Privacy Policy

I. Name and address of the responsible data controller

 

The responsible data controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

KESSEL & KESSEL GmbH represented by the managing directors Bertine Kessel, Bernd Kessel, Prof. Dr. Heiko Roehl
Winsener Straße 1 21271 Hanstedt
Phone: + 49-4184-89880 E-mail: mail@kesselundkessel.de

 

II. General information about data processing

 

1. Extent of processing of personal data

In principle, we collect and use personal data of our users only to the extent necessary for the provision of a functional website and our content and services. The collection and use of personal data of our users takes place regularly only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.

 

2. Legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing of personal data, Art. 6 1 (a) EU General Data Protection Regulation (GDPR) is the legal basis.

In the processing of personal data necessary for the performance of a contract of which the data subject is a party, Art. 6 (1) (b) GDPR is the legal basis. This also applies to processing operations required to carry out pre-contractual actions.

Insofar as processing of personal data is required to fulfill a legal obligation that our company is subject to, Art. 6 (1) (c) GDPR is the legal basis.

If processing is necessary to safeguard the legitimate interests of our company or a third party, and if the interests, fundamental rights and freedoms of the data subject do not prevail over the first interest, Art. 6 (1) (f) GDPR is the legal basis for processing.

 

3. Data deletion and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, such storage may be provided for by the European or national legislator in EU regulations, laws or other regulations to which the controller is subject. Blocking or deletion of the data also takes place when a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for conclusion of a contract or fulfillment of the contract.

 

III. Provision of the website and creation of log files

 

1. Description and scope of data processing, transfer to third parties

Each time our website is accessed, our system automatically collects data and information from the computer system of the retrieving computer. The following data is collected here:

  • IP address,
  • Date and time of request,
  • Time zone difference to Greenwich Mean Time (GMT),
  • Content of the request (concrete page),
  • Access Status / HTTP status code
  • Transferred amount of data,
  • Website from which the request comes,
  • Browser,
  • Operating system and its interface,
  • Language and version of the browser software,
  • Country from which the visitor comes.

The data is also stored in the log files of our system. Storage of this data together with other personal data of the user does not take place.

The data will be sent to the host operator Abakus Elektronik Gmbh, Auepark, 21271 Hanstedt, https://www.x65.de/.

 

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 (1) (f) GDPR.

 

3. Purpose of data processing

The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user’s IP address must be kept for the duration of the session.

Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

Our legitimate interest in the processing of data according to Art. 6 (1) (f) GDPR lies in these purposes.

 

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For collecting the data for providing the website, this is the case when the respective session is completed.

For storing the data in log files, this is the case after no more than thirty days. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or pseudonymized, so that an assignment to the retrieving client is no longer possible.

 

5. Objection and correction options

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no option on the part of the user to object.

 

IV. Use of cookies

 

1. Description and scope of data processing

Our website uses session cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is reopened.

We use cookies to make our website more user-friendly. Some elements of our website require that the retrieving browser be identified even after a page break.

 

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 (1) (f) GDPR.

 

3. Purpose of data processing

The purpose of using technically necessary cookies is to facilitate the use of websites for users. Some features of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page break.

The user data collected through technically necessary cookies will not be used to create user profiles.

 

4. Duration of storage, objection and correction options

Cookies are stored on the computer of the user and transmitted by it to us. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.

 

V. Google Analytics analysis tool

 

1. Description and scope of data processing

This website uses Google Analytics, a web analytics service provided by Google Inc. (https://www.google.de/intl/de/about) (1600 Amphitheater Parkway, Mountain View, CA 94043, USA, hereinafter referred to as “Google”). In this context, pseudonymized usage profiles are created and cookies are used. The information generated by the cookie about your use of this website such as

  • Browser type / version,
  • Operating system used,
  • Referrer URL (the previously visited page),
  • Host name of the accessing computer (IP address),
  • Time of the server request,

are transmitted to a Google server in the US and stored there.

The information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website activity and Internet usage for the purposes of market research and tailor-made website design. Although this information may be transferred to third parties, if required by law or as far as third parties are commissioned to process this data, in no case will your IP address be merged with other Google data. The IP addresses are anonymized so that assignment is not possible (IP masking).

 

2. Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 (1) (f) GDPR. With the tracking measures to be used, we want to ensure the needs-based design and the continuous optimization of our website. We also use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer. These interests are to be regarded as justified within the meaning of the aforementioned provision.

 

3. Purpose of data processing

The purpose of the use is the continuous optimization and needs-based design of the website.

 

4. Duration of storage, objection and correction options

You can prevent the storage of cookies by a corresponding setting in your browser software. However, please be aware that in this case you may not be able to use all features of this website.

In addition, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser add-on available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent collection by Google Analytics by clicking on this link. An opt-out cookie will be set, which will prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

For more information about privacy related to Google Analytics, see the Google Analytics Help Center (https://support.google.com/analytics/answer/6004245?hl=en).

 

VI. E-mail contact

 

1. Description and scope of data processing

Contact is possible via the provided e-mail address. In this case, the user’s personal data transmitted by e-mail will be stored.

In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.

 

2. Legal basis for data processing

The legal basis for the processing of the data is with the consent of the user is Art. 6 (1) (a) GDPR.

The legal basis for the processing of the data transmitted in the course of sending an e-mail is Art. 6 (1) (f) GDPR. If the e-mail contact aims to conclude a contract, the additional legal basis for the processing is Art. 6 (1) (b) GDPR.

 

3. Purpose of data processing

The processing of personal data from the input mask serves us solely to process the contact. In the event of contact via e-mail, the required legitimate interest in the processing of the data also lies herein.

The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

 

4. Duration of storage

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. For the personal data from the input form of the contact form and data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.

The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.

 

5. Objection and correction options

The user has the possibility at any time to revoke their consent to the processing of the personal data. If the user contacts us by e-mail, they may object to the storage of their personal data at any time. In this event, the conversation cannot continue.

All personal data stored in the course of contact will be deleted in this event.

 

VII. Rights of the data subject

If personal data is processed regarding you, you are a data subject pursuant to GDPR and you have the following rights vis-a-vis the controller:

 

1.  Right to information

You may ask controller to confirm if personal data concerning you is processed by us.

If such processing is occurring, you can request information from the controller regarding the following:

(1) The purposes for which the personal data is being processed;

(2) The categories of personal data being processed;

(3) The recipients or the categories of recipients to whom the personal data relating to you has been disclosed or is still being disclosed;

(4) The planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the storage period;

(5) The existence of a right to correction or deletion of personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;

(6) The existence of a right of appeal to a supervisory authority;

(7) All available information on the source of the data if the personal data is not collected from the data subject;

(8) The existence of automated decision-making including profiling under Art. 22 (1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, and the scope and intended impact of such processing on the data subject.

You have the right to request information about whether your personal data is transferred to a third country or an international organization. In this connection, you can request the appropriate guarantees in accordance with. Art. 46 GDPR in connection with the transfer.

 

2. Right to correction

You have a right to correction and/or completion vis-a-vis the controller, if the personal data processed about you is incorrect or incomplete. The controller must make the correction without delay.

 

3. Right to restriction of processing

You may request the restriction of the processing of your personal data under the following conditions:

(1) If you contest the accuracy of your personal data for a period of time that enables the controller to verify the accuracy of your personal data;

(2) The processing is unlawful, and you decline the deletion of the personal data and instead demand the restriction of the use of the personal data;

(3) The controller no longer needs the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims; or

(4) If you object to the processing pursuant to Art. 21 (1) GDPR and it is not yet certain whether the legitimate reasons of the controller outweigh your reasons.

If the processing of personal data concerning you has been restricted, this data may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction on processing has been undertaken in accordance with the above conditions, the controller will inform you before the restriction is lifted.

 

4. Right to deletion

a) Obligation to delete

You may require the controller to delete your personal data without delay, and the controller is required to delete that data immediately, if any of the following applies:

(1) Personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

(2) You revoke your consent according to which the processing took place pursuant to Art. 6 (1) (a) or Art. 9 (a) GDPR and there is no other legal basis for processing.

(3) Pursuant to Art. 21 para. 1 GDPR, you object to the processing and there are no prevailing justifiable reasons for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.

(4) Your personal data has been processed unlawfully.

(5) The deletion of personal data concerning you is required to fulfill a legal obligation under Union law or the law of the Member States to which the controller is subject.

(6) The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8 (1) GDPR.

b) Information to third parties

If the controller has made the personal data concerning you public and is obligated to delete it pursuant to Art. 17 (1) GDPR, it shall take appropriate measures, including technical means, to inform data controllers who process the personal data that you as the request deletion of any links to such personal data or of copies or replications of such personal data taking into account available technology and implementation costs.

c) Exceptions

The right to deletion does not exist if the processing is necessary

(1) To exercise the right to freedom of expression and information;

(2) To fulfill a legal obligation required by the law of the Union or of the Member States to which the controller is subject, or to carry out a task which is in the public interest or in the exercise of official authority that has been transferred to the controller;

(3) For reasons of public interest in the field of public health pursuant to Art. 9 (2) (h) and (i) Art. 9 (3) GDPR;

(4) For archival purposes of public interest, for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR, to the extent that the law referred to in subparagraph (a) is likely to render impossible or seriously affect the achievement of the objectives of that processing; or

(5) To assert, exercise or defend legal claims.

 

5. Right to information

If you have the right of deletion, correction or restriction of processing vis-a-vis the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this correction or deletion of the data or restriction of processing, unless this proves to be impossible or involves a disproportionate effort.

You have a right vis-a-vis the controller to be informed about these recipients.

 

6. Right to data portability

You have the right to receive personally identifiable information you provide to the controller in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another controller without hindrance by the original controller to whom you provided the personal data, provided that

(1) The processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or on a contract pursuant to Art. 6 (1) (b) GDPR and

(2) the processing is done by automated means.

In exercising this right, you also have the right to obtain that personal data relating to you be transmitted directly from one controller to another controller, as far as technically feasible. Freedoms and rights of other persons may not be affected.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority delegated to the controller.

 

7. Right to objection

You have the right at any time, for reasons arising from your particular situation, to object to the processing of personal data concerning you, which occurs pursuant to Art. 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller will no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is intended to assert, exercise or defend legal claims.

If the personal data relating to you is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

Regardless of Directive 2002/58/EC, you have the option, in the context of the use of information society services, of exercising your right to objection through automated procedures that use technical specifications.

 

8. Right to revoke the data protection consent declaration

You have the right to revoke your data protection consent declaration at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

 

9. Right to appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to appeal to a supervisory authority, in particular in the Member State of your place of residence, employment or the place of the alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR.

The supervisory authority to which the appeal has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

The supervisory authority can be reached via the following contact details:

The State Commissioner for Data Protection Niedersachsen

Barbara Thiel
Prinzenstraße 5
30159 Hanover
Phone: +49 (0511) 120 45 00
Fax: +49 (0511) 120 45 99
E-mail: poststelle@lfd.niedersachsen.de