Datenschutzerklärung EN

Privacy Information for Website Visitors

I. Introduction

Controller
We,

komz GmbH
Nickelstr. 12
33415 Verl
Germany

as the controller would like to inform you below about which personal data we process from you and how.

Data Protection Officer
If you have any questions regarding data protection, please contact our Data Protection Officer, Mr. Thomas Werning.

He can be reached at:
werning.com GmbH – Dieselstraße 12 – 32791 Lage
E-Mail: dsb-komz-gmbh-gt@werning.com
Tel.: +49 5232 980-4700

Below you will find information on which personal data (these are all data that identify you as a natural person (hereinafter “data subject”) or make you identifiable, such as name, address, e-mail address or even user behavior) we collect during your visit to our website and how this data is used. Data subjects are the visitors to our website and users of our online services.

Data Security / Encryption
This website uses “Hypertext Transfer Protocol Secure” (https). The connection between your browser and our server is encrypted.

II. Rights of Data Subjects

Right to lodge a complaint
If you believe that the processing of your personal data violates the General Data Protection Regulation, you have the right to lodge a complaint with the competent supervisory authority for data protection, the State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia (https://www.ldi.nrw.de/), as well as with any other data protection supervisory authority.

Right of withdrawal
Consent given can be revoked by you at any time with effect for the future in accordance with Art. 7 GDPR.

Right of access, rectification, and erasure
Pursuant to Art. 15 GDPR, you have the right to obtain information about the data stored about you – including any recipients and the planned retention period. If incorrect personal data is processed, you have the right to rectification pursuant to Art. 16 GDPR. If the legal requirements are met, you may request the erasure or restriction of processing and object to the processing (Art. 17, 18, and 21 GDPR).

If you request deletion of data but we are still legally obliged to retain it, access to your data will be restricted (blocked). The same applies in the case of an objection. You may exercise your right to data portability insofar as the technical possibilities at the recipient and at our company allow this.

As a contact person for your data subject rights, Mr. Thomas Werning is available to you at the contact details given above.

Obligation to provide data
Without correct information from you, the conclusion of a contract is usually not possible.

Automated decision-making and profiling
Does not currently take place.

Intention to process in third countries
Does not currently take place.

Categories of recipients
In the context of providing specific services, we use service providers whom we have separately obliged to maintain confidentiality and data protection. Access to personal data cannot be excluded in this context.

These categories of recipients include:

Processors used by us (Art. 28 GDPR), particularly in the areas of IT services, taxation, logistics, and printing services, which process your data on our instructions.
Public authorities and institutions (tax authorities) where a legal or official obligation exists.
Other entities for which you have given us your consent to data transfer.

Disclosure to authorities is made exclusively where overriding legal provisions exist.

III. Information on data processing on our website

III.1. Website in general

Purposes of processing
Presentation of the company, provision of services and/or sale of products as well as communication via the Internet. The purpose of data processing on this website is to provide information about products and services of our company and, if applicable, for the processing of applications with the possibility for users to directly contact the relevant persons within the company.

General information
If you have provided us with personal data, we use it to respond to your inquiries, to advise you, to process contracts concluded with you, and for technical administration. Your personal data will only be disclosed or transferred to third parties if this is necessary for the purpose of contract execution, required for billing purposes, or if you have previously consented. You have the right to revoke consent granted with effect for the future at any time (see “Right of Withdrawal”).

The legal basis for the collection, processing, and transfer of data is, in the context of contract execution, Art. 6 para. 1 lit. b GDPR.

Deletion of this data takes place after the expiry of the applicable statutory retention obligations. If no statutory retention obligations apply, data will be deleted once the purpose has ceased.

You have the right at any time to request information about and object to your stored data. Further information can be found under “Rights of Data Subjects” and “Right of Withdrawal.”

III.2. Server data collection

Purpose of processing
When visiting our site, various data (server statistics) are automatically stored, which your browser transmits to the server of our provider: among others, the IP address of your device, date and time of access, name and URL of retrieved files, website from which access is made or from which you were directed to our site (referrer URL), browser used and, if applicable, the operating system of your device as well as the name of your provider.

The data mentioned is processed by us to ensure smooth connection setup and system security. This data is not merged with other data sources. The IP address is anonymized. The connection data collected is automatically deleted, generally after a maximum of 30 days. If the website is misused, log data whose further storage is required for evidence purposes will be retained until the incident has been resolved.

The legal basis is Art. 6 para. 1 lit. f GDPR and § 25 para. 2 TDDDG (here, however, only data such as browser or header information that is necessarily or due to (browser) settings of the end device transmitted when the website is called up). This is not considered “access to information already stored in the terminal device.” Our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR arises from our desire to ensure secure operation of the website and to detect possible attacks.

III.3. Contact form and e-mail inquiries

Purpose of processing
When using our contact form, we collect and store the name and e-mail address for the purpose of responding to your inquiry. Providing a telephone number for a callback is optional. If you send us a contact inquiry by e-mail, we collect and store the e-mail address and the data contained in the e-mail.

The legal basis is Art. 6 para. 1 lit. a GDPR, as you consent to the above-mentioned processing of your data when using the form or sending an e-mail. Furthermore, the legal basis also arises from Art. 6 para. 1 lit. b GDPR, as storing the data is necessary for fulfilling a pre-contractual or possibly later contractual relationship.

The data will be deleted when the purpose of storage no longer applies, i.e. after your e-mail/contact form inquiry has been answered or when the matter associated with the inquiry has been finally clarified.

You have the right to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of the consent before its withdrawal.

For information on erasure and access rights, see “Rights of Data Subjects.”

III.4. Cookies

Purpose of processing
This site does not use cookies by default.

Cookies are data records (previously only small text files) that are stored in your Internet browser (e.g. Firefox, Google Chrome, Microsoft Explorer/Edge, Safari, etc.) or by it on your computer (i.e. your operating system) when you visit our site. With the help of the cookie, which contains a certain character string and possibly further information, our website recognizes your Internet browser when you access it again.

We use our own cookies, so-called session cookies. These are used to manage the use of the website via a login area. These cookies are valid only for the duration of your browser session and are deleted when you end your visit to our site.

III.5. Matomo – Analytics tool

Purpose of processing
We use Matomo to analyze user behavior on our website and to optimize our offering. The processing of the data is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

Matomo is operated in a data protection-friendly configuration:

The IP addresses of visitors are anonymized (e.g. by truncation of the last octets).
No tracking cookies are set, and no digital fingerprinting is used.
Analysis takes place on our own servers, so no data is passed on to third parties.

Legal basis
The processing of your data is based on our legitimate interest in improving user-friendliness and optimizing our website (Art. 6 para. 1 lit. f GDPR).

Objection

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

III.6. WordPress as SaaS solution

Purpose of processing
The use of the WordPress tool as a SaaS service is for the purpose of creating, managing, and publishing website content based on a user-friendly platform. Insofar as personal data is processed by the provider of the WordPress SaaS service, this is carried out on the basis of a data processing agreement pursuant to Art. 28 GDPR. In this context, when the page is called up, external scripts and content from the domains i0.wp.com and s0.wp.com are reloaded, which serve to provide and optimize integrated media content (e.g. images or fonts). These external services are operated by Automattic Inc., whose integration has been assessed in terms of data protection and regulated within the contractual agreements on data processing.

Legal basis
The processing of your data is based on our legitimate interest in the efficient and professional external presentation of the company as well as in the technical provision of the website (Art. 6 para. 1 lit. f GDPR).

III.7. HubSpot as SaaS solution

Purpose of processing
The use of the HubSpot tool as a SaaS service is for the purpose of managing customer contacts, carrying out marketing activities, and providing and analyzing online forms, particularly in connection with newsletter registration.

The legal basis for the processing of personal data is Art. 6 para. 1 lit. a GDPR when consent is given by the data subject (e.g. when registering for the newsletter), as well as Art. 6 para. 1 lit. f GDPR for the legitimate interest in effective customer communication and marketing analysis. Processing by HubSpot takes place on the basis of a data processing agreement pursuant to Art. 28 GDPR. In the context of using the newsletter plugin, external scripts are loaded from the domains forms-eu1.hsforms.com and js-eu1.hsforms.net. These are necessary to correctly display the forms and to securely process the registration data. HubSpot operates these services on EU servers, ensuring data protection-compliant processing in accordance with European data protection regulations.

Purpose of processing
If you wish to receive the newsletter offered on the website, we require an e-mail address from you. Newsletter registration takes place in the double opt-in procedure. That means: after registration you will receive an e-mail with which you must confirm your registration. This procedure ensures that no unauthorized person can register with your e-mail address. Your newsletter registration is logged (storage of registration and confirmation time and IP address). This logging allows the registration process to be legally proven.

Your consent to the storage of your e-mail address (and if fields are offered optionally: first and last name for personal salutation) and its use for sending the newsletter with associated performance measurement can be revoked at any time. A cancellation link is included at the end of every newsletter. In order for us to prove a previously given consent for a deregistered e-mail address, we may store it for up to 3 years before deletion.

Legal basis
Newsletter delivery and the associated performance measurement are based on registration by the data subject (Art. 6 para. 1 lit. b GDPR, Art. 7 GDPR and in conjunction with § 7 para. 2 no. 3 UWG) or on the statutory permission pursuant to § 7 para. 3 UWG.

Additionally, Art. 6 para. 1 lit. f GDPR: Our legitimate interest in performance measurement arises from identifying the reading habits of our users based on newsletter openings, open times, and clicked links, in order to create and send them interest-based and useful content.

The legal basis for logging is Art. 6 para. 1 lit. f GDPR. Our legitimate interest arises from the fact that we use a secure and user-friendly newsletter system that protects the personal data of newsletter subscribers. It also allows us to prove consent.

III.9. Events and workshops (on-site, in-house, and virtual)

Purpose of processing
Registration for events and workshops can take place via a registration form. When using our registration form, we collect and store first and last name, company, and e-mail address. If you register by e-mail, we collect and store the e-mail address and the data contained in the e-mail.

We use this personal data exclusively for event and workshop purposes. This allows us to confirm participation, exchange information in advance, answer questions, if necessary create name badges and participant lists, or send documentation materials afterwards.

When using video conferencing systems as part of online workshops or video consultations, we use service providers within the framework of processing agreements.

To join an online workshop or video consultation, the provision of a name is required. You may also use a pseudonym. Providing an e-mail address is not required. Your data will be stored in our administration area.

If you activate access to your microphone and/or video camera, audio and video data will be processed and transmitted. You can deactivate access at any time via the respective buttons with the relevant symbols. Participation is also possible if you deactivate access. It is also possible to exchange text messages in a group chat. These messages may be visible to all participants.

If you select the “Share Screen” function, the screen content displayed will be visible to all other participants. Therefore, before using this function, please ensure that no sensitive data is displayed on your screen. You can deactivate this function at any time via the corresponding button.

If the online workshop or video consultation is recorded, you will recognize this by a red symbol in the screen area and you will be informed of this in advance. In this case, all video and audio data will be stored by us.

Note: When you visit the provider’s websites or install the provider’s application on your device, the processing of personal data is governed exclusively by the provider’s privacy policy.

Legal basis
The legal basis for processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the effective implementation of online workshops and video consultations. In the context of an existing or impending contractual relationship, Art. 6 para. 1 lit. b GDPR is also the legal basis for processing. A recording is made exclusively if we inform you in advance and you have consented to the recording. The legal basis in this case is Art. 6 para. 1 lit. a GDPR.

Data will be deleted after the expiry of the applicable statutory retention obligations. If this does not apply, the data will be deleted when the purpose of storage no longer applies.