Data protection declaration

I. Name and address of the Controller

The Controller in the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states, as well as other regulations that are relevant in terms of data protection, is:
AIB KUNSTMANN Reserve GmbH
Zur Lohmühle 5
86874 Tussenhausen
Phone.: +49 (0)8268 9099-0
E-mail:
Website: www.aib-kunstmann.de

II. Name and address of the Data Protection Official

The Data Protection Official of the Controller is:
Solvation GmbH
Phone: 07071 – 568 1- 900
E-mail:

III. General information about data processing

1. What is personal data?

Personal data is individual information about personal or impersonal relations of a defined or definable natural person. Included herein are, for instance, your real name, your address, your phone number or your date of birth. The use of our website is normally possible without providing any personal data. In case personal data is requested on our web pages (e.g. name, address or e-mail address), this will be on a voluntary basis, where possible.

2. Scope of personal data processing

We basically process personal data of our users only insofar as this is required to provide a functioning website and to provide our content and services. Processing personal data of our users is regularly carried out only after the consent of the user. An exception applies in such cases, where a prior consent is not possible due to factual reasons and where data processing is authorised by the statutory provisions.

3. Legal basis of the processing of personal data

Insofar as we obtain the consent of the Data Subject for processing personal data, section 6 (1) lit. a EU General Data Protection Regulation (GDPR) shall serve as legal basis.
When processing personal data that is required to fulfil a contract of which a contractual party is the Data Subject, then s. 6 (1) lit. b GDPR shall serve as legal basis. This also applies to data processing which is required to perform pre-contractual measures.
Insofar as data processing is required to fulfil a legal obligation to which our company is subject, s. 6 (1) lit. c GDPR is the legal basis.
In case the vital interests of the Data Subject or of another natural person require processing of personal data, s. 6 (1) lit. d GDPR shall serve as legal basis.
If the processing is required to ensure the legitimate interest of our company or a third party, and if the interests, fundamental rights and freedoms of the Data Subject do not outweigh the aforementioned interests, s. 6 (1) lit. f GDPR shall serve as legal basis for the processing.

4. Deletion of data and duration of retention

Personal data of the Data Subject is deleted or made inaccessible as soon as the purpose of the retention has ceased to exist. Beyond that, a retention may be carried out in case the European or national legislation, to which the Controller is subject, envisages the retention by EU regulations, laws or other regulations. The data is also made inaccessible or deleted in case a retention period required by the mentioned standards is terminated, unless further retention is required for the conclusion or fulfilment of a contract.

5. SSL encryption

This page uses SSL encryption for safety reasons and to protect the transfer of confidential content, such as inquiries you send to us as the owner of the page. An encrypted connection can be identified by looking at the address bar of the browser, where “http://” changes to “https://” and the lock symbol in the browser line.
When the SSL encryption is enabled, data that is transmitted from you to us cannot be read by a third party.

6. Web host

This website is hosted by a German web host, DomainFactory GmbH. The web host must also comply with the GDPR and all other data protection laws or regulations that are applicable in EU member states regarding data protection. The operator of this website also concluded an order processing contract with the web host.  This is a contract in which the web host is obliged to protect the transferred data, to process it with respect to the data protection regulations on behalf of the operator of this website and, in particular, not transfer it to third parties. Further information on further data processing under: https://www.df.eu/de/support/df-faq/service-infos/datensicherheit/

IV. Provision of the website and creation of log files

1. Description and scope of data processing
When our internet page is viewed, no data or information is automatically gathered from the viewing computer.

V. Use of cookies

1. Description and scope of data processing

Our website uses cookies. Cookies are text files which are saved to the user’s computer in or by the internet browser.
This cookie includes a specific sequence of characters which allows for a clear identification of the browser next time the website is viewed.
We use cookies to make our website more user-friendly. Some elements of our website require that the visiting browser is identified even after a change of pages.
The data is not saved together with other personal data of the users.
When our website is viewed, users are informed about the use of cookies for analysis reasons and it is referred to this data protection declaration. In that context, a note regarding how to avoid the saving of cookies in the browser settings is also given.

2. Legal basis for data processing

The legal basis for the processing of personal data with the use of cookies is s. 6 (1) lit. f GDPR.

3. Purpose of data processing

The purpose of technically required cookies is to simplify the use of websites for users. Certain functions of our website cannot be offered without the use of cookies. For those it is required that the browser is recognised even after a change of pages.
The user data gathered for technically required cookies is not used to create user profiles.

4. Duration of retention, objection and removal options

Cookies are stored on the computer of the user. As a user you thus have full control of the use of cookies. By changing the settings in your internet browser, cookies transmission can be disabled or limited. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may be possible that not all functions of the website can be used to the full extent.

VI. Registration

1. Description and scope of data processing

On our website, we offer users the possibility to register with personal information. The data is entered in the input screen and it is transmitted to us and saved. A transfer of data to a third party does not take place. The following data is gathered in the course of the registration process:
First name, last name, address, company, position, phone number, e-mail address. As part of the registration process, the consent of the user to data processing is required.

2. Legal basis for data processing

The legal basis for data processing is, in case the user has given his consent, s. 6 (1) lit. (a) GDPR.

3. Purpose of data processing

With the registration, each user is given access to our tray database or Kunstmann-Easy. Both tools are used for online search and configuration of application-specific hardware for the traction and stationary field.
The registration is required since the online calculation is based on the customer specifications and it is not used to conclude a contract.

4. Duration of retention

The user has the option to withdraw his consent to processing of personal data at any time. In such a case, the abovementioned access permissions cannot be used after deletion.

5. Objection and removal option

For an administrator, it is always possible to delete the respective contact person/user upon request.

VII. Contact form and e-mail contact

1. Description and scope of data processing

There is a contact form on our website which can be used to get in touch with us online. In case a user gets in contact with us using that tool, there will be data entered via input screen and that data will be transmitted to us and saved.
Your consent for data processing will be requested in the course of the transmission and it will be referred to this data protection declaration.
Alternatively, you can contact us via the provided e-mail addresses. In that case, the personal user data that is sent with the email will be saved.
No transfer to a third party will take place. The data will be exclusively used to process the conversation.

2. Legal basis for data processing

The legal basis data processing is, in case the user has given his consent, s. 6 (1) lit. a GDPR.
The legal basis for processing the data transferred when sending an e-mail is s. 6 (1) lit. f GDPR. If the purpose of the e-mail contact is the conclusion of a contract, then the additional legal basis for processing is s. 6 (1) lit. b GDPR.

3. Purpose of data processing
The processing of personal data from the input screen is only intended for the purpose of processing the inquiry. In case of an e-mail request, the required and legitimate interest of processing the data is also given.
The other personal data processed while sending is used to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of storage
The data will be deleted as soon as its purpose has ceased to exist. This will be the case for personal data from the input screen and the data from the e-mail contact as soon as the conversation with the respective user is finished. The conversation is considered finished when it is obvious from the circumstances that the affected issue is conclusively clarified.

5. Objection and removal option
The user has the option to withdraw his consent to personal data processing at any time. In case the user gets in touch with us via e-mail, he can object the storage of his personal data at any time. In that case, the conversation cannot be continued.
All personal data that is gathered in the course of the conversation will then be deleted.

VIII. Analysis tools and third party tools

1. Social media share buttons

On our website, we offer the feature of “social media buttons”.
As operators of the website, we have no influence on whether and to which extent the providers gather personal data. We also have no knowledge of scope, purpose and retention periods of the data collection. It must be assumed that at least the IP address and device information is collected and utilised. It is furthermore possible that the service providers use cookies.
Included on our website are social media buttons of the following companies:
Facebook Inc. (1601 S. California Ave – Palo Alto – CA 94304 – USA)
LinkedIn Ireland Unlimited Company (LinkedIn Ireland Unlimited Company – Wilton Place, Dublin 2 – Ireland)
Xing SE (Dammtorstraße 30 – 20354 Hamburg – Germany)
Information on the collection and use of your data in social media can be found in the corresponding terms of use of the mentioned providers.

2. Google Analytics

  1. Description and scope of data processing
    This website uses Google Analytics, a web analytics service of Google Inc. (“Google”). Google Analytics uses cookies. Cookies are text files which are saved to your computer and they allow an analysis of your use of the website. The information created by the cookie regarding your use of the website is normally sent to a Google server in the US and it is stored there. In case IP anonymization is enabled on this website, your IP address, however, will be shortened by Google within member states of the European Union or within other countries affected by the treaty of the European economic zone. The complete IP address will only be sent to a Google server in the US and shortened there in exceptional cases. The IP address transmitted as part of Google Analytics from your browser will not be combined with other data by Google.
  2. Legal basis for data processing
    The legal basis for the use of the website analyzing service “Google Analytics” “ is s. 6 s. 1 lit. f GDPR.
  3. Purpose of data processing
    On behalf of the operator, Google will utilize the information mentioned in IX. To evaluate your use of the website, to create reports about the website activities and provide the website operator with other services related to the use of the website and the internet.
  4. Possibilities of withdrawal and removal
    You can avoid the storage of cookies by changing the corresponding setting in your browser software. However, we inform you that you will not be able to use all functions of the website to the full extent. Beyond that, you can avoid that the data which is generated by the cookie and which is related to your utilization of the website (incl. your IP address), as well as processing of that data by Google, by downloading the following browser plugin: http://tools.google.com/dlpage/gaoptout?hl=de.

 

IX. Rights of the Data Subject

If your personal data is processed, you are a Data Subject within the meaning of  the GDPR and you have the following rights towards us as Controller:

1. Right of access

You can claim a confirmation from the Controller about whether personal data that affects you is processed by us.
If data is processed, you can claim the following information:

(1) The purposes of the processing of personal data;
(2) The categories of personal data that is processed;
(3) The recipients or categories of recipients to whom your personal data is disclosed or will be disclosed;
(4) The planned duration of retention of your personal data or, if concrete information on this is not possible, criteria for the determination of the duration of retention;
(5) The existence of a right to rectification or deletion of personal data concerning you, a right to restriction of processing by the Controller or a right to object such processing;
(6) The existence of a right to complain to a supervisory authority;
(7) All available information on the origin of the data if personal data is not collected from the Data Subject;

You have the right to request information about whether personal data that concerns you is transmitted to a third country or an international organisation. In this context, you can claim to information about the suitable guarantees according to s. 46 GDPR in connection with such a transmission.

2. Right of rectification

You have a right of rectification and/or completion towards the Controller in case the processed personal data concerning you is incorrect or incomplete. The Controller has to carry out the rectification immediately.

3. Right to restrict the processing

The processing of the personal data concerning you can be restricted if the following preconditions are given:

1) In case you deny the correctness of your personal data for a period of time which allows the Controller to verify the correctness of your personal data;
(2) Processing is unlawful and you reject the deletion of the personal data and claim instead that the use of the personal data is restricted;
(3) The Controller does no longer need the personal data for processing purposes, however, you need it to assert, exercise or defend legal claims or
(4) In case you objected the processing according to s. 21 (1) GDPR and it is not yet determined whether the legitimate reasons of the Controller outweigh your reasons.

If processing of the personal data concerning you has been restricted, this data, apart from its storage, may solely be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or due to reasons of important public interest of the European Union or an EU member state.
If processing has been restricted according to the aforementioned preconditions, then you will be informed by the Controller before the restriction is repealed.

4. Right of deletion

a) Duty of deletion

You have the right to request the deletion of your personal data by the Controller without delay and the Controller has the duty to delete personal data without delay, provided one of the following reasons applies:

(1) The personal data related to you is no longer needed for the purposes it was collected for or processed in any fashion.
(2) You withdraw your consent upon which processing as per s. 6 (1) lit. a or s. 9 (2) lit. a GDPR was based and another legal basis for the processing is not existent.
(3) You object processing as per s. 21 (1) GDPR and there are no superior, legitimate reasons for processing or you object processing as per s. 21 (2) GDPR.
(4) The personal data related to you was processed unlawfully.
(5) The deletion of the personal data related to you is necessary to fulfil a legal obligation as per European Union legislation or the law of the EU member states to which the Controller is subject.
(6) The  personal data related to you was collected with respect to offered services of the information society as per s. 8 (1) GDPR.

b) Data transfer to third parties

In case the Controller has made your personal data public and he is obliged to delete it as per article 17 (1) GDPR, he must take the appropriate measures whilst taking into consideration the available technology and expenses of implementation, including technical measures, to inform the responsible persons who process the personal data that you as Data Subject have requested the deletion of all links to such personal data or of all copies or replications of such personal data.

c) Exceptions

The right to deletion does not exist insofar as processing is required.

(1) To exercise the right of free speech and information;
(2) To fulfil a legal obligation that requires processing under European Union or EU member state legislation to which the Controller is subject or to fulfil a task that is in the public interest or which is part of public authority transferred to the Controller;
(3) For reasons of public interest regarding public health as per s. 9 (2) lit. h and i and s. 9 (3) GDPR;
(4) For purposes of public interest regarding archiving, scientific or historical research or statistical purposes as per s. 89 (1) GDPR, provided that the law referred to in section a) presumably renders the realisation of the objectives of the processing impossible or seriously impairs the realisation of the objectives of processing or
(5) To assert, exercise or defend legal claims.

5. Right of information

If you have asserted the right to rectification, deletion or restriction of processing towards the Controller, the latter will be obliged to inform all recipients to which the personal data related to you was disclosed about the rectification or deletion of the data or the restriction of processing, unless this is evidently impossible or requires unreasonable efforts.
You have the right to get informed about these recipients by the Controller.

6. Right of data portability

You have the right to receive all personal data related to you that you provided to the Controller in a structured, common and machine-readable format. Moreover, you have the right to submit this data to another Controller without interference by the Controller to which the personal data was provided, insofar as

(1) Processing is based upon a consent according to s. 6 (1) lit. a GDPR or s. 9 (2) lit. a GDPR or on a contract as per s. 6 (1) lit. b GDPR and
(2) Processing is performed by means of automated procedures.

Whilst exercising this right, you furthermore have the right to claim that the personal data related to you is directly submitted from one Controller to another Controller, provided this is technically feasible. The freedoms and rights of other persons shall not be affected thereby.
The right of data portability is not applicable to processing of personal data required for the fulfilment of a task which is in the public interest or in the exercise of public authority transferred to the Controller.

7. Right of objection

You have the right, for reasons that result from your specific situation, to object the processing of your personal data carried out due to s. 6 (1) lit. e or f GDPR at any time; this applies also to a profiling based upon those provisions.
The Controller will no longer process the personal data concerning you, unless he can prove compelling protection-worthy reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal entitlements.
If your personal data is processed for direct advertising, you have the right to object the processing of the personal data related to you for the purpose of such advertising at any time; this also applies to profiling, provided it is in connection with such direct advertising.
In case you object the processing for direct advertising purposes, then personal data concerning you will no longer be processed for those purposes.
You have the option, in the context of the use of services of the information society, to assert your right of objection by using automated procedures in which technical specifications are used, regardless of directive 2002/58/EG.

8. Right of withdrawal of the declaration of consent regarding data protection regulations

You have the right to withdraw your declaration of consent regarding data protection at any time. The withdrawal of consent will not affect the lawfulness of processing undertaken on the basis of the consent prior to the withdrawal.

9. Automated decision in an individual case including profiling

You have the right to be not subjected to a decision that is exclusively based upon automated processing, including profiling, which will unfold a legal effect on your person or which will impair you in a similar fashion. This does not apply, if the decision

  1. is required for the conclusion or fulfilment of a contract between you and the Controller
  2. is permissible due to legal provisions of the Union or of member states to which the Controller is subject and, if these legal provisions include appropriate measures to protect your rights and freedoms and your legitimate interests or
  3. is rendered with your explicit consent.

However, these decisions must not be based upon special categories of personal data acc. to section 9, paragraph 1 GDPR, insofar as section 9, p. 2 lit. a or g GDPR is applicable and suitable measures to protect the rights and freedoms and your legitimate interests have been taken. Regarding the cases mentioned in (1) and (3), the Controller will take appropriate measures to protect the rights and freedoms and your legitimate interests, which includes at least the right to enforce the intervention of a person on the side of the Controller, the right to establish one’s own stance and to contest the decision.

10. Right of complaint to a supervisory authority

Regardless of any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the EU member state in which you reside, work or where the suspected violation occurred in case you believe that the processing of personal data related to you is a violation of the GDPR.

The supervisory authority at which the complaint has been submitted shall inform the appellant about the status and the results of the complaint including the possibility of a judicial remedy as per section 78 GDPR.