Name and address of the responsible party

The responsible party as defined in the General Data Protection Regulation and other data protection laws of Member States as well as other data protection regulations is:

Klawa-Anlagenbau GmbH
Bahnwiesenweg 6
34281 Gudensberg
Germany
Tel.: +49 (0) 5603/93250
Email: info@remove-this.klawa-gmbh.de
Website: www.klawa-gmbh.de

II.    Name and address of the Data Protection Officer

The Data Protection Officer for the responsible party is:

Benjamin Trott
KLAWA-Anlagenbau GmbH
Bahnwiesenweg 6
34281 Gudensberg
Germany
Email: datenschutzbeauftragter@remove-this.klawa-gmbh.de
Website: www.klawa-gmbh.de

III.    General information on data processing

1.    Scope of the processing of personal data
In principle, we collect and use the personal data of our users only to the extent necessary to be able to provide a functional website and our content and services. The collection and use of personal data pertaining to our users is collected on a regular basis only after the consent of the user has been obtained. An exception applies to cases whereby prior consent cannot be obtained for practical reasons and where the processing of data is permitted by law.

2.    Legal basis for the processing of personal data
If we obtain the consent of the person concerned for the processing of personal data, Art. 6 Para. 1 letter a of the EU General Data Protection Regulation (GDPR) shall serve as the legal basis.
If the processing of personal data is required in order to conclude a contract in which the person concerned is party to, Art. 6 Para. 1 letter b GDPR shall serve as the legal basis. This also applies to processing procedures required to carry out pre-contractual measures.
If the processing of personal data is required in order to fulfil a legal obligation that our company is subject to, Art. 6 Para. 1 letter c GDPR shall serve as the legal basis.
In the event that the vital interests of the person concerned, or of any other natural person, make it necessary to process personal data, Art. 6 Para. 1 letter d GDPR shall serve as the legal basis.
If the processing of data is required to safeguard the legitimate interests of our company or those of a third party, and the interests, fundamental rights and freedoms of the person concerned do not outweigh the aforementioned interests, then Art. 6 Para. 1 letter f GDPR shall serve as the legal basis for the processing.

3.    Data erasure and duration of data retention
Personal data pertaining to the person concerned shall be deleted or made inaccessible once the purpose for storing the data no longer applies. Data may be stored beyond this period if provided for by the European or national legislator in EU regulations, laws or other regulations to which the responsible party is subject.  Blocking or erasure of the data shall also take place when the storage period stipulated by the aforementioned standards expires, unless the continuation of data storage if required to conclude a contract or to fulfil contractual obligations.

IV.    Website provision and the creation of log files

1.    Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the computer used to access the website.
The following data is collected in this instance:

• IP address
• Time and date of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Request content (certain page)
• Access status/HTTP status code
• Respective amount of data transferred
• Website from which the request came
• Browser
• Operating system and interface
• Language and version of browser software.

The data is also stored in our system’s log files. This data is not stored together with other personal data pertaining to the user.

2.    Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 Para. 1 letter f GDPR.

3.    Purpose of data processing
The temporary storage of the IP address by our system is required in order to display the website on the user’s computer. The user’s IP address must be stored for the duration of the session for this purpose.

Data is stored in log files to ensure that the website functions properly. This data is also used to optimise the website, to ensure the security of our IT systems and is not analysed for marketing purposes in this context.

These purposes also demonstrate our legitimate interest in data processing in accordance with Art. 6 Para. 1 letter f GDPR.

4.    Duration of data retentionThe data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. Where data is collected for the provision of the website, the data will be deleted once the respective session is completed.

If data is stored in log files, it will be deleted after seven days at the latest. It is possible that data may be stored beyond this period. In this instance, the user’s IP addresses will be deleted or distorted so that they can no longer be assigned to the person who accessed the website.

5.    Option to object and request disposal
The collection of data for the provision of the website and the storage of data in log files are both essential prerequisites for our website to function properly. As a result, the user does not have the option to object.

V.    Use of cookies

a) Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in or by the internet browser on the user’s computer system. If a user visits a website, a cookie can therefore be stored on the user’s operating system. This cookie contains a distinctive sequence of characters that enable the browser to be clearly identified when the website is visited again.
We also use cookies on our website that enables us to analyse the behaviour of the user when they surf the internet.
The following data can be transferred in this way:

• IP address
• Time and date of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Request content (certain page)
• Access status/HTTP status code
• Respective amount of data transferred
• Website from which the request came
• Browser
• Operating system and interface
• Language and browser software version.

Data pertaining to the user collected in this way is pseudonymised through technical precautions. This means that the data can no longer be attributed to the user who visited the site. This data is not stored together with other personal data pertaining to the user.

When visiting our website, users will be informed by an information banner about the use of cookies for analytical purposes and directed to this privacy policy. In this context, there is also an indication of how the storage of cookies can be prevented in the browser settings.

b) Legal basis for data processingThe legal basis for the processing of personal data using technically necessary cookies is Art. 6 Para. 1 letter f GDPR.

The legal basis for the processing of personal data using cookies for analytical purposes, provided the user has granted consent to this effect, is Art. 6 Para. 1 letter a GDPR.

c) Purpose of data processingThe use of analytical cookies is for the purpose of improving the quality of our website and its content. The analytical cookies inform us how the website is being used and this enables us to continually optimise our website.

These purposes also demonstrate our legitimate interest in data processing in accordance with Art. 6 Para. 1 letter f GDPR.

e) Duration of data retention, option to object and disposal options
Cookies are stored on the user’s computer and transferred from there to our site. Therefore, you, as the user, have complete control over the use of cookies. You can disable or restrict the transfer of cookies by adjusting the settings in your internet browser. Cookies that have already been stored can be deleted at any time. This can also take place automatically. If cookies are disabled for our website, you may not be able to access all the features on the website in full.

VI.    Contact form and contact via email

1.    Description and scope of data processing
A contact form is provided on our website, which can be used to initiate contact electronically. If a user chooses to exercise this option, data entered in the entry form will be transferred to us and stored. This data is as follows:

Contact form
IP address, Time and date of the request, Information material, First name, Surname, Email, Telephone number, Company, Fax, Street, House number, Postcode, Town/city, Message

Configurator for pipelines
IP address, Time and date of the request, Material, Nominal diameter, Pipelines, Details (L, h), First name, Surname, Company, Postcode, Town/city, Email

In order to process data, your consent is obtained and you will be directed to this privacy policy as part of the submission process.

Alternatively, you can make contact via the email address provided. In this instance, personal data pertaining to the user transmitted with the email will be stored.

Data will not be shared with third parties in this context. This data is used exclusively to process the conversation.

3.    Legal basis for data processing The legal basis for the processing of data, provided the user has given consent to this effect, is Art. 6 Para. 1 letter a GDPR.

The legal basis for processing data transferred in the course of sending an email is Art. 6 Para. 1 letter f GDPR. If the purpose of the email contact is to conclude a contract, then the legal basis for the processing is Art. 6 Para. 1 letter b GDPR.

4.    Purpose of data processing
The personal data from the entry form is exclusively used to enable us to process the message. If contact is made by email, there is also a legitimate interest in processing the data, as is necessary.
Any other personal data processed during the submission process serves to prevent misuse of the contact form and to ensure the security of our IT systems.

5.    Duration of data retentionData shall be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For personal data sent via the entry form or by email, this is deemed the date the respective conversation with the user has ended. The conversation is considered to have ended when it can be inferred from the circumstances that the matter has been conclusively resolved.

Any other personal data processed during the submission process will be deleted after a period of seven days at the latest.

6.    Option to object and request disposal
The user has the option to revoke their consent to the processing of their personal data at any time. If the user contacts us by email, they can object to the storage of their personal data at any time. In such cases, the conversation cannot be continued.
All personal data that was stored over the course of contact being made will be deleted in this instance.

VII.    Web analysis through Matomo (formerly PIWIK)

1.    Scope of the processing of personal data
We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the behaviour of our users when surfing the internet. The software stores a cookie on the user’s computer (for cookies see above). If individual pages on our website are visited, the following data will be stored:

• Two bytes of the IP address of the system used by the user to access the site
• The website that was accessed
• The website from which the user accesses our website (referrer)
• The sub-pages that are accessed from the web page that was initially accessed.
• The duration of the visit to the website
• How often the website is accessed

The software works in this way exclusively on our website’s servers. Personal data pertaining to the user is only stored there. This data is not shared with third parties.

The software is set up in such a way that complete IP addresses are not stored; instead 2 bytes of the IP address are hidden (e.g. 192.168.xxx.xxx). This means that the shortened IP address can no longer be attributed to the computer that was used to access the site.

2.    Legal basis for the processing of personal data
The legal basis for the processing of personal data is Art. 6 Para. 1 letter f GDPR.

3.    Purpose of data processing
Processing the personal data of our users allows us to analyse their behaviour when surfing the internet. By analysing the data we obtain, we are able to compile information about how individual parts of our website are used. This helps us to improve our website and user-friendliness on a continual basis. These purposes also demonstrate our legitimate interest in processing the data in accordance with Art. 6 Para. 1 letter f GDPR. The anonymisation of the IP address sufficiently takes into account the interest of users regarding the protection of their personal data.

4.    Duration of data retention
This data will be deleted as soon as it is no longer required for our record-keeping purposes.

In our case, this is after a period of 12 months.

5.    Option to object and disposal options
Cookies are stored on the user’s computer and transferred from there to our site. Therefore, you, as the user, have complete control over the use of cookies. You can disable or restrict the transfer of cookies by adjusting the settings in your internet browser. Cookies that have already been stored can be deleted at any time. This can also take place automatically. If cookies are disabled for our website, you may not be able to access all the features on the website fully.
We offer our users the possibility to opt out of this analytical method on our website. To do this, they must click on the corresponding link. This means a further cookie will be stored on your system, which will consequently inform our system not to store data pertaining to the user. If the user deletes the relevant cookie, then they will have to set the opt-out cookie once more.
Further information on the Matomo software privacy settings can be found under the following link: matomo.org/docs/privacy/.

VIII.    Rights of the person concerned

The following list encompasses all of the rights of those concerned in accordance with the GDPR. Rights that bear no relevance to your own website do not have to be mentioned. The list can be shortened in this respect.
If personal data pertaining to you is processed, you are the party concerned within the meaning of the GDPR and you have the following rights against the responsible party:

1.    Right of access
You can ask the responsible party to confirm if personal data pertaining to you is being processed by us.
If such processing is taking place, you can request the following information from the responsible party:

• The purposes for which the personal data is being processed;
• The categories of personal data that are being processed;
• The recipients and the categories of recipients to whom personal data pertaining to you has been disclosed or is still being disclosed;
• The planned length of time the personal data pertaining to you will be stored for, or, if precise details are not possible here, the criteria for determining the duration of data retention;
• The existence of a right to rectification or erasure of personal data pertaining to you, a right to restrict processing by the responsible party or a right to object this processing;
• The existence of a right to appeal to the supervisory authorities;
• All available information on the origin of the data, if the personal data was not collected from the person concerned;
• The existence of an automatic decision-making including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and – at least in these cases - conclusive information on the logic involved, the scope and the intended implications of such processing for the person concerned.

You have the right to request information on whether your personal data has been transferred to a third country or international organisation. In this regard, you can ask to be informed about the relevant guarantees relating to the transfer of data in accordance with Art. 46 GDPR.

2.    Right to rectification 
You have a right to rectification and/or completion against the responsible party if the personal data pertaining to you that has been processed is incorrect or incomplete. The responsible party must make the correction immediately.

3.    Right to restriction of processing
You can request for the processing of your personal data to be restricted under the following conditions:

• If you contest the accuracy of your personal data for a period of time that enables the responsible party to verify the accuracy of your personal data;
• The processing is unlawful and you refuse to have your personal data deleted and instead request for the use of your personal data to be restricted;
• The responsible party no longer needs your personal data for the purposes of processing, but you need it to assert, exercise or defend your legal rights, or
• If you have formally objected to the processing in accordance with Art. 21 Para. 1 GDPR and it has not yet been determined if the legitimate reasons of the responsible party outweigh your reasons.

If the processing of your personal data was restricted, this data – with the exception of its storage – may only be processed with your consent or to assert, exercise or defend legal rights, or to protect the rights of another natural or legal person or for reasons of significant public interest to the Union or a Member State.
If the restriction to processing has been restricted in accordance with the abovementioned conditions, you will be notified by the responsible party before the restriction is lifted.

4.    Right to erasure
a)    Obligation to erase
You can ask the responsible party to erase personal data pertaining to you immediately, and the responsible party is obligated to erase this data immediately, provided one of the following reasons applies:

• The personal data pertaining to you is no longer required for the purposes for which it was collected or otherwise processed.
• You revoke your declaration of consent on which the processing was based in accordance with Art. 6 Para. 1 letter a or Art. 9 Para. 2 letter a GDPR, and there is no other legal basis for processing.
• You lodge an objection in accordance with Art. 21 Para. 1 GDPR against the processing and there are no legitimate reasons of higher importance for the processing, or you lodge an objection in accordance with Art. 21 Para. 2 GDPR against the processing.
• The personal data pertaining to you is being unlawfully processed.
• The erasure of personal data pertaining to you is necessary to fulfil legal obligations in accordance with Union law or the law of the member states to which the responsible party is subject.
• The personal data pertaining to you was collected in relation to information society services offered in accordance with Art. 8 Para. 1 GDPR.

b)    Information to third parties
If the responsible party has made your personal data public and if they are obliged to delete it in accordance with Art. 17 Para. 1 GDPR, they shall take appropriate measures taking account of the technology available and the implementation costs, including technical means, in order to inform those responsible for processing personal data pertaining to you that you as the person concerned have requested the erasure of all links to this personal data or copies or replications of this personal data.

c)    Exceptions
The right to erasure does not exist as long as the processing is required

• to exercise the right to freedom of expression and information;
• to fulfil a legal obligation required by Union law or the laws of Member States to which the responsible party is subject, or to perform a task which is of public interest or takes place in the exercise of public authority, that was transferred to the responsible party;
• for reasons of public interest relating to public safety in accordance with Art. 9 Para. 2 letters h and i as well as Art. 9 Para. 3 GDPR;
• for archiving, scientific, historical research or statistical purposes that are of public interest in accordance with Art. 89 Para. 1 GDPR, provided the right named under letter a) is likely to render impossible or seriously affect achieving the objectives of this processing, or
• to assert, exercise or defend legal rights.

5.    Right to information
If you have exercised your right to rectification, erasure or restriction of processing against the responsible party, they are obligated to inform all recipients to whom your personal data was disclosed of this rectification or erasure of data, or the restriction to processing, unless this proves impossible or involves a disproportionate amount of effort.
You have the right against the responsible party to be informed about these recipients.

6.    Right to data portability
You have the right to receive personal data relating to you that you provided to the responsible party in a structured, current and machine-readable format. You also have the right to transmit this data to another party without obstruction by the responsible party to whom the personal data was provided, if

• the processing is based on a declaration of consent in accordance with Art. 6 Para. 1 a GDPR or Art. 9 Para. 2 a GDPR or on a contract in accordance with Art. 6 Para. 1 b GDPR and
• the processing takes place by means of automatic procedures.

By exercising this right, you also have the right to ensure that personal data pertaining to you is transferred directly from one responsible party to another, insofar as this is technically possible. The rights and freedoms of others must hereby not be infringed upon.
The right to data portability does not apply to the processing of personal data required to perform a task which is of public interest or takes place in the exercise of public authority that was transferred to the responsible party.

7.    Right to object
You have the right at any time, for reasons arising from your particular situation, to object to the processing of your personal data that takes place on the basis of Art. 6 Para. 1 letters e or f GDPR; this also applies to profiling based on these conditions.
The responsible party shall consequently no longer be permitted to process personal data pertaining to you, unless they can demonstrate compelling legitimate grounds for processing that outweigh your interests, or the processing serves to assert, exercise or defend legal rights.
If the personal data relating to you is processed in order to conduct direct marketing, you have the right to object at any time to the processing of your personal data for purposes related to such advertising; this also applies to profiling, as long as it is related to this type of direct marketing.
If you object to processing for direct marketing purposes, personal data relating to you will no longer be processed for these purposes.
You have the option, in the context of using information society services – irrespective of Directive 2002/58/EG – to exercise your right to object via automated procedures that use technical specifications.

8.    Right to revoke the data protection declaration of consent
You have the right to revoke your declaration of consent according to data protection law at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of the consent until it is revoked.

9.    Automated ruling on a case-by-case basis, including profiling
You have the right not to be subjected to a ruling based exclusively on automated processing – including profiling – that will have legal effect on you or impact on you in a similar manner. This does not apply if the ruling

• is to conclude or fulfil contractual obligations between you and the responsible party,
• is permissible on the basis of Union or Member State legislation to which the responsible party is subject, and the applicable legislation contains appropriate measures to safeguard your rights, freedoms and legitimate interests or
• takes place with your express consent.

However, these rulings may not be based on specific categories of personal data in accordance with Art. 9 Para. 1 GDPR, provided that Art. 9 Para. 2 letters a or g GDPR do not apply and appropriate measures have been taken to protect your rights and freedoms as well as your legitimate interests.
With regard to cases referred to in (1) and (3), the responsible party must take appropriate measures to uphold your rights, freedoms and legitimate interests, including at least the right to obtain the intervention of a person on behalf of the responsible party and the right to state their own position and appeal the decision.

10.    Right to complain to the supervisory authorities
Irrespective of any other administrative or legal remedy, you have the right to complain to a supervisory authority, in particular in the Member State where your place of residence and work are located or suspected infringement took place, if you believe the processing of your personal data is in violation of the GDPR.
The supervisory authority to which the appeal was issued shall inform the complainant of the status and the outcome of the appeal, including the possibility of a legal remedy in accordance with Art. 78 GDPR.