agreement with the hosting provider.

(3) Forms, E-Mail Communication

If you would like to establish contact with Kappa, we are at your disposal via communication channels such as telephone, email, and various online forms. Within the context of such forms, the following data will be requested, depending upon the form:

form of address, title, name, first name, last name/surname, email address, company, company contact data, website company, job title, department, industry (key code), company contact address, entered text, check/validation, customer number, password, Kappa News subscription.

Contact form data is processed to handle customer inquiries (legal basis is Art. 6, Par. 1, Sect. 1 (b) or (f) of the GDPR).

Provided that you establish contact with us via email or a contact form, the personal data you transmit is processed on the one hand by the web server and on the other hand by our email server and subsequently stored automatically. Such personal data supplied by you to us on a voluntary basis is stored for purposes of processing or for contact with the data subject. This personal data is not transferred to third parties. The duration of storage depends upon the corresponding purpose and content of the message.

(4) Duration of the Data Processing

Your data is processed for only so long as is necessary to achieve the processing objectives stated above; to this point, the legal bases indicated within the context of the purposes of the processing are correspondingly valid.

Third parties engaged by us will store your data on their system for as long as is necessary in conjunction with the performance of services for us in accordance with the assignment in question.

(5) Transmission of Personal Data to Third Parties; Legal Basis

The following categories of recipients who as a rule are processors receive access to your personal data as applicable:

–   service providers in order to operate our website and process data stored by the systems or transmitted (i.e., for computing center capacity, payment processing, IT security) . Legal basis for this transfer is Art. 6 Par. 1 Sect. 1 (b) or (f) of the GDPR provided that it does not involve a processor;

–   state offices/authorities, insofar as this is necessary to perform our services for one and to fulfill a legal requirement for another. Legal basis for this transfer is Art. 6 Par. 1 Sect. 1 (c) of the GDPR:

–   persons or entities engaged to conduct the operation of our business, (such as auditors, banks, insurance, attorneys, supervisory authorities, parties involved in corporate acquisitions or the establishment of joint ventures). Legal basis for this transfer is Art. 6 Par. 1 Sect. 1 (b) or (f) of the GDPR.

  • IT service providers as well as Software as a Service (SaaS) providers, Art. 6 Par. 1 Sect. 1 (a) or (f) GDPR.

For guarantees of appropriate level of data protection for data transfer to third-party countries, see A. (8).

Moreover, we transfer your personal data to third parties only if you have expressly granted consent pursuant to Art. 6 Par. 1 Sect. 1 (a) of the GDPR.

(6) Use of Cookies, Plugins, and Other Services on Our Website

a) Cookies

We use cookies on our website. Cookies are small text files that are stored within your browser and which generate a unique identifier; specific information is contained within the cookie’s identifier that is transmitted to the website’s server. Cookies cannot execute programs or transfer viruses to your computer and as such cannot do any damage. They serve to make our Internet product more user friendly and effective overall, and more pleasant for you.

Cookies can contain data that enable recognition of the device used. To a certain extent, cookies also contain information regarding specific settings that are not personal. However, cookies cannot directly identify a user. 

There is a difference between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the session. Regarding their function, cookies are differentiated as:

–   Technical Cookies: These are compulsorily necessary to navigate the website, use basic functions, and ensure the security of the website; they neither collect information about you for marketing purposes, nor do they store which web pages you have visited;

–   Performance Cookies: These collect information on how you use our website, which pages you visit and whether errors occur, for example, in the use of the website; they collect no information that could identify you — all information collected is anonymous and used only to improve our website and to determine what interests our users;

–   Advertising Cookies, Targeting Cookies: These serve to offer our website users needs-based advertising or third-party offers on our website and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;

–   Sharing Cookies: These serve to improve the interactivity of our website with other services (such as social networks); sharing cookies are stored for a maximum of 13 months.

Every use of cookies that are not compulsorily technically necessary represent data processing that is only permitted with express and active consent on your part pursuant to Art. 6 Par. 1 Sect. 1 (a) of the GDPR. This applies particularly to the use of advertising, targeting, or sharing cookies. Moreover, we transfer your personal data to third parties only if you have expressly granted consent pursuant to Art. 6 Par. 1 Sect. 1 (a) of the GDPR.

b) YouTube with Expanded Data Privacy

This website incorporates YouTube videos. The operator of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data privacy mode. According to YouTube, this mode prevents YouTube from storing any information about visitors to this website before they view the video. Conversely, disclosure of data to YouTube partners is not compulsorily excluded by extended data privacy mode. Thus, irrespective of whether you watch a video, YouTube establishes a connection to the Google DoubleClick network.

As soon as you start a YouTube video on this website, a connection is established with YouTube’s servers. In so doing, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to match your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube can store various cookies on your end device or apply comparable recognition technologies (such as device fingerprinting). In this manner, YouTube can receive information about visitors to this website. This information is used, among other things, to capture video statistics, improve user friendliness, and prevent fraud attempts.

If necessary, after a YouTube video has started playing, further data processing procedures, over which we have no influence, can be triggered.

YouTube is used in the interest of presenting our online offers in an appealing manner. This represents a legitimate interest pursuant to Art. 6 Par. 6 (f) of the GDPR. Provided corresponding consent was retrieved, processing proceeds exclusively on the basis of Art. 6 Par. 1 (a) of the GDPR; consent may be revoked at any time.

You can find further information regarding YouTube and data privacy in YouTube’s Data Privacy Agreement at https://policies.google.com/privacy?hl=de

c) Google Maps

This page uses the Google Maps service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

In order to use the functions of Google Maps, it is necessary to store your IP address. As a rule, this information is transmitted to a Google server in the USA and stored there. The provider of this site has no influence over this data transfer.

Use of Google Maps is in the interest of an appropriate presentation of our online offering and to make our locations, as indicated on our website, easy to find. This represents a legitimate interest pursuant to Art. 6 Par. 6 (f) of the GDPR. Provided corresponding consent was retrieved, processing proceeds exclusively on the basis of Art. 6 Par. 1 (a) of the GDPR; consent may be revoked at any time.

Data transmission to the USA is based upon the standard contractual clauses of the EU Commission. Details can be found here: privacy.google.com/businesses/gdprcontrollerterms/ and privacy.google.com/businesses/gdprcontrollerterms/sccs/.

More information regarding management of user data can be found in Google’s data privacy agreement: policies.google.com/privacy

(7) Analysis Tools and Advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool which helps to integrate tracking and statistical tools and other technologies on our website. Google Tag Manager itself creates no user profiles, stores no cookies and performs no independent analyses. It serves solely to administer and draw from the tools integrated by it. Google Tag Manager does however collect your IP address which can also be transferred to the parent company of Google in the United States.

Use of Google Tag Manager is based on Art. 6, Par. 1 (f) of the GDPR. The website operator has a legitimate interest in rapid, uncomplicated integration and administration of various tools on the website. Provided corresponding consent was retrieved, processing proceeds exclusively on the basis of Art. 6 Par. 1 (a) of the GDPR; consent may be revoked at any time.

Google Analytics

This website uses functions of the Google Analytics web analysis service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze website visitor behavior. The website operator then receives various user data, such as page visits, visit duration, operating systems used, and user origin. This data is collated by Google as needed in a profile which is matched to the particular user and/or their end device.

Google Analytics uses technologies (such as cookies and device fingerprinting) which enable user recognition for purposes of user behavior analysis. Information recorded by Google regarding use of this website is transmitted to a Google server in the USA and stored there.

Use of this analysis tool is based on Art. 6, Par. 1 (f) of the GDPR. The website operator has a legitimate interest in user behavior analysis in order to optimize both web content as well as advertising. Provided corresponding consent was retrieved (i.e., consent to store cookies), processing proceeds exclusively on the basis of Art. 6 Par. 1 (a) of the GDPR; consent may be revoked at any time.

Data transfer to the USA is based upon the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP Anonymization

We have activated the IP anonymization function on this website. Your IP address from Google is abbreviated within the member states of the European Union or in other states who are party to the European Economic Area agreement prior to transfer to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, issue reports regarding website activities, and render further services to the website operator related to website and internet use. The IP address transmitted by your browser in the context of Google Analytics is not combined with other data from Google.

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

More information regarding management of user data can be found in Google’s data privacy agreement: https://support.google.com/analytics/answer/6004245?hl=en

 Processing

We have executed a data processing contract with Google and we implement the strict guidelines of the German data protection authorities completely in our use of Google Analytics.

Duration of Storage

Data stored by Google at the user and event levels linked to cookies, user recognition (i.e., user ID), or advertising IDs (i.e., Doubleclick cookies, Android advertising ID), are anonymized or specifically deleted after 14 months. Details can be found at the following link: https://support.google.com/analytics/answer/7667196?hl=en

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to place advertisements in the Google search machine or on third-party web pages if the user enters specific search terms into Google (keyword targeting). Furthermore, targeted advertisements (audience targeting) can be played using user data available to Google (such as location data and interests). We as the website operator can quantitatively evaluate this data by analyzing, for example, which search terms have led to activation of our advertisements and how many advertisements have led to corresponding clicks.

Use of Google Ads is based on Art. 6, Par. 1 (f) of the GDPR. The website operator has a legitimate interest in as effective marketing as possible for its service products.

Data transfer to the USA is based upon the standard contractual clauses of the EU Commission. Details can be found here:  https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the aid of Google Conversion Tracking, we and Google can identify whether the user has performed specific actions. Thus, for example, we can evaluate which buttons on our website are clicked and how often, and which products are viewed most often or purchased. This information serves to generate conversion statistics. We learn the total number of users that have clicked on our ads and which actions they have taken. We receive no information with which we can identify users personally. Google itself uses identifications codes or comparable recognition technologies.

Use of Google Conversion Tracking is based on Art. 6, Par. 1 (f) of the GDPR. The website operator has a legitimate interest in user behavior analysis in order to optimize both web content as well as advertising. Provided corresponding consent was retrieved (i.e., consent to store cookies), processing proceeds exclusively on the basis of Art. 6 Par. 1 (a) of the GDPR; consent may be revoked at any time.

More information regarding Google Conversion Tracking can be found in Google’s data privacy agreement: https://policies.google.com/privacy?hl=en

(8) Registration on this Website

You can register on this website in order to use additional functions on the page. We use the data entered solely for the purpose of using the respective offer or service for which you have registered. The required information requested during registration must be supplied in full; Otherwise, we must refuse the registration. For important changes to the scope of the offer or for necessary technical changes, we use the email address provided during registration to inform you of same. Processing of data entered during registration is used for the purpose of conducting the user relationship established at registration and, as needed, to initiate further contracts (Art. 6 Par. 1 (b) of the GDPR). We store the data collected during registration for as long as you are registered on this website and subsequently erase it. Legal storage requirements remain unaffected.

 

C. Newsletter

You are provided the opportunity to subscribe to our company’s newsletter on the Kappa optronics GmbH website, as well as by email and at trade shows by providing your contact information, clicking on a corresponding link or QR code. The input screen used in each instance determines which personal data is transferred to the controller for processing to order the newsletter.

Kappa optronics GmbH informs customers and business partners at regular intervals by means of a newsletter covering company offerings. Our company’s newsletter can then fundamentally then be received only by data subjects, if

(1) the data subject has a valid email address and (2) the data subject registers for the newsletter mailing. For legal reasons, a confirmation email is sent for the first time to the email address which the data subject entered for the newsletter mailing as a double opt-in procedure. This confirmation email serves to verify whether the owner of the email address, as the data subject, authorized receipt of the newsletter.

When registering for the newsletter, we also store the IP address, which the internet service provider (ISP) provided at the time of registration, of the computer system used by the data subject at the time of registration, as well as the date and time of registration. It is necessary to collect this data in order to be able to prove (possible) abuse of a data subject’s email address at a later point in time, and it serves therefore to safeguard the controller of the processing.

The personal data collected in the course of registering for the newsletter is used exclusively for distributing our newsletter. Furthermore, newsletter subscribers could be informed by email, provided it is necessary for operation of the newsletter service or for subscription to the newsletter, such as could be in the event of changes to the newsletter offer or in the event of changes to the technical conditions. No transfer of personal data collected occurs in the context of the newsletter service to third parties. Subscription to our newsletter can be canceled by the data subject at any time.

You may revoke your consent to receive the newsletter at any time and unsubscribe. You may revoke by clicking on the link placed on every newsletter email, by emailing info@kappa-optronics.com, or by sending a message to the contact details provided on the imprint (Impressum) page of the website.

Mailingwork

This website uses Mailingwork for sending newsletters as well as for organizing mail campaigns. The provider is Mailingwork GmbH, Schönherrstraße 8, Gebäude 10d, Eingang N, 09113 Chemnitz, Germany. Mailingwork is a service for organizing and analyzing newsletter mailings. Data you have entered for the purpose of subscribing to the newsletter (such as your email address) is stored on Mailingwork’s servers in the EU.

Our newsletters sent via Mailingwork enable us to analyze newsletter recipients’ behavior, such as the number of recipients who open newsletter messages and how often which link in the newsletter is clicked. With the aid of so-called conversion tracking, we can additionally analyze whether a predefined action (such as a product purchase on our website) occurs when newsletter links are clicked.

Processing takes place based upon your consent (Art. 6 Par 1 (a) of the GDPR). You may revoke this consent at any time by unsubscribing from the newsletter. The legality of data processing procedures which have already taken place remains unaffected by the revocation of consent.

If you do not want any analysis by Mailingwork, you must unsubscribe from the newsletter. To this end, we make a corresponding link available in every newsletter message.

The data you have entered for the purpose of subscribing to the newsletter is stored by us until you unsubscribe from the newsletter and is erased both from our servers as well as from those of Mailingwork following newsletter unsubscription. Data that is stored at our company for other purposes (such as email addresses for the member area) remain unaffected by this action.

You can learn more about Mailingwork’s data privacy provisions at: https://mailingwork.de/datenschutz/.

We have executed a data processing contract with Mailingwork and we implement the strict guidelines of the German data protection authorities completely in our use of Mailingwork.

 

D. ION CRM

We use the CRM ION (Intelligent Office Navigator) to manage our customer data. The provider is Intelligent Software, Peter Matzka EDV Vertriebs KEG, Johann Böhmgasse 14,2201 Gerasdorf, Austria. This locally hosted CRM enables us to, among other things, manage existing and potential customers and customer contacts and to organize sales and communication processes. Furthermore, use of this CRM system enables us to analyze and optimize our customer processes. Customer data is stored exclusively on internal servers. You will find details regarding the CRM’s functions here: http://www.ion.co.at/Beschreibung.htm

Use of the CRM is based on Art. 6, Par. 1 (f) of the GDPR. The website operator has a legitimate interest in the most effective customer administration and communication possible. Providing corresponding consent was retrieved, processing proceeds exclusively on the basis of Art. 6 Par. 1 (a) of the GDPR; consent may be revoked at any time.

You may find details in ION’s data privacy statement: http://www.ion.co.at/Impressum.htm.

 

E. Microsoft 365

We use the cloud services of Microsoft 365.

The following personal data from you are processed when using Microsoft 365.

Data Categories 

  1. Documents and files 
  2. Tasks and solutions  
  3. Communication data 
  4. Personal core data 
  5. Authentification data 
  6. Contact information 
  7. Profiling 
  8. Log file with access 
  9. System-generated log data 

Categories of Data Subjects 

  • For data categories 1-9, persons who use or administer Office 365 
  • For data categories 3, 8, 9, persons who are identifiable in communication and documents 

Kappa pursues the following objectives by using Microsoft 365. Of primary importance is enabling our own employees to work remotely and our businesses to network. To this end, services and functions available within Microsoft Office 365 are used to create and store content, plan appointments, and communicate; and to achieve effective exchange of information; In this manner, Kappa employees and external partners can network and work on projects jointly without having to be at the same location. As a result, processing of your personal data serves the administration of contracts and collaboration on projects.

Release of personal data in the cloud (OneDrive and SharePoint) and use of cloud computing concretely serve together to achieve the following objectives: long-term and location-independent availability of documents, enabling site-independent work, including third party/external partners in work on documents and data, more efficient and faster processes, simplified planning, outsourcing of IT services to save proprietary resources, reduced IT administration expenditure, and increased flexibility. The SharePoint service is used in this context as a platform for data storage and exchange between employees and external partners.

When using Microsoft Office 365, transmission of diagnostic data takes place so that its services can be made available (error-free). Since all the applications are cloud based, they are tested continuously.  Processing of diagnostic data also serves to improve and update the software by introducing new version updates. Finally, the processing also serves to ensure the services’ security and rapid bug fixes.

Recipients  

  • Microsoft Ireland Operations Limited, for purposes of processing and contract fulfillment  
  • Microsoft Corporation, for purposes of processing and contract fulfillment as well as for proprietary purposes 
  • as well as those of its subcontracted processors and support service providers

Guarantees for International Data Transfer 

Counter-exceptions Art. 49 Par. 1 Subpar. 1 (c) of the GDPR for purposes 1. and 6. 

Counter-exceptions Art. 49 Par. 1 Subpar. 1 (d) of the GDPR for purposes 2.-5, 7., 8.

 Subcontracted processors 

Further information regarding the purpose and scope of data collection and processing of same by Microsoft Teams can be found in Microsoft’s data privacy statement at https://privacy.microsoft.com/de-de/privacystatement and Microsoft Teams at https://docs.microsoft.com/de-de/microsoftteams/teams-privacy as well as in the FAQ and Contact section https://support.microsoft.com/de-DE/privacy There,  you will find further information as well regarding your rights in these matters. Microsoft processes your personal data in the USA as well. EU standard contracts with Microsoft for 365 and Teams have been concluded in order to guarantee an appropriate level of data protection.

Duration of Storage

90 days after deletion of the account upon demand or following revocation (data categories 4-7.)

90 days after erasure of content data, following lapse of legal obligation (data categories 1-3.)

180 days (data categories 8, 9.)

 

We conduct online meetings using Microsoft Teams.

Within the context of our online meetings via Microsoft Teams, we process the following data.

· Communication data (i.e., your email address if you personally enter this)

· Person master data (if you enter this of your own initiative)

· Contents of the online meeting (if you appear personally and contribute verbally and/or in writing)

· Authentification data

· Log files, log data

· Metadata (i.e., IP address, time of participation, etc.)

· Profile data (i.e., your user name, if you provide this on your own initiative)

In order to communicate with you online, we use the online meeting tool Microsoft Teams. We conduct data processing based upon a legitimate interest in accordance with Art. 6 Par. 1 (f) of the GDPR. Our legitimate interest in data processing is as follows: · Personal communication including with conversation partners far away (saving travel time and costs) · protection of the health of those participating in communication by avoiding personal contact.

 

F. Processing of Customer Data (Request for Proposal/Tender, Contract Initiation, Contract Conclusion and Postcontractual Data Processing)

 

We collect, process and use your personal data insofar as is necessary for justification, content-related design or amendment of the contract.

Data Categories

We require the following data in order to register you as a customer at our company:

  • Company name and legal structure (i.e., Inc. or GmbH)
  • Company location (address, street, postal code, city)
  • First and last name of the individual contact
  • Telephone number
  • First and last name of the owner/manager of the business

You may voluntarily make the following data available to us:

  • Email address — please note that this is required for access to our news- and download service.
  • Fax
  • Different billing address if applicable
  • Mobile telephone number
  • Date of birth of the business owner/manager

Duration of Storage

Collected data is stored by us for as long as you remain in a business relationship with us. Following termination of the business relationship, your data is deleted provided no overriding legitimate interests on our side or legal retention periods prevent doing so.

Legal Basis

Processing of personal data takes place for contractual purposes which form the legal basis for processing for these purposes,

1. provided you are a registered salesperson or independent contractor, Art.6 Par 1 (b) of the GDPR, data processing is for the purpose of contract fulfillment or precontractual measures with the data subject; or

2. provided you are acting as an employee of the company, i.e., as an employee in Purchasing, Art. 6 Par. 1 (f) of the GDPR is the legitimate interest of Kappa optronics GmbH. Kappa optronics GmbH’s legitimate interest here consists of preparing for the sale of products or services of Kappa’s companies as well as group companies, which is justified particularly by corporate as well as occupational freedom.

Data Reconciliation with the Financial Sanctions List

Provided you obtain a proposal from us, we are obligated to conduct a reconciliation with the Financial Sanctions List.

A reconciliation of your name and, where appropriate, date of birth takes place using the official e-Justice portal https://www.finanz-sanktionsliste.de/fisalis/.

Further information regarding data processing by the judicial system can be found at https://justiz.de/datenschutz/index.php;jsessionid=3B55EEBC9013B9AD1CF257FDB52CDC99.

We must perform this action as required by law. Legal foundation of the processing is Art. 6, Par. 1, Sect. 1 (c) of the GDPR in connection with https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2002:139:0009:0022:DE:PDF

We store negative results for up to 3 years following termination of a contractual relationship. In the event of a positive result, we store this, as well as the refusal of a contractual relationship, for 3 years.

 

G. Social Media

We maintain proprietary pages on various social media to enable communication with interested users or customers and to be able to inform them regarding our activities and events. We do not process any user data ourselves on social networks and can only evaluate and use data that is anonymized, for example, by Facebook. This can lead to transfers of user data into countries outside the European Union. Furthermore, the user data collected for marketing purposes is processed, for example, to define and then display targeted advertising material on the social media platform in question. In order to enable this action, cookies are commonly stored by the social network/provider of the social network in question that contain the online behavior, interests or other details of users. Furthermore, user profiles on the platforms in question can contain data that is stored independently of the end device. Legal basis for this type of data processing is our legitimate interest in functional and stable communication with users regarding the online presence in question. When appropriate, social media providers request your consent to the data processing in question. In such cases, the legal basis for the data processing is precisely this consent.

As the subject of the data processing, you can assert various rights vis-a-vis the controller (see above). Please however be aware that the perception of these subject rights is fundamentally most sensible if you assert them directly to the platform provider. Generally, only platform providers have direct access to the processed data and are the only parties who can undertake corresponding measures.  We are of course at your disposal should further questions remain in this matter.

In order to make as much relevant information regarding data processing on social networks available to you, we would direct you to the data privacy regulations and specifically the data privacy statements of the individual platform providers:

Facebook: https://www.facebook.com/about/privacy 
Xing: https://privacy.xing.com/de/datenschutzerklaerung 
Linked-In: https://www.linkedin.com/legal/privacy-policy 
Twitter: https://twitter.com/de/privacy
Instagram: https://de-de.facebook.com/help/instagram/519522125107875

LinkedIn Plugin

This website uses functions of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Every time a page on this website is called that contains LinkedIn functions, a connection is established with LinkedIn’s servers. LinkedIn is informed that you have visited this website with your IP address. When you click on LinkedIn’s “recommend button” and you are logged into your LinkedIn account, it is possible for LinkedIn to connect your visit to this website, to you and your user account. We would like to draw your attention to the fact that we as the provider of these pages have no knowledge of the contents of the data transmitted nor of their use by LinkedIn.

Use of the LinkedIn plugin is based on Art. 6, Par. 1 (f) of the GDPR. The website operator has a legitimate interest in the most extensive visibility possible on social media. Provided corresponding consent was retrieved, processing proceeds exclusively on the basis of Art. 6 Par. 1 (a) of the GDPR; this consent may be revoked at any time. Data transfer to the USA is based upon the standard contractual clauses of the EU Commission.

Details can be found here:

https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-derschweiz?lang=de

Further information can be found in LinkedIn’s Data Privacy Statement at

https://www.linkedin.com/legal/privacy-policy.

Google My Business

We maintain a so-called Google My Business listing. Should you find us in this manner, we refer back to the information service provided by Google and the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland (hereafter referred to as “Google”).

We draw your attention to the fact that you are responsible for your use of the Google page and its functions. This applies particularly to use of the social and interactive functions (i.e., commenting, sharing, rating, direct messaging). When visiting and interacting with our Google My Business listing, Google records your IP address as well as other information that is available on your end device in the form of so-called cookies. This information is used to make statistical information available to us as the operator of the Google My Business listing about uses of Google services. The data collected about you in this context is processed by Google and transferred if necessary to countries outside the European Union. Google provides a general description of which information Google receives and how it is used, and provides more information, in the data privacy agreement:

https://policies.google.com/privacy?hl=de


We are not aware of how Google uses the data from your visit for its own purposes, to what extent activities of individual users are matched, how long Google stores this data, and whether data is transferred to third parties. When accessing Google services, the IP address assigned to your end device is transmitted to Google. Moreover, Google stores information about users’ end devices. When appropriate, it is possible for Google to match IP addresses to individual users or user accounts.

Should you contact us via our Google My Business entry or via other Google services using direct messaging, we cannot exclude the possibility that these messages can also be read and evaluated by Google (both employees as well as automated means). We therefore advise that you do not share personal data with us over these channels. Instead, another form of communication should be chosen as early as possible. At the latest, we erase conversations 14 days after the last chat activity or immediately after switching to another communication channel. Use of this service is subject to the Google Data Privacy Agreement to which you have already agreed by using the service.

As the provider of our Google My Business listing, we collect and process no other data from your use of this Google product.

 

H. Applications

Handling of Applicant Data

We offer you the possibility to apply to us for employment (i.e., via email, postal mail, or online application form). In the following section, we endeavor to inform you about the scope, purpose, and use of your collected personal data within the context of the application process. We ensure that the collection, processing, and use of your data proceeds in agreement with current data protection law and with all further legal provisions, and that your data is handled in strict confidence.

Scope and Purpose of the Data Collection

When you submit an application to us, we process your personal data attached to it.

We process personal data that we receive in the context of your application.

At the time when you establish contact with us, as well as within the context of an application process, the following data in particular are considered, provided you have transmitted it to us:

  • Personal details (name, address and other contact information, date and place of birth, citizenship),
  • Banking information (for the purpose of travel cost reimbursement)
  • Authentification information (such as identification card information)
  • Health data* (i.e., details regarding disabilities and, as applicable, denials for health reasons),
  • Qualification documentation (i.e., certificates, evaluations, and other documentation of education and training)
  • Details regarding your personal development
  • Details regarding your education and training
  • Details regarding your academic history
  • Details regarding your professional history
  • Photographs

If you submit your application by email:

            Email address

            Mail server

            Server's IP address

If you send your application using our online form or portal:

            IP address

*Particularly sensitive data according to Art. 9 Par. 1 of the GDPR

We collect this data as necessary relative to the decision regarding the justification for an employment relationship The legal basis for this is Par. 26 of the Federal Data Protection Act-new according to German law (initiation of an employment relationship), Art. 6 Par. 1 (b) of the GDPR).(contract initiation) and — provided you have granted consent — Art. 7 Par 1 (a) of the GDPR). Consent may be revoked at any time. Within our company, your personal data will be transferred exclusively to persons involved in processing your application.

Provided the application is successful, the data you have submitted will be stored pursuant to Par. 26 of the Federal Data Protection Act-new and Art 6 Par 1 (b) of the GDPR) for the purpose of establishing the employment relationship within our data processing systems.

Recipients of Your Data

Data that you share with us, will be transferred to executive management as well as the leading individuals in the respective responsible departments. For the necessary invoicing of travel expenditures as needed, your data will be transferred to the bookkeeping department as well as to our accountant.

However, we rely on service providers as needed for running our organization, operating our internet pages or, as another example, email communication. Likewise, we rely on external service providers such as accountants and company physicians. It may happen that one of these service providers obtains knowledge of personal data. We select our service providers carefully — particularly with regard to data privacy and security — and take all necessary measures in terms of data privacy for permissible data processing.

We transmit your personal data to third parties only when legally permitted or when you have consented.

Duration of Data Retention

In the event that we are unable to offer you a position, you decline a position offer or you withdraw your application, we reserve the right to retain the data you have submitted, based upon our legitimate interests (Art. 6 Par 1(f) of the GDPR) for up to 6 months following the end of the application process (refusal or withdrawal of the application) at our location. At the end of this period, the data will be erased and the physical application documents will be destroyed. Retention is particularly useful for purposes of verification in the event of a legal dispute. If it is evident that the data will be necessary after the 6-month period has lapsed, (i.e., due to a threatened or pending legal dispute), erasure will take place when the purpose for the continued retention is no longer valid.

Longer retention may occur if you have granted corresponding consent (Art. 6 Par.1 (a) of the GDPR) or if legal retention obligations prohibit the erasure.

Enrollment in the Applicant Pool

Provided we do not offer you a position, it may be possible to enroll you in our applicant pool. In the event of such enrollment, all documents and information from the application are entered into the applicant pool so that you may be contacted in the event of appropriate vacancies.

Enrollment in the applicant pool occurs exclusively based upon your express consent (Art. 6, Par. 1 (a) of the GDPR). Granting of consent is voluntary and is in no way related to the current application process. The data subject can withdraw her/his/their permission at any time. In such case, the data is irretrievably erased from the applicant pool, provided no legal grounds for storage exist.

Data from the applicant pool is erased two years at the latest after said consent is granted.

Procedure according to the General Equal Treatment Act (GETA).

 

I. Events and Trade Fairs

You have the option to register for certain events on our home page or by email, fax or telephone, by providing personal data.

The type of personal data that will be transferred to the controller results from the input screen that is used for the registration in question.

1. Purpose and Legal Foundation of Processing

The personal data you provide in addition to your IP address and the time of registration for the event are collected and stored exclusively for our internal use and for the organization and presentation of the event. The legal foundation of the processing is the fulfillment of a contract in accordance with Art. 6, Par. 1 (b) of the GDPR.

2. Duration of Storage and Logout

We process your data until the event has concluded and your data need no longer be stored for compelling legal reasons (i.e., for tax purposes).

3. Necessity of Supplying Personal Data

Supplying personal data is neither legally nor contractually required. You can withdraw your registration at any time.

 

30.11.2021

Telephone +49 5508 974 - 0