Data privacy: Your rights – our obligations

You can rely on the privacy, protection and security of your personal data in our hands. At KLOTZ AIS we take protection of your privacy and your rights concerning personal data processing very seriously, and have integrated it into all our business processes.

Accordingly, this Data Privacy Policy is to inform you about how we treat your personal data.

How do we use your data?

KLOTZ AIS collects, processes and uses all personal data resulting from your visits to our website exclusively and solely in accordance with the applicable regulations governing personal data privacy.

We use your personal data only for the purposes stated in this Data Privacy Policy (e.g. for processing your enquiries or, if applicable, for the conclusion of insurance contracts. When we collect personal data from forms, we inform you of the purpose for which we are collecting the data and any other circumstances, in accordance with the provisions of Article 13 GDPR. We do not use your data for any other purposes.

Responsibility (Controller)

Responsibility under the General Data Protection Regulation (GDPR) is held by:

KLOTZ AIS GmbH
Johann-Sebastian-Bach-Str. 36
85591 Vaterstetten / Munich, Germany
Tel.: +49.(0)8106.308.0
Mail: info(at)klotz-ais.com

Data protection officer

You may contact our Data Protection Officer at any time for further information:

datenschutz@klotz-ais.com

What kind of information do we collect?

You can use virtually all areas of our website without needing to submit personal data. A small number of our offers and services on our website require personal data to be submitted before they can be used.

1. 1. Provision of website

When you visit our website, our Internet servers (Web servers) automatically record and evaluate technical access data (browser type, browser version, operating system used, referrer URL, host name, time of server request, IP address). However, these data cannot be associated with a specific individual; individual users remain completely anonymous. The access data are never combined with other data. The lawful basis for this processing of your data is given by Art. 6 1 f GDPR (legitimate interest with the purpose of ensuring fault-free technical display and optimization of the website). The data are only stored for the period required by the specified purpose.

1. 2. Cookies

Please note that this website uses cookies. Cookies are small text files which are stored in the Web browser of the user’s computer system. The lawful basis for the use of cookies is given by Art. 6 (1) a GDPR (consent to processing for statistical purposes, for the purpose of optimizing the website display or for marketing purposes). If consent to the use of cookies is not granted, the user may be unable to use some website features to their full extent or at all.

Explanations of the commonest types of cookies for your information:

1. Session cookies

When you are active on a website, a session cookie containing a session ID is temporarily saved on your computer. This allows you to move to different webpages without needing to repeat the login procedure. Session cookies are automatically deleted when you log out and become invalid if your visit automatically times out.

2. Permanent or protocol cookies

A permanent or protocol cookie stores a file on your computer for the duration defined by the file’s expiration date. These cookies enable websites to remember your information and settings the next time you visit them. This speeds up your access and improves convenience; for example, you do not need to adjust your language settings for our website every time. Once the expiration date of the cookie is reached, the cookie is automatically deleted when you visit the website that generated the cookie.

3. Third party cookies

Third party cookies originate from providers who are not the operator of the website. They can be used to collect information for purposes such as advertising, user-defined content and web statistics.

The online shop also uses cookies that are essential for the technical operation of the website. They do not contain any personal details and are not read by third parties.

1. 3. Email contact

Submission of further information is voluntary. As an alternative, the company may be contacted using the email address given. We process the data in your request in order to reply to you. The lawful basis of this data processing is Art. 6 (1) b GDPR, with processing of your enquiry as the purpose. The stored data will be deleted when the purpose of processing no longer applies and when no further statutory or contractual obligations of retention apply. As a general rule, data from your enquiry is stored for 12 months unless no further purpose of processing (e.g. order, quotation) results from your enquiry.

1. 4. Web shop

If you use the services of our Web shop, the following personal data are requested and stored upon conclusion of a contract:

• • Company / VAT ID and/or
  • Name and/or position
  • Billing and delivery address
  • Tel / fax numbers
  • Email
  • Payment method
  • Order

The lawful basis of this data processing is Art. 6 (1) b GDPR, The purpose of processing the data is the initiation or fulfilment of a contract. The stored data will be deleted when the purpose of processing no longer applies and when no further statutory or contractual obligations of retention apply. The statutory period of retention in this case is 6 years.

1. 5. Newsletter

Our website offers the option of subscribing to a newsletter. The following data are collected and stored for the purpose of mailing the newsletter and traceability:

• Email address
• Name
• Date and time of registration
• Date and time of confirmation mail (double opt-in method)

The lawful basis is Art. 6 (1) a GDPR (consent). In the newsletter registration process you are asked to give consent and referred to this Data Privacy Policy. A double opt-in method is used; after giving your consent, you receive an email from us with a link which you click to confirm and complete the registration process.

You can withdraw your consent to receive our newsletter at any time with prospective (future) effect. Your data are then deleted immediately unless statutory or contractual obligations of retention apply.

1. 6. Further processing activities

Inclusion of services and content from third parties

The website may contain links to other websites which are beyond our control and to which this Data Privacy Policy does not apply. If you access other websites using the links provided, the operators of those websites can collect information about you and use it in accordance with their data privacy policies, which may differ from ours.

Cloudflare

We use the Content Delivery Network (CDN) of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich Germany (Cloudflare) to increase the security and delivery speed of our website. This corresponds to our legitimate interest (Art. 6 para. 1 lit. f DSGVO) in conjunction with §25 para.2 lit.1 TTDSG (no consent requirement). A CDN is a network of [globally] distributed servers that is able to deliver optimized content to the website user. For this purpose, personal data may be processed in server log files by Cloudflare. Please compare the explanations under “Hosting”.

Cloudflare is a recipient of your personal data and acts as a processor for us. This corresponds to our legitimate interest within the meaning of Art. 6 (1) p. 1 lit. f DSGVO not to operate a content delivery network ourselves.

You have the right to object to the processing. Whether the objection is successful is to be determined as part of a balancing of interests.

The processing of the data provided under this section is not required by law or contract. The functionality of the website is not guaranteed without the processing.

Your personal data will be stored by Cloudflare for as long as necessary for the purposes described.

For more information on objection and removal options vis-à-vis Cloudflare, please visit: Cloudflare DPA

Cloudflare has implemented compliance measures for international data transfers. These apply to all global activities where Cloudflare processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://www.cloudflare.com/cloudflare_customer_SCCs.pdf. A connection to servers in the USA may be established as soon as you access one of our Internet pages. According to the current legal situation, the USA is an unsafe third country, as the same level of data protection does not exist in the USA as in the EU.

YouTube

We use YouTube on our website. This is a video portal of YouTube LLC., 901 Cherry Ave, 94066 San Bruno, CA, USA, hereinafter referred to as “YouTube”.

YouTube is a subsidiary of Google LLC, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.

The legal basis is Art. 6 para. 1 lit. a DSGVO. According to YouTube, your consent causes the data described in more detail below to be transmitted to the YouTube server. A connection to the YouTube server in the USA may be established as soon as you call up one of our Internet pages on which a YouTube video is embedded. According to the current legal situation, the USA is an unsafe third country, as the same level of data protection does not exist in the USA as in the EU.

This connection is necessary in order to display the respective video on our website via your Internet browser. In the course of this, YouTube will at least record and process your IP address, the date together with the time as well as the website you visited. In addition, a connection to the advertising network “DoubleClick” of Google and possibly to the retrieval of Google Fonts will be established.

If you are logged into YouTube at the same time, YouTube will assign the connection information to your YouTube account. If you wish to prevent this, you must either log out of YouTube before visiting our website or make the appropriate settings in your YouTube user account.

For the purpose of functionality as well as for the analysis of user behavior, YouTube permanently stores cookies on your end device via your Internet browser. If you do not agree with this processing, you have the option to prevent the storage of cookies by a setting in your Internet browser. You can find more information on this above under “Cookies”.

Google provides further information on the collection and use of data as well as your rights and protection options in this regard in the data protection information available at https://policies.google.com/privacy?hl=en#infochoices

Orbit VU

This site uses plugins from ORBITVU Sp. z o.o. to display 3D product images. IP addresses are transferred to ORBITVU as part of this process.
The legal basis for the processing of your data is Art. 6 para. 1 lit. a DSGVO (consent). According to Orbit VU, your consent causes the data described in more detail below to be transmitted to the Orbit VU server.
Further information about treatment of user data can be found in ORBITVU’s privacy policy at https://orbitvu.com/privacy-policy.

Google Maps

This site uses the Google Maps map service via an API. The service is provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
To use Google Maps, it is necessary to store your IP address. This information is generally transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. The legal basis for the processing of your data is Art. 6 para. 1 lit. a DSGVO (consent). According to Google Maps, your consent causes data to be transmitted to the Google Maps server. Under certain circumstances, a connection to the Google Maps server in the USA is established as soon as you call up one of our Internet pages on which a Google Maps map is embedded. More information on the handling of user data can be found in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

Visitor analysis

This website uses visitor analysis processes to gain information about the behaviour of visitors to the website and thus improve their user experience.

Google Analytics

If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible entity for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Scope of processing
Google Analytics uses cookies that enable an analysis of your use of our website. The information collected by means of the cookies about your use of this website is usually transferred to a Google server in the USA and stored there.
In addition, a connection is established to Google’s “DoubleClick” advertising network and, if necessary, to retrieve Google Fonts.
In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your website visit, your user behavior is recorded in the form of “events”. Events can be:

• page views
• first visit to the website
• start of session
• your “click path”, interaction with the website
• scrolls (whenever a user scrolls to the bottom of the page (90%))
• clicks on external links
• internal search queries
• interaction with videos
• file downloads
• seen / clicked ads
• language setting

Also recorded:
• Your approximate location (region)
• Your IP address (in shortened form)
• technical information about your browser and the terminal devices you use (e.g. language setting, screen resolution)
• your internet service provider
• the referrer URL (via which website/advertising medium you came to this website)

Processing purposes
On behalf of the operator of this website, Google will use this information to [pseudonymous [NOT USING USER ID]] use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website

Recipients
Recipients of the data are/may be
• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor in accordance with Art. 28 DSGVO).
• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
• Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
It cannot be ruled out that US authorities access the data stored by Google.

Third country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Storage period
The data sent by us and linked to cookies are automatically deleted after 2 [OR: 14 months]. Data whose retention period has been reached is automatically deleted once a month.
Legal basis
The legal basis for this data processing is your consent according to Art.6 Abs.1 S.1 lit.a DSGVO [FALLS EINSCHLÄGIGIG: Art. 49a DSGVO].
Revocation
You can revoke your consent at any time with effect for the future by calling up the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.
You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google, by

a. Not giving your consent to the setting of the cookie or
b. downloading and installing the browser add-on to disable Google Analytics HERE https://tools.google.com/dlpage/gaoptout?hl=en

For more information on Google Analytics’ terms of use and Google’s privacy policy, please visit https://policies.google.com/terms?hl=en and https://policies.google.com/?hl=en

External service providers are only commissioned if they have contractually committed to the requirements of Art. 28 DSGVO (order processor).

Sharing personal data as part of order fulfilment 

As part of fulfilling the sales contract arising from your order, the personal details we collect are passed to the shipping company commissioned to deliver your order if this is necessary to deliver the goods. This data sharing is limited to data required for the purpose of delivering or payment your goods.
The legal basis for all providers in connection with an order is Art.6 para.1 lit.b DSGVO (fulfillment of a contract).

SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Encrypted payment transactions on this website
If there is an obligation to transmit your payment data (e.g. account number in the case of direct debit authorization) to us after the conclusion of a contract with costs, this data is required for payment processing.
Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are made exclusively via an encrypted SSL or TLS connection.
You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

PAYONE

If you decide for a mode of payment of the Paymentdienstleisters PAYONE, the payment completion takes place over the Paymentdienstleister BS PAYONE GmbH, Lyoner Strasse 9, 60528 Frankfurt/Main, to whom we pass on the information you provide during the ordering process together with the information about your order in accordance with Art. 6 Para. 1 lit. b DSGVO. The passing on of your data takes place exclusively for the purpose of payment processing with the payment service provider PAYONE and only insofar as it is necessary for this purpose.

PayPal

If you choose to pay by PayPal, by credit card via PayPal, by direct debit via PayPal or – if available – “purchase on account” via PayPal, as part of the payment process we transfer your payment details to PayPal (Europe) 
S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”). PayPal reserves the right to apply for a credit report in connection with the payment methods of credit card via PayPal, by direct debit via PayPal or – if available – “purchase on account” via PayPal. PayPal uses the result of the credit report with respect to statistical probability of default to decide whether to provide the payment method in question. The credit report may contain probability forecasts (credit score). Credit scores which are included in the credit report results are based on a scientifically proven mathematical and statistical method. Data including address data are used to calculate credit scores. For further data protection information including information on the credit agencies used, see the PayPal Data Privacy Policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-prev?locale.x=en_GB

SOFORT (IMMEDIATE bank transfer)

If you select the payment method “IMMEDIATELY”, the payment processing is carried out by the payment service provider SOFORT GmbH, Theresienhöhe 12, 80339 Munich, Germany (hereinafter “IMMEDIATELY”), to whom we pass on your information provided during the ordering process together with the information about your order in accordance with Art. 6 Para. 1 lit. b DSGVO. Sofort GmbH is part of the Klarna Group (Klarna Bank AB (publ), Sveavägen 46, 11134 Stockholm, Sweden). The passing on of your data takes place exclusively for the purpose of payment processing with the payment service provider IMMEDIATELY and only to the extent necessary. At the following Internet address you will receive further information about the data protection regulations of SOFORT: https://www.klarna.com/uk/privacy-notice/

giropay

On our website we offer payment via giropay, among others. The provider of this payment service is giropay GmbH, An der Welle 4, 60322 Frankfurt/Main, Germany (hereinafter “giropay”).
If you make payment via giropay, giropay collects various transaction data and forwards these to the bank with which you are registered with giropay. In addition to the data required for the payment, giropay also collects further data within the framework of the transaction processing, if necessary, such as delivery address or individual items in the shopping cart.
Giropay then authenticates the transaction using the authentication procedure deposited with the bank for this purpose. The payment amount is then transferred from your account to our account. Neither we nor third parties have access to your account data. www.giropay.de
Details on payment with giropay can be found in the General Terms and Conditions and the data protection regulations of giropay under https://www.giropay.de/agb/index.html (in german)

Paydirekt

On our website we offer payment via Paydirekt, among others. The provider of this payment service is Paydirekt GmbH, Hamburger Allee 26-28, 60486 Frankfurt am Main, Germany (hereinafter “Paydirekt”).
If you make payment via Paydirekt, Paydirekt collects various transaction data and forwards them to the bank with which you are registered with Paydirekt. In addition to the data required for payment, Paydirekt may also collect additional data such as delivery address or individual items in the shopping cart as part of the transaction processing.
Paydirekt then authenticates the transaction with the help of the authentication procedure deposited with the bank. The payment amount is then transferred from your account to our account. Neither we nor third parties have access to your account data.
For details on payment with Paydirekt, please refer to the terms and conditions and the Paydirekt privacy policy at: https://www.paydirekt.de/agb/index.html (in german)

Privacy protection of minors aged under 16 on the Internet

KLOTZ AIS never knowingly collects or uses personal data of minors (aged under 16) in any way. The age of visitors to our website is not generally disclosed. However, we have not taken any specific actions to provide special protection of such data. Individuals aged under 16 may not transfer personal data without the express permission of their parents or guardians.

Your rights concerning processing of your personal data

Right of access: The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and where that is the case, access to the personal data and the following information as listed in Article 15 GDPR.

Right to rectification: The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her and, where applicable, to have incomplete personal data completed (Article 16 GDPR).

Right to erasure: The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the grounds listed in Article 17 GDPR applies, e.g. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (right of erasure, ‘right to be forgotten’).

Right to restriction of processing: The data subject shall have the right to obtain from the controller restriction of processing where one of the grounds listed in Article 18 GDPR applies, e.g. where the data subject objects to the processing; said restriction shall apply for a period enabling the controller to verify the accuracy of the personal data.

Notification obligation: The data subject has the right to be informed of the recipients of his or her personal data. The data controller will communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Articles 16, 17(1) and 18 GDPR to each recipient to whom the personal data have been disclosed unless such notification proves impossible or involves disproportionate effort (Art. 19 DSGVO).

Right to data portability: A data subject has the right to receive his or her personal data which the subject has provided to a controller, in a structured, commonly used and machine-readable format. The subject further has the right to request transmission of those data to another controller in accordance with Article 20 GDPR, where technically feasible.

Right to object: The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or where the processing serves for the establishment, exercise or defence of legal claims (Article 21 GDPR).

Right to lodge a complaint with a supervisory authority: Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Article 77 GDPR). The data subject may exercise this right in the Member State of his or her habitual residence, place of work or place of the alleged infringement. In Bavaria the responsible supervisory authority is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) (Bavarian State Data Protection Authority)
Promenade 27
91522 Ansbach, Germany

How do we ensure the security of your data?

The data you provide to KLOTZ AIS are protected by appropriate technical and organizational measures designed to safeguard the data against accidental or deliberate manipulation, loss, destruction, access by unauthorized individuals or unauthorized disclosure to third parties. We monitor and improve our security measures on an ongoing basis in line with technological developments and organizational possibilities.