Data Privacy Statement

 

With this data privacy statement, we would like to educate you in accordance with the provisions of the EU Regulation 2016/679 (General Data Protection Regulation - GDPR) on the nature, extent and purpose of the processing of personal data in connection with our website.

I.    Definitions


1.    "personal data" means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
2.    "processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3.    "controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
4.    "recipient" means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. 2However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;


II.    General Information

1.    Responsible Person/ Entity


K2D-KeyToData GmbH
Berliner Straße 31
71229 Leonberg
Germany
Tel.: +49 7152 9453 - 0
Fax: +49 7152 9453 - 90
Email: info(at)keytodata.com


2.    Contact Information of the responsible data protection officer

We have not nominated a data protection officer and are also not obligated to nominate such a position.

3.    Legal Basis
We process personal data based on at least one of the following statutory sources:

  • Permission of the data subject to the processing of this or her personal data concerning one or more specific purposes (Art.  6 Para. 1 S. 1 lit. a GDPR);
  • Completion of a contract with the data subject or in order to take steps at the request of the data subject prior to entering into a contract (Art.  6 Para. 1 S. 1 lit. b GDPR);
  • Compliance with a legal obligation we are subject to (Art.  6 Para. 1 S. 1 lit. c GDPR);
  • Protection of the vital interests of the data subject or of another natural person (Art.  6 Para. 1 S. 1 lit. d GDPR);
  • Protection of our legitimate interests or those legitimate interests of a third party (Art.  6 Para. 1 S. 1 lit. f GDPR)


The respective legal basis of individual processing operations is referred to below in this data privacy statement.

4.    Disclosure of personal data to recipients
We only share personal data with recipients (mandated processors of personal data or other third parties) to the extent necessary and only under one of the following conditions:

  • Permission of the data subject to the transfer of his personal data;
  • The transfer is necessary for the fulfillment of contractual obligations or in order to take steps at the request of the data subject prior to entering into a contract;
  • We are legally obligated to transfer the data;
  • The disclosure is based on our legitimate interests or those legitimate interests of a third party.


5.    Countries outside the EU
The transfer of personal data to a country or an international organization outside of the European Union (EU) or the European Economic Area (EEA) is subject to a statutory or contractual permission. Such transfer shall only be applicable under the conditions set out in Article 44 et seqq. GDPR. Therefore such transfer of personal data shall only occur to a country which was granted an adequacy decision of the EU-Commission pursuant to Art. 45 GDPR, a country which has given guarantees to appropriately safeguard personal data pursuant to Art. 46 GDPR or has implemented binding corporate rules following Art. 47 GDPR.

6.    Rights of the data subject

The data subject has the following rights:

  • pursuant to Art. 15 GDPR you have the right to request information about your personal data processed by us; you may also request information regarding the purposes for processing your personal data , the categories of personal data processed, the recipients or categories of recipients to whom your information has been or will be disclosed, the planned safeguarding period or the criteria for determining the safeguarding period, the provenance of your personal data if your personal data was not collected from you, the existence of automated decision-making, including profiling, and, where appropriate, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you, your right to rectification or deletion of your personal data, your right to limit such a processing  or your right to object to such processing, the existence of a right to appeal to such processing in front of the supervisory authority; Finally, you have a right to know whether personal data has been transmitted to a country outside the EU or to an international organization and, if this is the case, the right to receive information about the measures taken for appropriate data security associated with such a transfer;
  • pursuant to Art. 16 GDPR, you have the right to obtain the rectification of inaccurate personal data stored with us without undue delay;
  • pursuant to Art. 17 GDPR, you may request the deletion of your personal data stored with us, unless the processing of personal data is justified by the right of freedom of expression and information, for compliance with a legal obligation or for reasons of public interest or for the establishment, exercise or defense of legal claims;
  • pursuant to Art. 18 GDPR you can demand the limitation of the processing of your personal data, if and as far as the accuracy of the data is disputed by you, the processing is unlawful and you are opposed to the erasure of your personal data and request the restriction of the use of such data instead; and we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; or you have objected to the processing in accordance with Art. 21 GDPR, but it has not yet been determined whether our legitimate reasons for the data processing outweigh your interest;
  • pursuant to Art. 20 GDPR you may request the transfer of the personal data you have provided us with in a structured, commonly used and machine-readable format and have the right to transmit this personal data to another controller;
  • pursuant to Art. 21 GDPR you have the right to object to the processing of your personal data at any time to, on grounds relating to your particular situation, or personal data is processed for direct marketing purposes and the legal basis for the processing of the personal data are the protection of our legitimate interests or those legitimate interests of a third party according to Art. 6 Para. 1 S. 1 lit. f GDPR;
  • pursuant to Art. 7 Para. 3 GDPR, you may at any time revoke your once given consent for processing your personal data to us. As a result of such a withdrawal, we are not allowed to continue processing your personal data in the future;
  • pursuant to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority, in particular you can contact the supervisory authority of your habitual residence, your place of work or the place of the alleged infringement.
  • If you would like to assert your above data subject rights, you can contact us at any time using the contact details above.


7.    Erasure and Limitation of Personal Data

We erase personal data which we process according to the rules of Art. 17 GDPR and restrict the processing of personal data pursuant to Art. 18 GDPR. Insofar as this Data Privacy Statement does not stipulate otherwise, the personal data is deleted if this data is no longer necessary for the purposes for which the personal data was collected or otherwise processed and the deletion does not conflict with any statutory requirements of safeguarding this personal data. If personal data is required for legally permissible other purposes, it will not be erased but the processing of the personal data will be limited to such purpose. This applies, for example, to personal data that must be retained by us for commercial or tax law reasons. For example, documents pursuant to § 257 Para. 1 Nr. 2 und 3 HGB and § 147 Para. 1 Nr. 2, 3, 5 AO will be safeguarded for 6 years, documents pursuant to § 257 Para. 1 Nr. 1 und 4 HGB and § 147 Para. 1 Nr. 1, 4, 4a AO will be safeguarded for 10 years.

8.    Cookies
We have adopted the use Cookies for our website. Cookies are small text files that your browser automatically creates and are recorded on your device (laptop, tablet, smartphone, PC, etc.) when you visit our site. Cookies do not harm your device and do not contain any viruses or other malicious software. Cookies store information resulting in connection with the specific device in use. However, this does not result in an immediately knowledge of your identity. Cookies are mainly used to make our website offerings more user-friendly, effective and secure.

We use session Cookies to recognize which webpages you have frequented during your visit on our website. Cookies also provide certain functionalities. Session cookies are deleted after the end of your visit to our website.

In addition, we also use temporary Cookies that are stored on your device for a specific period of time to optimize usability of our website and to statistically evaluate the use of our offer. If you return to our website to take advantage of our services, the site will automatically recognize that you have frequented the website before, and which settings you have chosen and entries you have made, so that you do not need to reenter them.

The data processed by Cookies are necessary for the protection of our legitimate interests or those legitimate interests of a third party according to Art.  6 Para. 1 S. 1 lit. f GDPR.

The majority of browsers accept Cookies automatically. If you object to this routine browser setting, you can configure your browser so that no Cookies are stored on your device or a message is always displayed before a new Cookie is created. A general objection to the use of cookies used for online marketing purposes can be made for a variety of services, e.g. at www.youronlinechoices.com or the deactivation page of the Network Advertising Initiative optout.networkadvertising.org. However, disabling Cookies may imply, that the usability of our website may suffer.



III.    Individual processing operations

1.    Hosting
To make our website available to the public, we are engaging services provided by hosting companies, such as the supply of web servers, disk space, database services, security and maintenance services.

Thereby we are, respectively our hosting provider is, processing personal data of users of our website on the basis of our legitimate interests in an efficient and secure supply of our online offerings pursuant to Art. 6 Para. 1 lit. f GDPR.

2.    Access Data and Log Files

When you access our website or one of the individual web pages, the browser on your device automatically is sending information to the server of our website. This information is stored in so-called log files by us or our hosting provider and deleted after 190 days at the latest.

The following information is stored:

  • IP address of the computer requesting access to our website
  • Date and time of the access
  • Name and URL of the retrieved file
  • Website from which access is made (referrer URL)
  • The browser used and, if applicable, the operating system of your computer
  • Status codes and transferred amount of data
  • Name of your access provider.


This data is processed for the following purposes:

  • Supply of our Internet offering including all functions and contents
  • Enabling of an unobstructed establishment of a dial-up connection to the Internet
  • Enabling a comfortable utilization of our website
  • Ensuring system security and stability
  • Anonymized statistical evaluation of visitors accessing our website
  • Website optimization
  • Disclosure to law enforcement authorities in the event of unlawful interference / attack on our systems
  • Other administrative purposes.


The legal basis for the data processing is Art. 6 Para. 1 p. 1 lit. f GDPR. Our legitimate interest derives from the above data collection purposes. The collected personal data is never used for the purpose of drawing conclusions about a person.

3.    Contact Form / Other Contacting

If you use the contact form, you will be asked to provide your name and email address and possibly further contact information so that we can get in personal contact with you. Further information can be provided voluntarily. The processing of personal data for the purpose of establishing a contact with you and answering your request is in accordance with Art. 6 Para. 1 p. 1 lit. a GDPR on the basis of your unsolicited consent. All personal data collected in connection with the contact form will be deleted after your request has been processed, unless storage is required for the documentation of other transactions (for example the subsequent conclusion of a contract).


4.    Newsletter

If you would like to receive our newsletter, we need your email address. The data processing for the purpose of sending you our newsletter is carried out pursuant to Art. 6 Para. 1 p. 1 lit. a GDPR on the basis of your voluntary consent by means of the so-called double opt-in procedure. Your email address will be used and stored for this purpose until you revoke your consent or unsubscribe from receiving the newsletter. The unsubscription from our newsletter is possible at any time, for example via a link at the end of each newsletter. Alternatively, you can unsubscribe at any time by sending an email to the email address documented under II.

We send our newsletters with a so-called counting pixel. A counting pixel is a miniature graphic embedded in the HTML format of the newsletter to allow for analysis of reader behavior. In this context, we store whether and at what time a newsletter was opened by you and which of the links contained in the newsletter you accessed. We use this data to generate statistical evaluations about the success or failure of a marketing campaign in order to optimize the delivery of newsletters and to better tailor the content of future newsletters to your interests. The collected data will not be passed on to third parties and are deleted after the statistical evaluation.

5.    Registration / User Account

You have the opportunity to register on our website providing personal data. The registration is voluntary and is in accordance with Art. 6 Para. 1 p. 1 lit. a GDPR on the basis of your unsolicited consent. Which personal data is transferred thereby results from the respective input mask which is used for the registration. The personal data recorded will be used for the purposes of our offer as well as for contacting for information regarding supply and registration. A personal access allows you to look at your personal data and to make changes to these data. Your data will be stored until you delete the user account or instruct us to delete your data. Provided that we are obliged to retain your personal data on the basis of statutory retention periods, in particular tax and commercial law, the processing of your personal data will be restricted accordingly until the expiration of the retention periods and then the data will be deleted. 

If you register on our website or use the user account we store the IP address and the time of the respective use. The storage takes place on the basis of our legitimate interest according to Art. 6 Para. 1 p. 1 lit. f GDPR for the provision of our offer. The storage is also in your interest to protect you from misuse and other unauthorized use. The user account and the data stored in this connection also serve in particular to facilitate the purchase and to allow access to historical orders and the writing of customer reviews. A transfer of these data to third parties does not take place unless it is required to fulfill contractual obligations according to Art. 6 Para. 1 lit. b GDPR or for the prosecution of any claims to which we are entitled or there is a legal obligation according to Art. 6 Para. 1 lit. c GDPR. The IP addresses are anonymized or deleted after 190 days at the latest.

6.    Contract Data

In connection with and for the purpose of fulfilling pre-contractual measures and contractual obligations via our Internet offering which takes place at the request of the data subject, we process the data of the data subject required for the fulfillment of the contract. This includes:

  • Data of the contractor, such as name, address and contact details, if applicable different delivery or billing addresses or recipients and if necessary the date of birth;
  • Contractual data, such as subject of the contract, duration, customer category;
  • Payment data, such as bank details, credit card data, payment history.

The legal basis for the data processing is Art. 6 Para. 1 p. 1 lit. b GDPR.

The data will be transferred to third parties only to the extent to fulfill pre-contractual and contractual obligation, e.g. to banks, payment service providers, credit card companies for the payment transaction and to shipping service providers for the dispatch of goods.

7.    Remote Maintenance
To provide technical support to our customers, we offer remote maintenance services using appropriate software. In this case we may process personal data of customers for the purpose of providing support services according to Art. 6 Para 1 lit. b GDPR.


IV.    Statistics and Analysis


Facebook-Pixel
Within our Internet offering we use the so-called "Facebook-Pixel". Provider is Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Responsible for the processing of personal data of individuals in the EU is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Facebook has entered the EU/ U.S. PrivacyShield, has thereby committed to compliance with European privacy standards and therefore is in compliance with the requirements of the European Union to legitimize the transfer of personal data to the United States. Information on Facebook's commitment concerning the PrivacyShield can be found under

www.privacyshield.gov/participant.

The use of this technology enables Facebook to assign the visitors to our website to certain groups (e.g. visitors to our website or rather according to the fields of interest we have passed on to Facebook, so-called "custom audiences") for the display of specific advertisements and to be able to recognize them. This ensures that these users are shown only personalized advertisements and so harassment by improper advertising can be avoided. By using Facebook-Pixels we can also understand the effectiveness of our Facebook advertisements for statistical purposes and track whether and how a user has used our offer after clicking on the advertisement.

More information about Facebook-Pixel and how it works can be found under www.facebook.com/business/help/651294705016616. The details of processing the data obtained by Facebook and general information about Facebook advertisements can be found in the data policy of Facebook available at URL www.facebook.com/about/privacy/update. You also have the option of opposing the collection of your data by the Facebook-Pixel and its use for the display of specific advertisements in your Facebook account under the heading "settings". Information about these settings can be found under www.facebook.com/settings (login required).

The use of Facebook-Pixels helps us advertise our products and services in an appropriate manner without bothering advertising recipients with improper advertising. Legal Basis for the use of Facebook-Pixels are therefore legitimate interests of us and third parties for these purposes according to Art. 6 Para. 1 lit. f GDPR.

 

V.    Services of Google


Provider of the following services of Google is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter "Google").

The legal basis for using the following services of Google are our legitimate interests according to Art. 6 Para. 1 lit. f GDPR.

Google has entered the EU/ U.S. PrivacyShield, has thereby committed to compliance with European privacy standards and therefore is in compliance with the requirements of the European Union to legitimize the transfer of personal data to the United States. Information on Google's commitment concerning the PrivacyShield can be found under:

www.privacyshield.gov/participant.

For more information about how Google handles your personal data, please see the privacy policy of Google: www.google.com/intl/de/policies/privacy/.
Information about the use of data for advertising purposes by Google, setting and contradictory options, you can found on these websites:
www.google.de/policies/privacy/partners/

www.google.de/policies/technologies/ads/ 
www.google.de/settings/ads
www.google.com/ads/preferences/

1.    Google Analytics
This website uses Google Analytics by Google. Google Analytics uses cookies. Google collects data on the user visits of our Internet offering and their user behavior. These data serve the purpose to ensure a needs-based design and a continuous optimisation of our Internet offering, to  measure the success of marketing measures and to create statistical evaluations. In this context pseudonymised user profiles are created and cookies are used.  Information provided through a cookie about your usage of this website like browser type/version, utilized operating system, referrer-URL (before visited page), host name of the accessing computer (IP address), time of server request will be transmitted to a server of Google in the USA and stored there. User and event data will be deleted after 26 months. These information will also be transferred to third parties if required by law or if third parties process these data on behalf of us or Google. Under no circumstances will your IP address be merged with any other data of Google. IP addresses will be anonymized, therefore an allocation is impossible. You can avoid the storage of cookies by appropriately adjusting your browser software. Although in this case it might be possible that you will not be able to use all functions of this website. In addition, you may avoid the collection of data generated by the cookie and related to your use of the website to Google as well as the processing of these data by Google by downloading and installing a browser plugin that can be found under the following link: tools.google.com/dlpage/gaoptout. You can avoid data collection by Google Analytics by clicking the following link[<p><a href="javascript:gaOptout()">Google Analytics deaktivieren</a></p>] to receive an Opt-Out-Cookie. This cookie ensures that in the future no visitors data from your browser will be collected and stored by Google Analytics when visiting this website. Caution: If you delete your cookies the Opt-Out-Cookie will be deleted as well and you may have to activate it again.

2.    Demographic Characteristics by Google Analytics
This website uses as part of Google Analytics the function "demographic characteristics". As a result reports can be created that contain information on the age, gender and interest of our site visitors. These data originate from interest-based advertising from Google and third-party visitor data. These data cannot be assigned to a specific person. Legal basis for the use of the following services of Google are our legitimate interests to optimize and optimally market our website according to Art. 6 Para. 1 lit. f GDPR.

You can disable this feature at any time through the display settings in your Google account or generally prohibit the collection of your data by Google Analytics as outlined above.

3.    Google Analytics Remarketing
This website uses Google Analytics Remarketing by Google. Google Analytics Remarketing is used to present to visitors advertisements related to contents of previously visited websites. Google uses cookies to recognize visitors who visit websites from the Google advertising network. This service collects your IP address, which of our websites you have visited and, if applicable, other data required by Google for the provision of Analytics Remarketing. The IP address provided by your browser will never be merged with other data provided by Google. Generated information about your use of this website will be stored on a server in the USA. These information will also be transferred to third parties if required by law or if third parties process these data on behalf of us or Google. You can prevent the storage of cookies by a corresponding setting of your browser software; however, we would like to inform you that in this case you may not be able to use all functions of this website entirely. If you do not wish to use Google Remarketing, you can disable it by making the appropriate settings at www.google.com/settings/ads.

4.    Google AdWords with Conversion-Tracking

This website uses Google AdWords by Google and as part of Google AdWords the Conversion-Tracking. Google Conversion-Tracking is used to track and evaluate the clicks on advertisements, purchases, logins, phone calls, app downloads and other actions on our website. Cookies are used for analysis and evaluation. This service collects your IP address, which of our websites you have visited and, if applicable, other data required by Google for the provision of Conversion-Trackings. The IP address provided by your browser will never be merged with other data provided by Google. Generated information about your use of this website will be stored on a server in the USA. These information will also be transferred to third parties if required by law or if third parties process these data on behalf of us or Google. You can prevent the storage of cookies by a corresponding setting of your browser software; however, we would like to inform you that in this case you may not be able to use all functions of this website entirely.

5.    Google Web Fonts

This website uses external typesettings by Google, so called web fonts, to depict fonts. In accessing the website your browser therefore loads the necessary web font into the browser cache. If your browser does not support this feature a standardised font from your computer will be used to display this website. This service collects your IP address, which of our websites you have visited and, if applicable, other data required by Google for the provision of web fonts. Generated information about your use of this website will be stored on a server in the USA. These information will be transferred to third parties if required by law or if third parties process these data on behalf of us or Google.

VI.    Media Content


Within our Internet offering we use partly foreign contents which are loaded directly by servers of the following providers named in detail. The purpose of integrating this content is to make our website more attractive. In the purpose of making our website more attractive there is also our legitimate interest in the use of such third-party content. Legal basis for the use of the following social media plugins are our legitimate interests according to Art. 6 Para. 1 lit. f GDPR.

YouTube

Our website uses media content of the YouTube platform. Provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereafter "Google").
Purpose is the display of contents of the platform YouTube in the context of our Internet offer. This service collects your IP address and, if applicable, any other data required by Google for YouTube. The generated information about your use of this website is stored on a server in the USA. These information may also be transferred to third parties if required by law or if third parties process these data on behalf of us or Google. If you are logged in to YouTube at the same time, Google can directly match the visit to the page of our Internet offer to your user account there. If you do not want Google to be able to match the data collected on our website to your respective user account on YouTube, you must first log out of YouTube.

Google has entered the EU/ U.S. PrivacyShield, has thereby committed to compliance with European privacy standards and therefore is in compliance with the requirements of the European Union to legitimize the transfer of personal data to the United States. Information on Google's commitment concerning the PrivacyShield can be found under:

www.privacyshield.gov/participant.
For more information about how Google handles your personal data, please see the privacy policy of Google: www.google.com/intl/de/policies/privacy/.