DE EN

Foreword

Data Privacy Notice for Kappa optronics GmbH

We, Kappa optronics GmbH, including our subsidiaries (hereafter referred to in common as: “the company”, “we” or “us”) take the protection of your personal data seriously. Our data privacy notice is modularly constructed. It consists of a general section covering the processing of personal data that comes into use every time a web page is accessed (A. General) and a special section, the content of which relates only to the processing situation specified therein. with a description of the respective offer or product.

 

A. General

(1) Definition of Terms

Following the model set forth by Art. 4 of the GDPR, the following term definitions underlie this data privacy notice:

–   "personal data" (Art. 4 Par. 1 of the GDPR) is all information that relates to an identified or identifiable natural person (“data subject”). A person is identifiable if she/he/they can be identified directly or indirectly, particularly by means of connection to an identifier such as a name, identification number, online identifier, location data, or with the aid of information regarding the person’s physical, physiological, genetic, psychological, economic, cultural or social identifying characteristics. Identifiability can also exist as a connection to such information or to other supplementary knowledge. Neither the manner in which the information comes to be, nor the form or embodiment of the information is of consequence (even photographs, video and/or audio recordings can contain personal data).

–   "processing" (Art. 4 Par. 2 of the GDPR) refers to any operation by which personal data is handled, whether or not by automated means (i.e., those supported by technology). This particularly encompasses the collection (i.e., acquisition), recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment, combination, restriction, erasure or destruction of personal data as well as the alteration of a definition of goal or purpose which originally formed the basis of the data processing.

–   "controller" (Art. 4 Par. 7 of the GDPR) is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

–   "third party" (Art. 4 Par. 10 of the GDPR) is any natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data; this also includes other persons who are legally affiliated with companies so involved.

–   "processor" (Art. 4 Par. 8 of the GDPR) is any natural or legal person, public authority, agency or body that processes personal data on behalf of the controller, particularly according to the instructions of the controller (i.e., IT service providers). As regards data privacy, a processor is notably not a third party.

–   "consent" (Art. 4 Par. 11 of the GDPR) of the data subject refers to any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which she/he/they, by a statement or clear affirming action, signifies agreement to the processing of personal data relating to her/him/them.

(2) Name and Address of the Party Responsible for Processing

We are the controller responsible for processing personal data in accordance with Art. 4 Par. 7 of the GDPR:

Kappa optronics GmbH

Kleines Feld 6

37130 Gleichen

GERMANY

Telephone +49 5508 974-0

Fax +49 5508 974- 188

E-Mail: info@kappa-optronics.com

Website: www.kappa-optronics.com

Further information on our company can be found in the imprint details on our Internet page:

www.kappa-optronics.com/en/about-this-site/

(3) Data Protection Officer’s Contact Information

Our data protection officer is at your disposal at any time to respond to any questions or for consultation. Contact information is:

Kappa optronics GmbH

Data Protection Officer

Kleines Feld 6

37130 Gleichen

GERMANY

Telephone +49 5508 974-0

E-Mail: datenschutz@kappa-optronics.com

(4) Legal Bases of Data Processing

We only process your personal data if we have a legal basis for doing so.

For the processing operations carried out by us, we indicate the applicable legal basis in each case below. A processing operation may also be based on several legal bases.

(5) Data Erasure and Duration of Storage

For the processing operations that we undertake, in the following we state how long the data is stored in our facility in each case and when it is erased or locked. Provided that no express duration of storage is subsequently indicated, your personal data is erased or locked as soon as the purpose or legal basis for storage lapses. Storage of your data occurs in general only on our servers in Germany, subject to any transfer or disclosure as needed in accordance with the regulations in A (7) and A (8).

However, storage can extend beyond the time given in the event of a (threatened) legal dispute with you, or of another legal proceeding, or if storage is foreseen due to legal regulations to which we as the controller are subject (for example, Par. 257 of the German Commercial Code, Par. 147 of the Regulation of Taxation). If the storage period prescribed by legal regulations lapses, blocking or erasure of the personal data will occur, unless a legal basis exists which requires that we continue to store it.

(6) Data Security

We make use of appropriate technical and organizational security measures in order to protect your data against accidental or intentional manipulation, partial or total loss, destruction, or unauthorized access by third parties (i.e., TLS encryption for our website) taking into account the state of the technology, implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach (including the probability and effects thereof) for the data subject. Our security measures are continually being improved pursuant to technological development.

We are happy to provide more information on this topic upon request; please contact our data protection officer (see A (3)).

(7) Work with Contracted Processors

As with any large company, we rely upon external domestic and international service providers (for example, for the areas of IT, logistics, telecommunications, sales, and marketing) to handle our business activities. These providers act solely in accordance with our instructions and are contractually obligated pursuant to Art. 28 of the GDPR to observe all legal regulations.

Insofar as personal data from you are passed on to our subsidiaries or from our subsidiaries to us (for example, for promotional purposes), this takes place based upon existing order processing relationships.

(8) Prerequisites for Transfer of Personal Data to Third Countries

Within the context of our business relationships, your personal data may be disclosed or revealed to third-party organizations which may be located outside of the European Economic Area (EEA), and thus in third countries. Processing of this sort occurs exclusively to fulfill contractual and business obligations and to build and maintain your business relationship with us. We will inform you subsequently of the details in question regarding this disclosure at points when such is relevant.

The European Commission certifies data protection comparable to the EEA standard for some third countries using so-called adequacy decisions (a list of these countries as well as a copy of the adequacy decisions can be found here: ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html). However, in other third countries, into which personal data is transferred as needed, it is possible that such consistently high levels of data protection do not exist, potentially due to lacking statutory provisions. In such cases, we make certain that data protection is sufficiently guaranteed. This is possible using binding company legislation, standard contractual clauses of the European Commission for the Protection of Personal Data, certificates, or recognized codes of conduct. Please contact our data protection officer (see A. (3)) if you would like more information on this topic.

(9) No Automated Decision Making (Including Profiling)

We do not intend to use personal data collected from you for automated decision-making processes (including profiling).

Profiling

(10) Obligation to Provide Personal Data

Within the context of our business relationship, you must make personal data available that is necessary for establishing and maintaining the corresponding business relationship and for fulfilling the contractual obligations attached therewith, or that we are legally obligated to collect. Without this data, we will generally not be in a position to enter into a business relationship with you or to fulfill the obligations that would result from it.

(11) Legal Obligation to Transfer Certain Data

We may potentially be subject to a particular legal obligation to provide personal data processed legally for third parties, to public authorities in particular (Art. 6 Par. 1 Sect. 1 (c) of the GDPR).

(12) Your Rights

You may assert your rights as a data subject with regard to your processed personal data at any time using the contact information provided earlier under A. (2). As a data subject, you have the right:

–   to demand information about the data processed by us in accordance with Art. 15 of the GDPR. In particular, you may demand information regarding the purpose of processing, category of data, categories of recipients to whom your data is or has been disclosed, the planned duration of storage, the existence of a right of rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the source of your data, provided it was not collected by us, as well as of the existence of automated decision making including profiling and, as applicable, meaningful information regarding its details;

–   pursuant to Art. 16 of the GDPR, to demand rectification of incorrect data or the completion of incomplete data that we have stored;

–   pursuant to Art. 17 of the GDPR, to demand the erasure of your data that we have stored, insofar as processing is not necessary for the exercise of the right of free expression and information, to fulfill a legal obligation, for reasons of public interest, or to establish, exercise or defend a legal claim;

–   pursuant to Art. 18 of the GDPR, to demand the restriction of processing of your data, provided that you contest the accuracy of the data or the processing is unlawful;

–   pursuant to Art. 20 of the GDPR, to receive your data that you have made available to us in a structured, commonly used and machine-readable format or to demand that the data be transmitted to another controller (“data portability);

–   pursuant to Art. 21 of the GDPR, to lodge an objection, provided that the processing occurs on the basis of Art. 6, Par. 1, Sect. 1 (e) or (f) of the GDPR.  This applies in particular if the processing is not necessary to fulfill a contract with you. Provided that it does not concern an objection against direct marketing, we ask that, when exercising such an objection, you provide the reasons why we should not process your data as we otherwise would. In the event of your justified objection, we then review the situation and either cease or modify the processing, or demonstrate to you the compelling reasons worthy of protection on which basis we will continue the processing;

–   pursuant to Art. 7 Par. 3 of the GDPR, to withdraw your consent from us at any time, provided that such consent had previously been granted (even prior to applicability of the GDPR, i.e., prior to 25 Dec 2018) — consent was freely given, informed and unambiguous in the form of a declaration or another clear, confirming act that you are/were in agreement with the processing of affected personal data for one or more specific purposes. As a result, we will no longer be permitted to continue the data processing based upon this consent, and

–   pursuant to Art. 77 of the GDPR, to lodge a complaint with a supervisory data privacy authority regarding the processing of your personal data in our company, with the supervisory data privacy authority responsible for us:

The Lower Saxony Federal State Office for Data Protection
Postfach 221, 30002 Hannover
Prinzenstraße 5, 30159 Hannover
Telephone: (+49 511) 120-4500
Fax: +49 511 120-4599
E-Mail: poststelle@lfd.niedersachsen.de

(13) Changes to the Data Privacy Notice

In the context of continued development of data protection law as well as of technological or organizational changes, our data privacy statement will be reviewed regularly for needed modification or amendment. You will be notified of changes on our website particularly at https://www.kappa-optronics.com . This data privacy notice is current as of April 2021.

 

B. Web Page Visits

(1) Explanation of Function

Our website provides information about our company, areas of activity, offers and the ability to contact us. When visiting our web pages, personal data from you may be processed.

(2) Processed Personal Data

When using web pages for information purposes, the following categories of personal data are collected, stored and processed by us:

1. Log Data

When you visit our web pages, a so-called server log file is stored temporarily and anonymously on our web server which consists of:

–   the page from which the page was requested (the so-called referrer URL)

–   the name and URL of the requested page

–   the date and time of the request

–   the description of the type, language, and version of the web browser used

–   the IP address of the requesting computer, abbreviated such that a personal connection can no longer be established

–   the amount of data transferred

–   the operating system

–   notice whether the request was successful (access status/HTTP status code)

–   the GMT time zone difference

Processing log data serves statistical purposes and to improve the quality of our website, particularly the stability and security of the connection (legal basis is Art. 6 Par. 1 Sect. 1 (f) of the GDPR). These files are erased within 4 days.

2. Consent using Usercentrics

This website uses a consent tool from Usercentrics to secure and document your consent to store certain cookies on your end device or to use particular technologies to secure and document same. The provider of this tool is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany; website:

usercentrics.com/de/ (hereafter referred to as “Usercentrics”).

When you access our website, the following personal data will be transmitted to Usercentrics:

your consent and revocation of same

your IP address

information about your browser

information about your end device

time of your website visit

Furthermore, Usercentrics will store a cookie on your browser in order to be able to match your consents granted as well as their withdrawal to you. Data recorded in this manner is stored until you request its erasure, the Usercentrics cookie itself erases it, or the purpose of the data storage lapses. Compelling legal storage requirements remain unaffected.

Usercentrics’ services are used in order to secure the legally required consent for use of certain technologies. The legal basis in this matter is GDPR Art. 6 Par. 1 (c).

We have signed a processing contract with the provider to ensure the provider’s adherence to legal data privacy regulations.

3. Hosting

Our website is hosted by an IT service provider.

p2 media GmbH & Co. KG
Simeonscarre 2
32423 Minden
GERMANY

We have executed a data processing agreement with the hosting provider.

(3) Forms, E-Mail Communication

If you would like to establish contact with Kappa, we are at your disposal via communication channels such as telephone, email, and various online forms. Within the context of such forms, the following data will be requested, depending upon the form:

form of address, title, name, first name, last name/surname, email address, company, company contact data, website company, job title, department, industry (key code), company contact address, entered text, check/validation, customer number, password, Kappa News subscription.

Contact form data is processed to handle customer inquiries (legal basis is Art. 6, Par. 1, Sect. 1 (b) or (f) of the GDPR).

Provided that you establish contact with us via email or a contact form, the personal data you transmit is processed on the one hand by the web server and on the other hand by our email server and subsequently stored automatically. Such personal data supplied by you to us on a voluntary basis is stored for purposes of processing or for contact with the data subject. This personal data is not transferred to third parties. The duration of storage depends upon the corresponding purpose and content of the message.

(4) Duration of the Data Processing

Your data is processed for only so long as is necessary to achieve the processing objectives stated above; to this point, the legal bases indicated within the context of the purposes of the processing are correspondingly valid.

Third parties engaged by us will store your data on their system for as long as is necessary in conjunction with the performance of services for us in accordance with the assignment in question.

(5) Transmission of Personal Data to Third Parties; Legal Basis

The following categories of recipients who as a rule are processors receive access to your personal data as applicable:

–   service providers in order to operate our website and process data stored by the systems or transmitted (i.e., for computing center capacity, payment processing, IT security) . Legal basis for this transfer is Art. 6 Par. 1 Sect. 1 (b) or (f) of the GDPR provided that it does not involve a processor;

–   state offices/authorities, insofar as this is necessary to perform our services for one and to fulfill a legal requirement for another. Legal basis for this transfer is Art. 6 Par. 1 Sect. 1 (c) of the GDPR:

–   persons or entities engaged to conduct the operation of our business, (such as auditors, banks, insurance, attorneys, supervisory authorities, parties involved in corporate acquisitions or the establishment of joint ventures). Legal basis for this transfer is Art. 6 Par. 1 Sect. 1 (b) or (f) of the GDPR.

  • IT service providers as well as Software as a Service (SaaS) providers, Art. 6 Par. 1 Sect. 1 (a) or (f) GDPR.

For guarantees of appropriate level of data protection for data transfer to third-party countries, see A. (8).

Moreover, we transfer your personal data to third parties only if you have expressly granted consent pursuant to Art. 6 Par. 1 Sect. 1 (a) of the GDPR.

(6) Use of Cookies, Plugins, and Other Services on Our Website

a) Cookies

We use cookies on our website. Cookies are small text files that are stored within your browser and which generate a unique identifier; specific information is contained within the cookie’s identifier that is transmitted to the website’s server. Cookies cannot execute programs or transfer viruses to your computer and as such cannot do any damage. They serve to make our Internet product more user friendly and effective overall, and more pleasant for you.

Cookies can contain data that enable recognition of the device used. To a certain extent, cookies also contain information regarding specific settings that are not personal. However, cookies cannot directly identify a user. 

There is a difference between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the session. Regarding their function, cookies are differentiated as:

–   Technical Cookies: These are compulsorily necessary to navigate the website, use basic functions, and ensure the security of the website; they neither collect information about you for marketing purposes, nor do they store which web pages you have visited;

–   Performance Cookies: These collect information on how you use our website, which pages you visit and whether errors occur, for example, in the use of the website; they collect no information that could identify you — all information collected is anonymous and used only to improve our website and to determine what interests our users;

–   Advertising Cookies, Targeting Cookies: These serve to offer our website users needs-based advertising or third-party offers on our website and to measure the effectiveness of these offers; advertising and targeting cookies are stored for a maximum of 13 months;

–   Sharing Cookies: These serve to improve the interactivity of our website with other services (such as social networks); sharing cookies are stored for a maximum of 13 months.

Every use of cookies that are not compulsorily technically necessary represent data processing that is only permitted with express and active consent on your part pursuant to Art. 6 Par. 1 Sect. 1 (a) of the GDPR. This applies particularly to the use of advertising, targeting, or sharing cookies. Moreover, we transfer your personal data to third parties only if you have expressly granted consent pursuant to Art. 6 Par. 1 Sect. 1 (a) of the GDPR.

b) YouTube with Expanded Data Privacy

This website incorporates YouTube videos. The operator of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data privacy mode. According to YouTube, this mode prevents YouTube from storing any information about visitors to this website before they view the video. Conversely, disclosure of data to YouTube partners is not compulsorily excluded by extended data privacy mode. Thus, irrespective of whether you watch a video, YouTube establishes a connection to the Google DoubleClick network.

As soon as you start a YouTube video on this website, a connection is established with YouTube’s servers. In so doing, the YouTube server is informed which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to match your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, YouTube can store various cookies on your end device or apply comparable recognition technologies (such as device fingerprinting). In this manner, YouTube can receive information about visitors to this website. This information is used, among other things, to capture video statistics, improve user friendliness, and prevent fraud attempts.

If necessary, after a YouTube video has started playing, further data processing procedures, over which we have no influence, can be triggered.

YouTube is used in the interest of presenting our online offers in an appealing manner. This represents a legitimate interest pursuant to Art. 6 Par. 6 (f) of the GDPR. Provided corresponding consent was retrieved, processing proceeds exclusively on the basis of Art. 6 Par. 1 (a) of the GDPR; consent may be revoked at any time.

You can find further information regarding YouTube and data privacy in YouTube’s Data Privacy Agreement at https://policies.google.com/privacy?hl=de

c) Google Maps

This page uses the Google Maps service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

In order to use the functions of Google Maps, it is necessary to store your IP address. As a rule, this information is transmitted to a Google server in the USA and stored there. The provider of this site has no influence over this data transfer.

Use of Google Maps is in the interest of an appropriate presentation of our online offering and to make our locations, as indicated on our website, easy to find. This represents a legitimate interest pursuant to Art. 6 Par. 6 (f) of the GDPR. Provided corresponding consent was retrieved, processing proceeds exclusively on the basis of Art. 6 Par. 1 (a) of the GDPR; consent may be revoked at any time.

Data transmission to the USA is based upon the standard contractual clauses of the EU Commission. Details can be found here: privacy.google.com/businesses/gdprcontrollerterms/ and privacy.google.com/businesses/gdprcontrollerterms/sccs/.

More information regarding management of user data can be found in Google’s data privacy agreement: policies.google.com/privacy

(7) Analysis Tools and Advertising

Google Tag Manager

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool which helps to integrate tracking and statistical tools and other technologies on our website. Google Tag Manager itself creates no user profiles, stores no cookies and performs no independent analyses. It serves solely to administer and draw from the tools integrated by it. Google Tag Manager does however collect your IP address which can also be transferred to the parent company of Google in the United States.

Use of Google Tag Manager is based on Art. 6, Par. 1 (f) of the GDPR. The website operator has a legitimate interest in rapid, uncomplicated integration and administration of various tools on the website. Provided corresponding consent was retrieved, processing proceeds exclusively on the basis of Art. 6 Par. 1 (a) of the GDPR; consent may be revoked at any time.

Google Analytics

This website uses functions of the Google Analytics web analysis service. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze website visitor behavior. The website operator then receives various user data, such as page visits, visit duration, operating systems used, and user origin. This data is collated by Google as needed in a profile which is matched to the particular user and/or their end device.

Google Analytics uses technologies (such as cookies and device fingerprinting) which enable user recognition for purposes of user behavior analysis. Information recorded by Google regarding use of this website is transmitted to a Google server in the USA and stored there.

Use of this analysis tool is based on Art. 6, Par. 1 (f) of the GDPR. The website operator has a legitimate interest in user behavior analysis in order to optimize both web content as well as advertising. Provided corresponding consent was retrieved (i.e., consent to store cookies), processing proceeds exclusively on the basis of Art. 6 Par. 1 (a) of the GDPR; consent may be revoked at any time.

Data transfer to the USA is based upon the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP Anonymization

We have activated the IP anonymization function on this website. Your IP address from Google is abbreviated within the member states of the European Union or in other states who are party to the European Economic Area agreement prior to transfer to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and abbreviated there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, issue reports regarding website activities, and render further services to the website operator related to website and internet use. The IP address transmitted by your browser in the context of Google Analytics is not combined with other data from Google.

Browser Plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

More information regarding management of user data can be found in Google’s data privacy agreement: https://support.google.com/analytics/answer/6004245?hl=en

 Processing

We have executed a data processing contract with Google and we implement the strict guidelines of the German data protection authorities completely in our use of Google Analytics.

Duration of Storage

Data stored by Google at the user and event levels linked to cookies, user recognition (i.e., user ID), or advertising IDs (i.e., Doubleclick cookies, Android advertising ID), are anonymized or specifically deleted after 14 months. Details can be found at the following link: https://support.google.com/analytics/answer/7667196?hl=en

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads allows us to place advertisements in the Google search machine or on third-party web pages if the user enters specific search terms into Google (keyword targeting). Furthermore, targeted advertisements (audience targeting) can be played using user data available to Google (such as location data and interests). We as the website operator can quantitatively evaluate this data by analyzing, for example, which search terms have led to activation of our advertisements and how many advertisements have led to corresponding clicks.

Use of Google Ads is based on Art. 6, Par. 1 (f) of the GDPR. The website operator has a legitimate interest in as effective marketing as possible for its service products.

Data transfer to the USA is based upon the standard contractual clauses of the EU Commission. Details can be found here:  https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

With the aid of Google Conversion Tracking, we and Google can identify whether the user has performed specific actions. Thus, for example, we can evaluate which buttons on our website are clicked and how often, and which products are viewed most often or purchased. This information serves to generate conversion statistics. We learn the total number of users that have clicked on our ads and which actions they have taken. We receive no information with which we can identify users personally. Google itself uses identifications codes or comparable recognition technologies.

Use of Google Conversion Tracking is based on Art. 6, Par. 1 (f) of the GDPR. The website operator has a legitimate interest in user behavior analysis in order to optimize both web content as well as advertising. Provided corresponding consent was retrieved (i.e., consent to store cookies), processing proceeds exclusively on the basis of Art. 6 Par. 1 (a) of the GDPR; consent may be revoked at any time.

More information regarding Google Conversion Tracking can be found in Google’s data privacy agreement: https://policies.google.com/privacy?hl=en

(8) Registration on this Website

You can register on this website in order to use additional functions on the page. We use the data entered solely for the purpose of using the respective offer or service for which you have registered. The required information requested during registration must be supplied in full; Otherwise, we must refuse the registration. For important changes to the scope of the offer or for necessary technical changes, we use the email address provided during registration to inform you of same. Processing of data entered during registration is used for the purpose of conducting the user relationship established at registration and, as needed, to initiate further contracts (Art. 6 Par. 1 (b) of the GDPR). We store the data collected during registration for as long as you are registered on this website and subsequently erase it. Legal storage requirements remain unaffected.

 

C. Newsletter

You are provided the opportunity to subscribe to our company’s newsletter on the Kappa optronics GmbH website, as well as by email and at trade shows by providing your contact information, clicking on a corresponding link or QR code. The input screen used in each instance determines which personal data is transferred to the controller for processing to order the newsletter.

Kappa optronics GmbH informs customers and business partners at regular intervals by means of a newsletter covering company offerings. Our company’s newsletter can then fundamentally then be received only by data subjects, if

(1) the data subject has a valid email address and (2) the data subject registers for the newsletter mailing. For legal reasons, a confirmation email is sent for the first time to the email address which the data subject entered for the newsletter mailing as a double opt-in procedure. This confirmation email serves to verify whether the owner of the email address, as the data subject, authorized receipt of the newsletter.

When registering for the newsletter, we also store the IP address, which the internet service provider (ISP) provided at the time of registration, of the computer system used by the data subject at the time of registration, as well as the date and time of registration. It is necessary to collect this data in order to be able to prove (possible) abuse of a data subject’s email address at a later point in time, and it serves therefore to safeguard the controller of the processing.

The personal data collected in the course of registering for the newsletter is used exclusively for distributing our newsletter. Furthermore, newsletter subscribers could be informed by email, provided it is necessary for operation of the newsletter service or for subscription to the newsletter, such as could be in the event of changes to the newsletter offer or in the event of changes to the technical conditions. No transfer of personal data collected occurs in the context of the newsletter service to third parties. Subscription to our newsletter can be canceled by the data subject at any time.

You may revoke your consent to receive the newsletter at any time and unsubscribe. You may revoke by clicking on the link placed on every newsletter email, by emailing info@kappa-optronics.com, or by sending a message to the contact details provided on the imprint (Impressum) page of the website.

Mailingwork

This website uses Mailingwork for sending newsletters as well as for organizing mail campaigns. The provider is Mailingwork GmbH, Schönherrstraße 8, Gebäude 10d, Eingang N, 09113 Chemnitz, Germany. Mailingwork is a service for organizing and analyzing newsletter mailings. Data you have entered for the purpose of subscribing to the newsletter (such as your email address) is stored on Mailingwork’s servers in the EU.

Our newsletters sent via Mailingwork enable us to analyze newsletter recipients’ behavior, such as the number of recipients who open newsletter messages and how often which link in the newsletter is clicked. With the aid of so-called conversion tracking, we can additionally analyze whether a predefined action (such as a product purchase on our website) occurs when newsletter links are clicked.

Processing takes place based upon your consent (Art. 6 Par 1 (a) of the GDPR). You may revoke this consent at any time by unsubscribing from the newsletter. The legality of data processing procedures which have already taken place remains unaffected by the revocation of consent.

If you do not want any analysis by Mailingwork, you must unsubscribe from the newsletter. To this end, we make a corresponding link available in every newsletter message.

The data you have entered for the purpose of subscribing to the newsletter is stored by us until you unsubscribe from the newsletter and is erased both from our servers as well as from those of Mailingwork following newsletter unsubscription. Data that is stored at our company for other purposes (such as email addresses for the member area) remain unaffected by this action.

You can learn more about Mailingwork’s data privacy provisions at: https://mailingwork.de/datenschutz/.

We have executed a data processing contract with Mailingwork and we implement the strict guidelines of the German data protection authorities completely in our use of Mailingwork.

 

D. ION CRM

We use the CRM ION (Intelligent Office Navigator) to manage our customer data. The provider is Intelligent Software, Peter Matzka EDV Vertriebs KEG, Johann Böhmgasse 14,2201 Gerasdorf, Austria. This locally hosted CRM enables us to, among other things, manage existing and potential customers and customer contacts and to organize sales and communication processes. Furthermore, use of this CRM system enables us to analyze and optimize our customer processes. Customer data is stored exclusively on internal servers. You will find details regarding the CRM’s functions here: http://www.ion.co.at/Beschreibung.htm

Use of the CRM is based on Art. 6, Par. 1 (f) of the GDPR. The website operator has a legitimate interest in the most effective customer administration and communication possible. Providing corresponding consent was retrieved, processing proceeds exclusively on the basis of Art. 6 Par. 1 (a) of the GDPR; consent may be revoked at any time.

You may find details in ION’s data privacy statement: http://www.ion.co.at/Impressum.htm.

 

E. Microsoft 365

We use the cloud services of Microsoft 365.

The following personal data from you can be processed when using Microsoft 365.

Data Categories 

  1. Documents and files 
  2. Tasks and solutions  
  3. Communication data 
  4. Personal core data 
  5. Authentification data 
  6. Contact information 
  7. Profiling 
  8. Log file with access 
  9. System-generated log data 
  10. Entries in surveys / questionnaires 

Categories of Data Subjects 

  • For data categories 1-9, persons who use or administer Office 365 
  • For data categories 3, 8, 9, persons who are identifiable in communication and documents 
  • For data category 10 people using Microsoft Forms surveys.  

Kappa pursues the following objectives by using Microsoft 365. Of primary importance is enabling our own employees to work remotely and our businesses to network. We also want to simplify and improve cooperation with customers and third parties. To this end, services and functions available within Microsoft Office 365 are used to create and store content, plan appointments, and communicate; and to achieve effective exchange of information; In this manner, Kappa employees and external partners can network and work on projects jointly without having to be at the same location. As a result, processing of your personal data serves the administration of contracts and collaboration on projects.

Release of personal data in the cloud (OneDrive and SharePoint) and use of cloud computing concretely serve together to achieve the following objectives: long-term and location-independent availability of documents, enabling site-independent work, including third party/external partners in work on documents and data, more efficient and faster processes, simplified planning, outsourcing of IT services to save proprietary resources, reduced IT administration expenditure, and increased flexibility. The SharePoint service is used in this context as a platform for data storage and exchange between employees and external partners.

When using Microsoft Office 365, transmission of diagnostic data takes place so that its services can be made available (error-free). Since all the applications are cloud based, they are tested continuously.  Processing of diagnostic data also serves to improve and update the software by introducing new version updates. Finally, the processing also serves to ensure the services’ security and rapid bug fixes.

Recipients  

  • Microsoft Ireland Operations Limited, for purposes of processing and contract fulfillment  
  • Microsoft Corporation, for purposes of processing and contract fulfillment as well as for proprietary purposes 
  • as well as those of its subcontracted processors and support service providers

Guarantees for International Data Transfer 

Counter-exceptions Art. 49 Par. 1 Subpar. 1 (c) of the GDPR for purposes 1. and 6. 

Counter-exceptions Art. 49 Par. 1 Subpar. 1 (d) of the GDPR for purposes 2.-5, 7., 8.

 Subcontracted processors 

Further information regarding the purpose and scope of data collection and processing of same by Microsoft Teams can be found in Microsoft’s data privacy statement at https://privacy.microsoft.com/de-de/privacystatement and Microsoft Teams at https://docs.microsoft.com/de-de/microsoftteams/teams-privacy as well as in the FAQ and Contact section https://support.microsoft.com/de-DE/privacy There,  you will find further information as well regarding your rights in these matters. Microsoft processes your personal data in the USA as well. EU standard contracts with Microsoft for 365 and Teams have been concluded in order to guarantee an appropriate level of data protection.

Duration of Storage

90 days after deletion of the account upon demand or following revocation (data categories 4-7.)

90 days after erasure of content data, following lapse of legal obligation (data categories 1-3.)

180 days (data categories 8, 9.)

 

We conduct online meetings using Microsoft Teams.

As part of our online meetings via Microsoft Teams, we process the following data:
- Communication data (e.g., your email address if you provide it on a personal basis).
- Personal master data (if provided voluntarily by you)
- Content of the online meeting (if you make a person-related appearance with contributions in speech and/or writing).
- Authentication data
- Log files, protocol data
- Metadata (e.g. IP address, time of participation, etc.)
- Profile data (e.g. your username, if you provide it voluntarily


In order to be able to communicate with you online, we use the online meeting tool Microsoft Teams. We carry out the data processing on the basis of a legitimate interest pursuant to Art. 6 (1) f) DSGVO. Our legitimate interest for data processing is: - Personal communication even with distant interlocutors (saving travel time and costs) - Health protection of the communication participants by avoiding personal contact.

 

We use Microsoft Forms for surveys

We use Microsoft Forms so that we can effectively create forms for surveys and questionnaires. For this purpose, personal data is processed and stored in Microsoft's cloud servers. This data is not used for automated decisions including profiling. 

 

Processed Data: 

In particular, the following information is collected. Name, email address, profile picture (if logged into MS365), preferred language, status (if logged into MS365), date and time of opening the questionnaire, date and time of sending the answer. In addition, Microsoft collects and stores usage data, your IP address and cookies, unless you have opted out of this in your browser. You can find more information on data processing by Microsoft at: privacy.microsoft.com/de-de/privacystatement. Depending on your role in the questionnaires, the type of data requested varies. 

Creator/ Owner  

Owners have access to the forms and can create and distribute surveys, forms and questionnaires directly, either alone or with other owners. The usage data of the owners as well as their profile information is stored. 

Respondents 

Respondents are people who take part in a survey. 

Collected information 

Contact information 

If you participate in an anonymous survey, your response will not contain any contact information and cannot be traced back to you. In this case, the information you enter, as well as the information Microsoft retrieves, is processed. 

In a confidential survey, only the content of your response is confidential, not the fact that you participated in the survey. In this case, we may see your name, e-mail address, and the date and time you opened the survey and submitted your response. 

Data from surveys/forms/questionnaires 

The data you enter is stored in the Microsoft cloud. 

Who has access to the data from surveys/forms/questionnaires? 

Only we have access to the responses received. 

Data storage 

Unless we have a legitimate interest in storing the data for a longer period of time, we delete all responses within one year after the survey is completed. 

You can ask us how long your answers will be stored in Forms. 

 

F. Processing of Customer Data (Request for Proposal/Tender, Contract Initiation, Contract Conclusion and Postcontractual Data Processing)

 

We collect, process and use your personal data insofar as is necessary for justification, content-related design or amendment of the contract.

Data Categories

We require the following data in order to register you as a customer at our company:

  • Company name and legal structure (i.e., Inc. or GmbH)
  • Company location (address, street, postal code, city)
  • First and last name of the individual contact
  • Telephone number
  • First and last name of the owner/manager of the business

You may voluntarily make the following data available to us:

  • Email address — please note that this is required for access to our news- and download service.
  • Fax
  • Different billing address if applicable
  • Mobile telephone number
  • Date of birth of the business owner/manager

Duration of Storage

Collected data is stored by us for as long as you remain in a business relationship with us. Following termination of the business relationship, your data is deleted provided no overriding legitimate interests on our side or legal retention periods prevent doing so.

Legal Basis

Processing of personal data takes place for contractual purposes which form the legal basis for processing for these purposes,

1. provided you are a registered salesperson or independent contractor, Art.6 Par 1 (b) of the GDPR, data processing is for the purpose of contract fulfillment or precontractual measures with the data subject; or

2. provided you are acting as an employee of the company, i.e., as an employee in Purchasing, Art. 6 Par. 1 (f) of the GDPR is the legitimate interest of Kappa optronics GmbH. Kappa optronics GmbH’s legitimate interest here consists of preparing for the sale of products or services of Kappa’s companies as well as group companies, which is justified particularly by corporate as well as occupational freedom.

Data Reconciliation with the Financial Sanctions List

Provided you obtain a proposal from us, we are obligated to conduct a reconciliation with the Financial Sanctions List.

A reconciliation of your name and, where appropriate, date of birth takes place using the official e-Justice portal https://www.finanz-sanktionsliste.de/fisalis/.

Further information regarding data processing by the judicial system can be found at https://justiz.de/datenschutz/index.php;jsessionid=3B55EEBC9013B9AD1CF257FDB52CDC99.

We must perform this action as required by law. Legal foundation of the processing is Art. 6, Par. 1, Sect. 1 (c) of the GDPR in connection with https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2002:139:0009:0022:DE:PDF

We store negative results for up to 3 years following termination of a contractual relationship. In the event of a positive result, we store this, as well as the refusal of a contractual relationship, for 3 years.

 

G. Social Media

We maintain proprietary pages on various social media to enable communication with interested users or customers and to be able to inform them regarding our activities and events. We do not process any user data ourselves on social networks and can only evaluate and use data that is anonymized, for example, by Facebook. This can lead to transfers of user data into countries outside the European Union. Furthermore, the user data collected for marketing purposes is processed, for example, to define and then display targeted advertising material on the social media platform in question. In order to enable this action, cookies are commonly stored by the social network/provider of the social network in question that contain the online behavior, interests or other details of users. Furthermore, user profiles on the platforms in question can contain data that is stored independently of the end device. Legal basis for this type of data processing is our legitimate interest in functional and stable communication with users regarding the online presence in question. When appropriate, social media providers request your consent to the data processing in question. In such cases, the legal basis for the data processing is precisely this consent.

As the subject of the data processing, you can assert various rights vis-a-vis the controller (see above). Please however be aware that the perception of these subject rights is fundamentally most sensible if you assert them directly to the platform provider. Generally, only platform providers have direct access to the processed data and are the only parties who can undertake corresponding measures.  We are of course at your disposal should further questions remain in this matter.

In order to make as much relevant information regarding data processing on social networks available to you, we would direct you to the data privacy regulations and specifically the data privacy statements of the individual platform providers:

Facebook: https://www.facebook.com/about/privacy 
Xing: https://privacy.xing.com/de/datenschutzerklaerung 
Linked-In: https://www.linkedin.com/legal/privacy-policy 
Twitter: https://twitter.com/de/privacy
Instagram: https://de-de.facebook.com/help/instagram/519522125107875

LinkedIn Plugin

This website uses functions of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

Every time a page on this website is called that contains LinkedIn functions, a connection is established with LinkedIn’s servers. LinkedIn is informed that you have visited this website with your IP address. When you click on LinkedIn’s “recommend button” and you are logged into your LinkedIn account, it is possible for LinkedIn to connect your visit to this website, to you and your user account. We would like to draw your attention to the fact that we as the provider of these pages have no knowledge of the contents of the data transmitted nor of their use by LinkedIn.

Use of the LinkedIn plugin is based on Art. 6, Par. 1 (f) of the GDPR. The website operator has a legitimate interest in the most extensive visibility possible on social media. Provided corresponding consent was retrieved, processing proceeds exclusively on the basis of Art. 6 Par. 1 (a) of the GDPR; this consent may be revoked at any time. Data transfer to the USA is based upon the standard contractual clauses of the EU Commission.

Details can be found here:

https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem-ewr-und-derschweiz?lang=de

Further information can be found in LinkedIn’s Data Privacy Statement at

https://www.linkedin.com/legal/privacy-policy.

Google My Business

We maintain a so-called Google My Business listing. Should you find us in this manner, we refer back to the information service provided by Google and the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4 Ireland (hereafter referred to as “Google”).

We draw your attention to the fact that you are responsible for your use of the Google page and its functions. This applies particularly to use of the social and interactive functions (i.e., commenting, sharing, rating, direct messaging). When visiting and interacting with our Google My Business listing, Google records your IP address as well as other information that is available on your end device in the form of so-called cookies. This information is used to make statistical information available to us as the operator of the Google My Business listing about uses of Google services. The data collected about you in this context is processed by Google and transferred if necessary to countries outside the European Union. Google provides a general description of which information Google receives and how it is used, and provides more information, in the data privacy agreement:

https://policies.google.com/privacy?hl=de


We are not aware of how Google uses the data from your visit for its own purposes, to what extent activities of individual users are matched, how long Google stores this data, and whether data is transferred to third parties. When accessing Google services, the IP address assigned to your end device is transmitted to Google. Moreover, Google stores information about users’ end devices. When appropriate, it is possible for Google to match IP addresses to individual users or user accounts.

Should you contact us via our Google My Business entry or via other Google services using direct messaging, we cannot exclude the possibility that these messages can also be read and evaluated by Google (both employees as well as automated means). We therefore advise that you do not share personal data with us over these channels. Instead, another form of communication should be chosen as early as possible. At the latest, we erase conversations 14 days after the last chat activity or immediately after switching to another communication channel. Use of this service is subject to the Google Data Privacy Agreement to which you have already agreed by using the service.

As the provider of our Google My Business listing, we collect and process no other data from your use of this Google product.

 

H. Applications

Handling of Applicant Data

We offer you the possibility to apply to us for employment (i.e., via email, postal mail, or online application form). In the following section, we endeavor to inform you about the scope, purpose, and use of your collected personal data within the context of the application process. We ensure that the collection, processing, and use of your data proceeds in agreement with current data protection law and with all further legal provisions, and that your data is handled in strict confidence.

Scope and Purpose of the Data Collection

When you submit an application to us, we process your personal data attached to it.

We process personal data that we receive in the context of your application.

At the time when you establish contact with us, as well as within the context of an application process, the following data in particular are considered, provided you have transmitted it to us:

  • Personal details (name, address and other contact information, date and place of birth, citizenship),
  • Banking information (for the purpose of travel cost reimbursement)
  • Authentification information (such as identification card information)
  • Health data* (i.e., details regarding disabilities and, as applicable, denials for health reasons),
  • Qualification documentation (i.e., certificates, evaluations, and other documentation of education and training)
  • Details regarding your personal development
  • Details regarding your education and training
  • Details regarding your academic history
  • Details regarding your professional history
  • Photographs

If you submit your application by email:

            Email address

            Mail server

            Server's IP address

If you send your application using our online form or portal:

            IP address

*Particularly sensitive data according to Art. 9 Par. 1 of the GDPR

We collect this data as necessary relative to the decision regarding the justification for an employment relationship The legal basis for this is Par. 26 of the Federal Data Protection Act-new according to German law (initiation of an employment relationship), Art. 6 Par. 1 (b) of the GDPR).(contract initiation) and — provided you have granted consent — Art. 7 Par 1 (a) of the GDPR). Consent may be revoked at any time. Within our company, your personal data will be transferred exclusively to persons involved in processing your application.

Provided the application is successful, the data you have submitted will be stored pursuant to Par. 26 of the Federal Data Protection Act-new and Art 6 Par 1 (b) of the GDPR) for the purpose of establishing the employment relationship within our data processing systems.

Recipients of Your Data

Data that you share with us, will be transferred to executive management as well as the leading individuals in the respective responsible departments. For the necessary invoicing of travel expenditures as needed, your data will be transferred to the bookkeeping department as well as to our accountant.

However, we rely on service providers as needed for running our organization, operating our internet pages or, as another example, email communication. Likewise, we rely on external service providers such as accountants and company physicians. It may happen that one of these service providers obtains knowledge of personal data. We select our service providers carefully — particularly with regard to data privacy and security — and take all necessary measures in terms of data privacy for permissible data processing.

We transmit your personal data to third parties only when legally permitted or when you have consented.

Duration of Data Retention

In the event that we are unable to offer you a position, you decline a position offer or you withdraw your application, we reserve the right to retain the data you have submitted, based upon our legitimate interests (Art. 6 Par 1(f) of the GDPR) for up to 6 months following the end of the application process (refusal or withdrawal of the application) at our location. At the end of this period, the data will be erased and the physical application documents will be destroyed. Retention is particularly useful for purposes of verification in the event of a legal dispute. If it is evident that the data will be necessary after the 6-month period has lapsed, (i.e., due to a threatened or pending legal dispute), erasure will take place when the purpose for the continued retention is no longer valid.

Longer retention may occur if you have granted corresponding consent (Art. 6 Par.1 (a) of the GDPR) or if legal retention obligations prohibit the erasure.

Enrollment in the Applicant Pool

Provided we do not offer you a position, it may be possible to enroll you in our applicant pool. In the event of such enrollment, all documents and information from the application are entered into the applicant pool so that you may be contacted in the event of appropriate vacancies.

Enrollment in the applicant pool occurs exclusively based upon your express consent (Art. 6, Par. 1 (a) of the GDPR). Granting of consent is voluntary and is in no way related to the current application process. The data subject can withdraw her/his/their permission at any time. In such case, the data is irretrievably erased from the applicant pool, provided no legal grounds for storage exist.

Data from the applicant pool is erased two years at the latest after said consent is granted.

Procedure according to the General Equal Treatment Act (GETA).

 

I. Job-portal Rexx Systems

1. Technical provision of the website

We use a career portal from rexx systems GmbH, Süderstrasse 75-79, 20097 Hamburg. This runs on the servers of Rexx Systems and is embedded in our website as an iframe. If you click on it, you will be taken to a separate website, the career portal on the server of rexx systems.
On the career portal, hereinafter also referred to as website, you can enter data in a form and upload documents (online application procedure).
If you make use of these options of the online application procedure, the data entered in the input mask will be processed on servers of rexx systems GmbH and transmitted to us and stored.
Only those data are collected that are necessary in the course of your application.
Personal data includes:

  • Salutation, title if applicable, surname, first name, contact details
  • Information on the current employment relationship, insofar as this exists with a federal authority with so-called surplus personnel
  • Information on the fulfilment of the mandatory and desirable requirement criteria according to the job advertisement.

In addition, the following health data are processed from the category of data requiring special protection:

  • Information on the existence of a severe disability or equality


Of course, we will only use your information to process your application. Your personal data will be processed during the application process; this may vary depending on the vacancy. The legal basis for processing your personal data as part of the application process is § 26 BDSG and Art. 6 para. 1 p. 1 lit. a), b) and f) DSGVO. If no contract is concluded, your personal data will be deleted after 6 months following the conclusion of the application process, unless you have given us your expressed consent to store your data for a longer period.
As is often the case with most websites, further data is processed on the career portal itself:

1. Technical provision of the career portal

When using the career portal for information purposes only, i.e. if you do not register or otherwise transmit information to us (e.g. via a contact form), the following technical information (log file data) is collected:

  • Operating system of the end device with which you visit our website
  • Browser (type, version & language settings)
  • the amount of data retrieved
  • the current IP address of the end device with which you are visiting our website
  • date and time of access
  • the URL of the previously visited website (referrer)
  • the URL of the (sub)page you are accessing on the website
  • the Internet service provider of the accessing system.

The collection of this data is technically necessary to display the website ( career portal) to you and to ensure stability and security. We (and our service provider) do not regularly know who is behind an IP address. We do not combine the data listed above with other data.

The legal basis for storing the data/log files is Art. 6 Abs. 1 S. 1 f) DSGVO in conjunction with. § 25 TTDSG.
The storage in log files ensures the proper functioning of the website and also serves to improve and secure our systems. Any further evaluation of this data (for example for marketing purposes) does not take place in this context. The data stored by Kappa optronics will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. This is the case after six weeks at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated so that an assignment of the calling client is no longer possible.

2. Cookies

The career portal uses so-called "cookies", which serve to make the Internet presence more user-friendly, effective and secure. Cookies are small text files that are stored on your computer system. We would like to point out that some of these cookies are transferred from our server to your computer system, whereby these are usually so-called "session cookies". "Session cookies" are characterised by the fact that they are automatically deleted from your hard drive at the end of the browser session. Other cookies remain on your computer system and enable us to recognise your computer system on your next visit (so-called permanent cookies). When accessing the website, the user is informed about the use of cookies and his or her consent to the processing of the personal data used is obtained. No personal data is stored in the cookies used. We only receive anonymised information on the basis of the cookies. Of course, you can reject cookies at any time, provided your browser allows this. Please note that certain functions of this website may not be available or may only be available to a limited extent if your browser is set to not accept cookies (from our website).The legal basis for possible processing of personal data by means of cookies and their storage period may vary. If you have given us your consent, the legal basis is Art. 6 (1) sentence 1 a) DSGVO. Insofar as the data processing is based on our overriding legitimate interests, the legal basis is Art.6 Abs.1 S.1 lit. f) DSGVO. The stated purpose then corresponds to our legitimate interest.
Technically necessary cookies serve to simplify the use of websites. The user data collected through technically necessary cookies are not used to create user profiles. Analysis cookies are used to improve the quality of the web pages and their content. Through the analysis cookies, we learn how the website is used and can constantly optimise our offer.
Cookies are stored on the user's computer and transmitted by it. Therefore, users also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

Name Provider Purpose Expire Type
sid

rexx systems

Contains an anonymous user ID so that multiple requests from one user can be assigned to the same HTTP session. 1 Hour Necessary cookies
cookieconsent_status

rexx systems

This cookie stores your cookie settings for this website. 30 Days Necessary cookies
_pk_id*

matomo

Registers a unique ID for a website visitor, which logs how the visitor uses the website. The data is used for statistics. 13 Months Web statistics
_pk_ref*

matomo

This cookie is used as a reference for the anonymous tracking session on the site. 6 Months Web statistics
_pk_ses*

matomo

This cookie stores a unique session ID. 30 Minutes Web statistics
MATOMO_SESSID

matomo

This cookie stores the website visit based on a session or visitor ID. This session cookie will be deleted when the browser is closed. Web statistics

 

3. Jobalert Newsletter

You can subscribe to a job alert on the career portal. To do so, you need to select the alerts you want and enter your mail address. This data will only be used to send you suitable job offers.

4. Contact form and e-mail

We provide you with a contact form on our website for easy contacting. The data entered in the input mask is transmitted to Kappa optronics and stored. In addition, the IP address of the user, as well as the date and time of the transmission are stored at the time of sending. Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user's personal data transmitted with the e-mail will be stored. The data will not be passed on to third parties. The data is used exclusively for processing the enquiry.
The legal basis for the processing of data is Art. 6 Abs. 1 S. 1 a) DSGVO if the user has given his or her consent. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 Abs. S. 1 1 f) DSGVO. If the e-mail contact aims at the conclusion of a contract, the legal basis for the processing is Art. 6 Abs. 1 S. 1 b) DSGVO.
The processing of the personal data is solely for the purpose of contacting you. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.

5. disclosure of personal data/recipients

In general, your personal data will not be passed on to third parties, unless we are legally obliged to do so, or the passing on of data is necessary for the execution of the contractual relationship, or you have previously given your express consent to the passing on of your data.
Your data will only be passed on to affiliated companies and service partners if they are acting on our behalf and are supporting Kappa optronics in the provision of its services. Any processing of your personal data by commissioned service providers is carried out within the framework of commissioned processing in accordance with Art. 28 DSGVO. The aforementioned service providers only receive access to such personal information that is necessary for the performance of the respective activity. These service providers are prohibited from disclosing your personal information or using it for other purposes, in particular for their own promotional purposes. Insofar as external service providers come into contact with your personal data, we have ensured through legal, technical and organisational measures as well as through regular checks that they also comply with the applicable data protection regulations. In detail, these are the following recipients: We do not pass on your personal data commercially to other companies. We value processing your data within the EU / EEA. However, it may happen that we use service providers who process data outside the EU / EEA. In these cases, we ensure that an adequate level of data protection comparable to the standards within the EU is established at the recipient before transferring your personal data. This can be achieved, for example, via EU standard contracts or Binding Corporate Rules or special agreements to whose regulations the company can submit.

6. Matomo

On this website, data is collected and stored for marketing and optimisation purposes using the web analytics service software Matomo (www.matomo.org). From this data, user profiles are created under a pseudonym; cookies are used for this purpose. Cookies are small text files that are stored locally in the cache of the site visitor's internet browser. The cookies enable the recognition of the internet browser. The data collected using Matomo technology (including your anonymised IP address) is transmitted to our server and stored for usage analysis purposes, which serves to optimise the website on our part. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor to this website and is not merged with personal data about the bearer of the pseudonym. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. The legal basis for the processing of the users' personal data is Art. 6 Abs. 1 S. 1 a) DSGVO.
The processing of the users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information on the use of the individual components of the website. This helps us to continuously improve the website and its user-friendliness. The collection and storage of data only takes place after explicit consent in accordance with Art. 6 Abs. 1 S. 1 lit. a) DSGVO.

The storage period is: 

Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, you also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website to their full extent. You can find more information on the privacy settings of the Matomo software under the following link: https://matomo.org/docs/privacy/.

J. Events and Trade Fairs

You have the option to register for certain events on our home page or by email, fax or telephone, by providing personal data.

The type of personal data that will be transferred to the controller results from the input screen that is used for the registration in question.

1. Purpose and Legal Foundation of Processing

The personal data you provide in addition to your IP address and the time of registration for the event are collected and stored exclusively for our internal use and for the organization and presentation of the event. The legal foundation of the processing is the fulfillment of a contract in accordance with Art. 6, Par. 1 (b) of the GDPR.

2. Duration of Storage and Logout

We process your data until the event has concluded and your data need no longer be stored for compelling legal reasons (i.e., for tax purposes).

3. Necessity of Supplying Personal Data

Supplying personal data is neither legally nor contractually required. You can withdraw your registration at any time.

 

30.11.2021

29.08.2022 "Microsoft Forms for Surveys"

Telephone +49 5508 974 - 0