Privacy Policy

Privacy policy
in accordance with the EU General Data Protection Regulation (GDPR)

(Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC in the Official Journal of the European Union, OJ L 119/1; entry into force: 25 May 2018).

For the social intranet of Kluthe Group.

We, Kluthe Group, take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations under German and European law (in particular the General Data Protection Regulation (GDPR) and the German Telemedia Act (TMG)) and the following declaration.

This privacy policy relates solely to our social intranet. If you are redirected from here via links to other websites or online platforms, please inform yourself in the data protection notices there about the respective handling of the data and its processing there.

The legal basis for data processing on websites and in online tools is essentially the following provisions and legal regulations:
- Your consent (Art. 6 para. 1 lit. a GDPR)
- Fulfilment of contracts or other legal relationships (Art. 6 para. 1 lit. b GDPR)
- Protection of legitimate interests / balancing of interests (Art. 6 para. 1 lit. f GDPR)

In accordance with the principles of data avoidance and data minimisation, we only process personal data for as long as is necessary in accordance with the following declaration or as required by law (statutory retention period). If the purpose or the right to process the collected personal data no longer applies or if the permitted storage period ends, we block or delete the data, unless your - temporary - further processing is necessary, in particular for the following purposes:
- Fulfilment of retention periods under commercial and tax law, in particular in accordance with the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are two to a maximum of ten years.
- Preservation of evidence within the framework of the statute of limitations. According to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years.
- Warranty or guarantee claims on your part

In order to be able to take a data lock into account at any time, it is necessary to keep the data in a lock file for control purposes. If there is no legal archiving obligation, you can also request the deletion of such data. If there is a legal archiving obligation, we will block this data if you so wish. If the provision of personal data is required by law or contract or is necessary for the conclusion of a contract, we draw your attention to the detrimental consequences of failure to provide such data.

In particular, the following terms used in this agreement are defined as follows in accordance with Art. 4 GDPR:
- Personal data: any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- Data subject: any identified or identifiable natural person whose personal data is processed by the controller.
- Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

For further definitions, please refer to Art. 4 GDPR (https://dsgvo-gesetz.de/).

1.Name and contact details of the controller and the company data protection officer

This data protection information applies to data processing by the responsible operator of this online platform: Chemische Werke Kluthe GmbH, Gottlieb-Daimler-Straße 12, 69115 Heidelberg, Germany, Email: info@kluthe.com, Phone: +49 6221 53010.

The company data protection officer (m/f) of Kluthe Group can be contacted as follows:

Chemische Werke Kluthe GmbH
Gottlieb-Daimler-Straße 12
69115 Heidelberg
Germany

Managing Director: Martin Kluthe & Robert Kluthe
Ust-Idnr.: DE 143261732
Amtsgericht Mannheim, HRB 330556

Tel: +49 6221 53010
E-Mail: info@kluthe.com
Web: www.kluthe.com

E-Mail address: datenschutz@kluthe.com

2.Collection and storage of personal data; type and purpose of use
a. Accessing the online platform (server log files)

When you access the social intranet, the browser used on your device automatically sends information to the server of this online platform. This information is temporarily stored in a log file. The following information is collected without any action on your part and stored until it is
- IP address of the requesting computer (host name)
- Date and time of access
- Name and URL of the retrieved file
- Online platform from which the access was made (referrer URL)
- Browser used and, if applicable, the operating system of your computer
- Name of your access provider.

It is possible to draw conclusions about your person from this automatically generated information. The aforementioned data is processed by us for the following purposes:

  • Ensuring a smooth connection to the online platform
  • Ensuring convenient use of our online platform
  • Analysing system security and stability
  • For further administrative purposes.

The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. f of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter: GDPR). Our legitimate interest follows from the data collection purposes listed above. We do not use the data collected for the purpose of drawing conclusions about your person, except in cases of legal offences or legal obligation to do so.

As a user of our online platform, the following categories of personal data in particular are collected and processed:
- Usage data (e.g. online platform visited, interest in content, access times)
- Technical data (e.g. browser, IP addresses, operating system)
- Surnames, first names, password
- Contact data (e.g. e-mail, telephone, address)
- Data freely entered by the user.

We process this data on the legal basis of your consent in accordance with Art. 6 para. 1 lit. a. and Art. 7 GDPR.

For users, the criterion for the duration of the storage of your data is the existence of a user account. After deletion of this access, the user's data will also be deleted. Our backups and log files may still contain your data after this. These are also deleted no later than three months after deletion, unless there is something important in the way.

We also use cookies when you visit our online platform. You can find more detailed explanations on this in section 4 of this privacy policy.

b. Registration

You have the option of registering on our online platform by providing personal data. The relevant personal data that is transmitted to us is shown in the input mask as follows

Title | First name* | Last name* | Profile picture | Date of birth (without year) | Position | Projects/special topic | Address (professional and private) | Links to other services | Company/organisation | Department/area | Telephone number | Mobile phone | Email | Interests | About me |.

(*mandatory fields)

The personal data you enter there will be processed exclusively for internal use within this online platform.

The purpose of registration is to offer you content or services which, due to the nature of the matter, can only be offered to registered users.

3.Transfer of data

Your personal data will only be transferred to third parties for the purposes listed below.

We only pass on your personal data to third parties

  • if you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR
  • if the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data
  • if there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR
  • if this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR
  • on the basis of an order processing contract (AVV) concluded by us with a processor in accordance with Art. 28 GDPR
  • if we intend to use the personal data for a purpose other than the aforementioned purposes, we will provide you with information about this other purpose and all other relevant information in accordance with Art. 13 para. 2 GDPR prior to this further processing.

4.Cookies

We use cookies on our online platform. These are small files that your browser automatically creates and manages and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our online platform. Cookies do not cause any damage to your computer, they do not contain viruses, Trojans or similar.

Information is stored in a cookie that results in each case in connection with the specific end device used. However, this does not mean that we gain direct knowledge of your identity.

You can prevent the use and setting of cookies by blocking the setting of cookies in the browser (information on this can be found in the browser's help function). Opt-out cookies prevent the future collection of data when visiting this online platform. However, please note that in this case you may not be able to use all the functions of this online platform to their full extent.

The use of cookies serves in particular to make the use of our online platform offer convenient for you. We use the following cookies in particular:

a. Session cookies to recognise that you have already visited individual pages of our online platform. They are only stored in the working memory of the user's computer. A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when the user session on the online platform is ended.

b. Temporary cookies, which are stored on your end device for a specified period of time. If you visit the online platform again to use our services, it is automatically recognised that you have already visited us and which entries and settings you have made so that you do not have to enter them again.

c. Cookies for statistical recording and for the purpose of optimising our online platform offering (see section 5). These cookies also make it possible to automatically recognise that you have already visited our online platform when you visit it again. These cookies are automatically deleted after a defined period of time.

The data processed by cookies are necessary for the purposes mentioned to protect our legitimate interests and those of third parties in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our online platform. Session cookies (see 4.a. above) cannot usually be suppressed.

5.Tracking tools

Tracking tools with which we could analyse or evaluate your online platform usage in more detail (e.g. statistically) or through which a certain usage behaviour of yours could be identified are not used on this online platform.

6.Social media plug-ins / social share buttons

Social plug-ins or share buttons with which you are directly linked to our online platform or, conversely, with which this online platform is directly linked to your social media account and through which a certain usage behaviour of yours could be identified are not used on this online platform.

7.Use of the mobile app

For an optimised user experience on mobile devices, we also provide mobile apps with which you can use the social intranet. When using and installing these apps, data is already collected in accordance with the rules of the respective app stores. However, we are not responsible for this, but the respective operators. The data collected from you is normally processed in the USA. For more detailed information, you must unfortunately contact the respective operators.

8.Existence of automated decision-making

We do not use automated decision-making or profiling.

9. rights of data subjects

You have the right in each case free of charge

  • in accordance with Art. 15 GDPR to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect or incomplete personal data stored by us
  • in accordance with Art. 17 GDPR, to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims; the same applies in the event of restriction of processing
  • in accordance with Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer need the data, but you need it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR;
  • in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller
  • in accordance with Art. 7 para. 3 GDPR, to revoke your consent once given to us at any time. As a result, we may no longer continue the data processing that was based on this consent in the future;
  • not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, provided that the decision (1) is not necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is based on the data subject's explicit consent. If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject's explicit consent, the Kluthe Group shall implement suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision. If the data subject wishes to exercise the rights concerning automated individual decision-making, he or she may, at any time, contact any employee of the controller.
  • to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or workplace or at the registered office of our law firm.

To assert your rights as a data subject, send an email to datenschutz@kluthe.com.

10.Right of objection/revocation

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR or to revoke any consent to processing. If you wish to exercise your right of revocation or objection, simply send an e-mail to datenschutz@kluthe.com.

11.Data security

We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit the online platform. As a rule, this is 256-bit encryption. You can recognise whether an individual page of our online platform is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

12.Topicality and amendment of this privacy policy

This privacy policy is currently valid and is dated 25 May 2018 (entry into force of the GDPR).

Due to the further development of our online platform and offers on it or due to changing legal or official requirements, it may become necessary to amend this privacy policy.