Privacy policy

Scope

This privacy policy informs users about the nature, scope, and purposes of the collection and use of personal data by the responsible provider

KEFLA GmbH

Am Ockenheimer Graben 46-48

D-55411 Bingen am Rhein

Tel.: +49 67 21 – 96 310

Email: kefla[at]kefla.de

on this website (hereinafter referred to as "offer") and the offer portal, which can be accessed at https://to.kefla.de/kefla-go-en. The controller responsible for the processing of personal data is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data. The legal basis for data protection can be found in the General Data Protection Regulation (GDPR) and the Telecommunications and Telemedia Data Protection Act (TDDDG), among others.

This privacy policy also applies to our social media presence:

-  LinkedIn: https://www.linkedin.com/company/kefla-gmbh/

Contact details of the data protection officer

The data protection officer of the controller is:

ffp digital consulting GmbH
Gebäude 890
55483 Hahn-Flughafen

datenschutz[at]kefla.de

Access data / server log files

The controller uses Host Europe GmbH, Pilgrimstraße 6, 50674 Cologne (host) as its web space provider. The host collects data about every access to the website, known as server log files, for statistical analysis for the purposes of operation, security, and optimization of the website.

The access data includes:

-       Name of the website accessed

-       Date and time of the server request

-       Browser type and browser version

-       Operating system

-       IP address

-       Requesting provider

-       Referrer URL

-       Name of the file accessed and amount of data transferred

-       Message about the status of the retrieval

The host reserves the right to check the log data retrospectively if there are concrete indications of justified suspicion of illegal use. This data is not merged with other data sources. The basis for data processing is Art. 6 (1) (f) GDPR, which permits the processing of data on the basis of legitimate interest for the optimization of website operation and to ensure the security of the website.

We have concluded a data processing agreement with the provider in accordance with Art. 28 GDPR, which obliges them to protect the data of our website visitors and not to pass it on to third parties. For more information, please visit the following link: https://www.hosteurope.de/AGB/Datenschutzerklaerung/.

TLS encryption

This website uses TLS encryption for security reasons and to protect the transmission of personal data and other confidential content. You can recognize an encrypted connection by the string "https://" and the lock symbol next to the browser search bar.

Cookies

In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files that are stored on your device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable your browser to be recognized on your next visit (so-called persistent cookies). If cookies are set, they collect and process certain user information, such as browser and location data and IP address values, on an individual basis. Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can find the duration of the respective cookie storage in the overview of your web browser's cookie settings.

To manage your cookie settings, we use the cookie consent tool "Clickskeks," which is provided by Papoo Software & Media GmbH, Auguststr. 4, 53229 Bonn, Germany. This tool stores your individual settings for the services integrated on this website as well as log data, such as your IP address. Your cookie settings are processed on the basis of a legal obligation in accordance with Art. 6 (1) (c) GDPR and § 25 TDDDG. For more information about data processing by Clickskeks, please visit the following link: https://www.clickskeks.de/datenschutz.

In some cases, cookies are used to simplify processes by storing settings, e.g., by remembering information about several simultaneous page views within the same browser. If individual cookies used by us also process personal data, the processing is carried out in accordance with Art. 6 (1) (a) GDPR in the case of consent or in accordance with Art. 6 (1) (f) GDPR to safeguard our legitimate interests in the best possible functionality.

Please note that you can set your browser so that you are informed about the setting of cookies and can decide individually whether to accept them or to exclude the acceptance of cookies in certain cases or in general. Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings.

For more information on the respective browser, please visit the following links:

-       Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/konfigurieren-sie-die-datenschutzeinstellungen-ihren-bed%C3%BCrfnissen-entsprechend-8c923c9d-4ef2-849d-a399-4de716ecbbaf

-       Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen

-       Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en

-       Safari: https://support.apple.com/de-de/guide/safari/sfri11471/12.0/mac/10.14

-       Opera: https://help.opera.com/de/latest/web-preferences/#cookies.

Please note that if you do not accept cookies, the functionality of our website may be limited.

Contact

When you contact us, e.g. by email or telephone, personal data such as your email address, name, and telephone number will be collected. Only your email address is mandatory. All other information is voluntary and is used to address you personally when responding to your request.

This data is stored and used exclusively for the purpose of responding to your request or for establishing contact and the associated technical administration. The legal basis for the processing of this data is the implementation of pre-contractual measures or the fulfillment of the contract in accordance with Art. 6 (1) (b) GDPR. The provision of your data is necessary, as otherwise you will not be able to send us a message.

Your data will be deleted after your request has been processed. This is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no legal retention obligations to the contrary. In the event of the establishment of a contractual relationship, storage is governed by the legal provisions of the German Commercial Code and the German Fiscal Code.

Google Maps

This website uses the functions of Google Maps from Google LLC, 1600 Amphitheatre Parkway in Mountain View, CA 94043, USA ("Google"). Google Maps enables us to integrate maps. In this context, your IP address, location data, and possibly other data classified by Google as technically necessary are transmitted to Google. Google Maps is displayed using the Google Fonts web font service. Google Fonts provides a variety of fonts for this purpose. Your browser loads the required fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to the servers of the web font provider, Google LLC. In doing so, log data such as your IP address, browser data, and the time of the request are also processed.

The permissibility of this processing is based on Art. 6 (1) (a) GDPR (consent). You can decide for yourself whether you want to allow this processing. You can revoke your consent at any time with future effect by deactivating the checkbox in the Cookie Consent Tool.

We have concluded a data processing agreement with Google in accordance with Art. 28 GDPR, which obliges Google to protect the data of our website visitors and not to pass it on to third parties. When using Google Maps, personal data is transferred to the servers of Google LLC. in the USA. For the transfer of data from the EU to the USA, Google refers to the European Commission's standard contractual clauses in accordance with Art. 46 (2) (c) GDPR, which are intended to ensure compliance with European data protection standards in the USA.

For more information about Google Maps and Google's privacy policy, please visit the following links:

-       https://www.google.de/intl/de/policies/terms/regional.html

-       https://www.google.com/intl/de_US/help/terms_maps.html

-       https://www.google.de/intl/de/policies/privacy/.

Google Fonts

This website uses Google Fonts from Google LLC., 1600 Amphitheatre Parkway in Mountain View, CA 94043, USA. Google Fonts provides a variety of fonts. Your browser loads the required fonts into your browser cache to display text and fonts correctly. For this purpose, the browser you are using must connect to the servers of the web font provider. This involves the processing of log data such as your IP address, browser data, and the time of the request. Processing is carried out in accordance with Art. 6 (1) (a) GDPR on the basis of your consent. You can decide for yourself whether you want to allow this processing. You can revoke your consent at any time with future effect by deactivating the checkbox in the Cookie Consent Tool.

We have concluded a data processing agreement with Google for the use of Google Fonts in accordance with Art. 28 GDPR, which obliges Google to protect the data of our website visitors and not to pass it on to third parties. When using Google Fonts, personal data is transferred to the servers of Google LLC. in the USA. For the transfer of data from the EU to the USA, Google refers to the European Commission's standard contractual clauses in accordance with Art. 46 (2) (c) GDPR, which are intended to ensure compliance with European data protection standards in the USA.

For more information, please visit the following link: https://policies.google.com/privacy/frameworks?hl=de.

Google Analytics and Tag Manager

This website uses the online analysis tool Google Analytics from Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). We use Google Analytics to collect statistical evaluations of paid search engine advertising and the behavior of users of our website. This involves evaluating every interaction (downloads, page views, duration of visit, etc.) of the user with the website. In connection with Google Analytics, the tag management system Google Tag Manager (googletagmanager.com) is used. This is used to define and provide tags and processes log data such as your IP address. These functions are only active if you have consented to the use of Google Analytics. In this context, your IP address, approximate location data, browser and device information, and possibly other data classified by Google as technically necessary, are transmitted to Google. The permissibility of this processing is based on Art. 6 (1) (a) GDPR (consent).

You can revoke your consent at any time with future effect by deactivating the checkbox in the Cookie Consent Tool.

We have concluded a data processing agreement with Google in accordance with Art. 28 GDPR, which obliges Google to protect the data of our website visitors and not to pass it on to third parties. When using Google Analytics, personal data is transferred to the servers of Google LLC. in the USA. For the transfer from the EU to the USA, Google refers to the European Commission's standard contractual clauses in accordance with Art. 46 (2) (c) GDPR, which are intended to ensure compliance with European data protection standards in the USA.

For more information about Google Analytics, Google Tag Manager and Google's privacy policy, please visit the following links:

-       https://www.google.de/intl/de/policies/terms/regional.html

-       https://marketingplatform.google.com/about/analytics/terms/de/

-       https://support.google.com/analytics/answer/6004245

-       https://support.google.com/tagmanager/answer/7207086?hl=de/.

WordPress icons

This website uses WordPress services to display icons. When you visit the website, your browser loads the required icons into your browser cache in order to display them correctly. For this purpose, the browser you are using has to connect to the servers of the provider Auttomatic Inc., 60 29th Street #343. San Francisco, CA 94110, USA. This involves the processing of log data such as your IP address, browser data, and the time of the request. Processing is carried out in accordance with Art. 6 (1) (a) GDPR on the basis of your consent. You can decide for yourself whether you want to allow this processing. You can revoke your consent at any time with future effect by deactivating the checkbox in the Cookie Consent Tool. Automattic Inc. relies on an adequacy decision by the EU Commission under the EU-U.S. Data Privacy Framework pursuant to Art. 45 (1) GDPR for the legality of the transfer of data to the USA.

For more information, please visit the following link: https://automattic.com/privacy/

Career portal (HR Works )

On our website, we offer job seekers the opportunity to apply online using a form. Admission to the application process requires, that, for a well-founded and informed assessment and selection, applicants provide us with all necessary personal data via the form. The required information includes general personal details (name, address, telephone or email contact details) and performance-specific evidence of the qualifications required for the position. Where necessary, health-related information may also be required which, in the interests of social protection, must be given special consideration in terms of labor and social law in relation to the applicant.

When the form is submitted, the applicant data is transmitted to us in encrypted form using state-of-the-art technology, stored by us, and evaluated exclusively for the purpose of processing the application. The legal basis for this processing is Art. 6 (1) (b) GDPR, according to which the application process is considered to be the initiation of an employment contract. Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR (e.g. health data such as information on severe disability) are requested from applicants, the processing is carried out in accordance with Art. 9 (2) (b) GDPR so that we can exercise the rights arising from labor law and social security and social protection law and fulfill our obligations in this regard. Cumulatively or alternatively, the processing of special categories of data may also be based on Art. 9 (1) (h) GDPR if it is carried out for the purposes of health care or occupational medicine, for the assessment of the applicant's ability to work, for medical diagnosis, care or treatment in the health or social sector, or for the management of systems and services in the health or social sector.

If the applicant is not selected in the course of the evaluation described above or if an applicant withdraws their application prematurely, the data submitted in the form will be deleted after a corresponding notification at the latest after 6 months. This period is based on our legitimate interest in answering any follow-up questions regarding the application and, if necessary, in fulfilling our obligations to provide evidence under the regulations on equal treatment of applicants. In the event of a successful application, the data provided will be further processed on the basis of Art. 6 (1) (b) GDPR for the purposes of implementing the employment relationship.

Optionally, we offer you the opportunity to use your application for further application procedures by including it in our talent pool, or to forward your application for other suitable job vacancies within the group of companies to the following companies:

-       KEFLA France – Verrerie du Futur S.à.r.l, 4 Rue des Frères Peugeot, 68127 Sainte Croix en Plaine, France

-       KEFLA UK Ltd., Whiteleaf Business Centre, 11 Little Balmer, Buckingham, MK18 1TF, England

The permissibility of this processing is governed by Art. 6 (1) (a) GDPR or, in the case of special categories of personal data, by Art. 9 (2) (a) GDPR (consent). You can decide for yourself whether you wish to consent to this processing. You can revoke your consent at any time with effect for the future.

The career portal is operated by HRworks GmbH, Waldkircher Str. 28, 7916 Freiburg, Germany (HRworks), and provided via servers of Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, L-1855 Luxembourg. We have concluded a data processing agreement with HRWorks in accordance with Art. 28 GDPR, which obliges HRWorks to protect the data of our website visitors and applicants and not to pass it on to third parties.

When using the application tool, personal data may be transferred to the servers of Amazon Web Services, Inc. in the USA. For the transfer of data from the EU to the USA, Amazon refers to the European Commission's standard contractual clauses in accordance with Art. 46 (2) (c) GDPR, which are intended to ensure compliance with European data protection standards in the USA.

For more information, please visit the following link: https://www.hrworks.de/unternehmen/datenschutz/.

Newsletter

We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you an email newsletter once you have expressly confirmed that you agree to receive the newsletter. After registering via our website, we will send you a confirmation email asking you to confirm that you wish to receive the newsletter in future by clicking on a corresponding link. By registering for the newsletter via our website and activating the confirmation link, you give us your consent to use your personal data in accordance with Art. 6 (1) (a) GDPR.

When you register for the newsletter, your IP address entered by your Internet service provider (ISP) and the date and time of registration are stored in order to be able to trace any possible misuse of your email address at a later date. You can revoke your consent at any time for the future and unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending a message to the person responsible at mentioned above. Once you have unsubscribed, your email address will be deleted from our newsletter distribution list immediately.

Our email newsletter is sent via the technical service provider Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin. We use them as a processor within the meaning of Art. 4 (8) GDPR. We have concluded a data processing agreement with Sendinblue in accordance with Art. 28 GDPR, which obliges Sendinblue to protect the data of our subscribers and not to pass it on to third parties.

Further information on this can be found at: https://www.brevo.com/de/legal/privacypolicy/

Social media (LinkedIn)

KEFLA GmbH has a company page on the social media platform LinkedIn. This provides further information about the company and offers an additional opportunity for exchange. When you visit the LinkedIn page, certain information about you is processed. LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland (LinkedIn) is responsible for this processing of personal data.

For more information on LinkedIn, please visit the following link: https://de.linkedin.com/legal/privacy-policy.

Information that you have provided via LinkedIn will be processed by KEFLA GmbH. Such information may include your username, contact details, or a message. This personal data will only be processed by KEFLA GmbH for the purpose of responding to your specific inquiry or handling your request. This processing is carried out by KEFLA GmbH as the sole controller for the purpose of initiating or executing a contract. The legal basis for data processing is Art. 6 (1) (b) GDPR. In addition, such data may be used in anonymized form for internal evaluation and marketing purposes. This processing is carried out on the legal basis of Art. 6 (1) (f) GDPR and serves the interest of further developing the services offered by KEFLA GmbH.

Please note that, in accordance with the privacy policy of LinkedIn Ireland Unlimited Company, user data may also be processed by LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA, or other third countries. For the transfer of data from the EU to the USA, LinkedIn refers to the European Commission's standard contractual clauses in accordance with Art. 46 (2) (c) GDPR, which are intended to ensure compliance with European data protection standards in the USA. For more information, please visit the following link: https://www.linkedin.com/help/linkedin/answer/a1343190/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=de

Offer portal (to.kefla.de/kefla-go)

For the purpose of requesting quotations, we use an external service provided by Onepage GmbH, Hanauer Landstraße 172, 60314 Frankfurt am Main (provider), which is made available via servers of Google LLC, 1600 Amphitheatre Parkway in Mountain View, CA 94043, USA (host).

This service collects data about each access to the offer, so-called server log files, for statistical evaluations for the purpose of operation, security, and optimization of the offer.

The host reserves the right to check the log data retrospectively if there are concrete indications of justified suspicion of illegal use. This data is not merged with other data sources. The basis for data processing is Art. 6 (1) (f) GDPR, which permits the processing of data on the basis of legitimate interest for the optimization of website operation and to ensure the security of the website.

The Content Delivery Network OneCDN from Onepage GmbH is used to provide central scripts, fonts, and icons. This is loaded via servers from Amazon.com Inc., 410 Terry Ave N, Seattle 98109, WA, USA. When the content provided by the above-mentioned service is loaded into your browser, so-called log files are transferred, which contain, among other things, your IP address, the time of retrieval, and the amount of data transferred. This processing serves the proper display, function, and security of the service. The legal basis for the processing is Art. 6 (1) (f) GDPR (legitimate interest).

We use the One Stats Metadata analysis tool provided by Onepage GmbH via OneCDN to collect statistical evaluations of the behavior of users of our website. Each interaction (visits to subpages, duration of visit, etc.) of the user with the website is evaluated. These functions are only active if you have consented to the use of One Stats Metadata. In this context, your IP address, approximate location data, browser and device information, and possibly other data deemed technically necessary by Onepage GmbH are transmitted to the provider. The permissibility of this processing is based on Art. 6 (1) (a) GDPR (consent). You can revoke your consent at any time with future effect by deactivating the checkbox in the Cookie Consent Tool.

We have concluded a data processing agreement with the provider in accordance with Art. 28 GDPR, which obliges them to protect the data of our website visitors and not to pass it on to third parties. For more information, please visit the following link:  https://onepage.io/de/datenschutzerklarung.

When using the offer portal, personal data may be transferred to the servers of Google LLC. and Amazon.com Inc. in the USA. For the transfer of data from the EU to the USA, Onepage GmbH refers to the certification of the above-mentioned companies within the framework of the EU-U.S. Data Privacy Framework in accordance with Art. 45 (1) (c) GDPR.

Rights of the data subject

The applicable data protection law grants you comprehensive rights as a data subject (rights of access and intervention) vis-à-vis the controller with regard to the processing of your personal data, which we inform you about below:

- Right of access pursuant to Art. 15 GDPR: In particular, you have the right to obtain information about your personal data processed by us, the purposes of the processing, the categories of personal data processed , the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data if it was not collected by us from you, the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved and the significance and intended effects of such processing on you, as well as your right to be informed of the guarantees in accordance with Art. 46 GDPR when your data is transferred to third countries;

- Right to rectification pursuant to Art. 16 GDPR: You have the right to have inaccurate data concerning you rectified without delay and/or to have incomplete data stored by us completed;

- Right to erasure pursuant to Art. 17 GDPR: You have the right to request the erasure of your personal data if the conditions of Art. 17 (1) GDPR are met. However, this right does not apply in particular if the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;

- Right to restriction of processing pursuant to Art. 18 GDPR: You have the right to request the restriction of the processing of your personal data for as long as the accuracy of your data is being verified if you contest the accuracy of your data, if you refuse to have your data deleted due to unlawful data processing and instead request the restriction of the processing of your data, if you need your data to assert, exercise or defense of legal claims after we no longer need this data to fulfill the purpose, or if you have lodged an objection for reasons relating to your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;

- Right to notification pursuant to Art. 19 GDPR: If you have asserted your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.

- Right to data portability pursuant to Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request its transfer to another controller, insofar as this is technically feasible.

- Right to withdraw consent pursuant to Art. 7 (3) GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal;

- Right to lodge a complaint pursuant to Art. 77 GDPR: If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work, or the place of the alleged violation, without prejudice to any other administrative or judicial remedy.

Revocation, changes, deletion, and right to information

If, in the context of a balancing of interests, we process your personal data on the basis of our overriding legitimate interest pursuant to Art. 6 (1) (f) GDPR, you have the right to object to this processing at any time with effect for the future for reasons arising from your particular situation.

If you exercise your right to object in accordance with Art. 21 GDPR, we will stop processing the data concerned. However, we reserve the right to continue processing if we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, fundamental rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims.

If we process your personal data on the basis of Art. 6 (1) (f) GDPR and § 7 (3) UWG (German Unfair Competition Act) for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. You can exercise your right to object as described above. If you exercise your right to object in accordance with Art. 21 GDPR, we will stop processing the data concerned for direct marketing purposes.

Duration of storage of personal data

We only store your personal data for as long as is absolutely necessary. The duration of the storage of personal data is determined on the basis of the respective legal basis, the purpose of processing and, if relevant, the respective statutory retention period (e.g., commercial and tax law retention periods).

When processing personal data on the basis of express consent in accordance with Art. 6 (1) (a) GDPR, this data is stored until the data subject revokes their consent. If personal data is processed for the purpose of initiating or executing contractual relationships on the basis of Art. 6 (1) (b) GDPR, it will be deleted as soon as the initiation of the contractual relationship has failed or the contractual relationship that has been established has ended and we have no legitimate interest in storing the data. Such a legitimate interest exists, for example, for the defense or assertion of legal claims. In these cases, the deletion period is determined in accordance with the relevant statutory limitation period.

If there are statutory retention periods for data, this data will be processed for the duration of the relevant retention periods on the basis of Art. 6 (1) (c) GDPR. This data will be routinely deleted after the retention periods have expired, provided that we no longer have a legitimate interest in continuing to store it.

When processing personal data on the basis of Art. 6 (1) (f) GDPR, this data is stored until the data subject exercises their right to object under Art. 21 (1) GDPR, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or the processing serves to assert, exercise, or defend legal claims. Irrespective of the exercise of the right to object (Art. 21 (1) GDPR), the data will be deleted as soon as our legitimate interest in processing expires or the purpose of processing has been achieved.

When processing personal data for the purpose of direct marketing on the basis of Section 7 (3) UWG and Art. 6 (1) (f) GDPR, this data will be processed until the data subject exercises their right to object under Art. 21 (2) GDPR.

Unless otherwise specified in the other information in this statement on specific processing situations, stored personal data will otherwise be deleted when it is no longer necessary for the purposes for which it was collected or otherwise processed.