Menu

Key visual Legal Notes
KRATZER AUTOMATION

Data Protection

Declaration on data protection

It is important to us that we use your personal data only in accordance with the applicable data protection laws and that we act in a transparent manner towards you, with regard to the use of your data. This privacy policy explains what data we collect from you on our website, why we collect it, how we use the collected data and what options and rights you have with regard to the processing of your personal data.

I. Name and address of the data controller

The data controller in accordance with data protection regulation is KRATZER AUTOMATION AG, Gutenbergstrasse 5, 85716 Unterschleissheim, Germany
Email: info(at)kratzer-automation.com, Web: kratzer-automation.com
Tel. +49 89 32152 0, Fax +49 89 32152 599

II. Contact data of the data protection officer

You can contact our data protection officer as follows:
Data Protection Officer, KRATZER AUTOMATION AG, Gutenbergstrasse 5, 85716 Unterschleissheim, Germany,
dpo(at)kratzer-automation.com, tel. +49 89 32152 0, fax +49 89 32152 599

III. General information on data processing

1. Scope of the processing of personal data

We collect and use the personal data of our users only to the extent necessary for the provision of a functioning website and of our content and services.

The collection and use of the personal data of our users generally occurs only with the user's consent.

An exception applies in those cases where the prior obtention of consent is not possible for practical reasons, and where the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Insofar as we obtain consent for the processing of personal data from the person concerned, Section 6(1a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

With regard to the processing of personal data required for the performance of a contract to which the affected person is party, Section 6(1b) GDPR shall serve as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
As far as the processing of personal data is required for compliance with a legal obligation to which our company is subject, Section 6(1c) GDPR shall serve as the legal basis.

If processing is required in order to maintain a legitimate interest of our company or that of a third party, and if the interests, fundamental rights and freedoms of the party concerned do not outweigh the former interest, then Section 6(1f) GDPR shall serve as the legal basis for the processing.

3. Deletion of data and duration of storage

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage no longer exists.

In addition, storage may occur if provision is made for it by European or national legislators in EU legal regulations, laws or other rules to which the data controller is subject.

The blocking or deletion of data is then also carried out if the specified storage period specified under the standards referred to expires, unless the data needs to be stored for a further period of time for the purpose of the conclusion of a contract or contract performance.

IV. Provision of website and creation of log files

1. Description and scope of data processing

Upon every visit to our website, our web server automatically collects data and information from the system of the computer used to visit the website.
The following data is collected:

1.    Information about the browser type and version used
2.    Operating system of the user
3.    IP address of the user
4.    Date and time of access
5.    Websites from which the user's system accessed our website

The data is also stored in the log files of our web server. This data is not stored together with other personal data of the user.

2. Legal basis for data processing

The legal basis for the temporary storage of data and log files is Section 6(1f) GDPR.

3. Purpose of the data processing

The temporary storage of the IP address by the web server is necessary to enable the website to be delivered to the user's computer. This requires the storage of the user's IP address for the duration of the session.

Storage in log files is carried out to ensure the functionality of the website. In addition, the data helps us to optimise the website and to ensure the safety of our information technology systems. No evaluation of the data for marketing purposes takes place in this context.

Our legitimate interest in the processing of data also lies within these purposes, pursuant to Section 6(1f) GDPR.

4. Duration of storage

The data will be deleted as soon as it is no longer required for the achievement of the purpose of its collection. In the case of the collection of data for the provision of the website, this is the case if the session has finished.
In the case of storing the data in log files, this is the case after seven days at the latest. Storage which exceeds these time periods is possible. In this case, the IP addresses of the users are deleted or altered, so that assignment to the accessing client is no longer possible.

5. Opting out and removal options

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the internet page. There is therefore no possibility of the user opting out of this.

V. Newsletter

1. Description and scope of data processing

a) Registration

Via our internet page, it is possible to subscribe to a free newsletter. During registration for the newsletter, the following data is transmitted to us from the input mask:

  • Name
  • Email address


The registration for our newsletter occurs via a "double opt-in" procedure. In other words, after registration you will receive an email, in which we ask you to confirm your registration. This confirmation is necessary so that nobody can log on using other email addresses. Registration to the newsletter is logged.

The following data is collected during registration:

  • IP address of the accessing computer
  • Date and time of registration


Within the scope of the registration process, your consent is requested for the processing of the data, and reference made to this privacy policy.

b) Analysis of reading behaviour

While reading the newsletter, we track which topics you obtain further information on by clicking (newsletter tracking). A "web beacon" is used for this purpose, i.e. a pixel-sized file that is retrieved from the eworx server when the newsletter is opened. The following data is collected within the scope of this retrieval process:

  • Time of delivery
  • Time of opening
  • Duration of opening
  • IP address of opening
  • Email program used (email client)
  • Which link was clicked
  • Time of the clicks


Within the scope of the registration process, your consent is requested for the processing of the data, and reference made to this privacy policy.

2. Recipients

In supplying the newsletter, we are supported by our service provider Eworx Network & Internet GmbH, Hafenstrasse 2a, 4020 Linz, Austria ("Eworx"). The newsletter is distributed using "mailworx", an Eworx newsletter-distribution system. The email addresses of our newsletter recipients and the data collected during the registration process are sent to Eworx and stored on the Eworx servers in Austria. No forwarding to other third parties takes place.
Eworx uses this information for the purposes of the distribution and evaluation of the newsletter on our behalf. We have concluded an agreement with Eworx regarding the processing. It is a contract through which Eworx is committed to protect the privacy of our newsletter recipients, to process such data on our behalf exclusively according to our data protection provisions and, in particular, not to pass it on to third parties or to combine it with other data.

3. Legal basis for data processing

The legal basis for the processing of the data after the user's registration for the newsletter is Section 6(1a) GDPR, where the user has provided consent.
The legal basis for the logging of the registration procedure and the implementation of newsletter tracking is Section 6(1f) GDPR.

 

4. Purpose of the data processing

The collection of the email address and the name of the user is used to deliver the newsletter and to personalise it.
The logging of the time of registration and confirmation, and of the IP address is to provide evidence of the registration process, in accordance with the legal requirements.
Newsletter tracking is used to provide a better insight into your interests. The storage and processing of this data is done solely for the purpose of being able to send the users customised and relevant content. This information may be assigned to the individual newsletter recipients for technical reasons. However, the observation of individual users is neither our aim, nor that of Eworx. Rather, the evaluations help us to learn about our users' reading habits and to adapt our content to the latter, and/or to send different content to our users in accordance with their respective interests.
Our legitimate interest in the processing of data also lies within this purpose, pursuant to Section 6(1f) GDPR.

5. Duration of storage

The data will be deleted as soon as it is no longer required for the achievement of the purpose of their collection. The email address, name of the user and the personal data collected during the registration process and during newsletter tracking will be stored as long as the newsletter subscription is active.

6. Opting out and removal options

The newsletter subscription may be cancelled at any time by the relevant user. To this end, there is a corresponding link in every newsletter.
This link also provides the option of revocation of consent of the storage of the personal data collected during the registration process and during newsletter tracking. Separate revocation of the newsletter subscription and newsletter tracking is unfortunately not possible.

VI. Contact form, email contact, telephone contact

1. Description and scope of data processing

Contact forms on our website are available and can be used for electronic contact. If a user takes this option, the data entered in the input mask is sent to us and stored. This data comprises:

  • Title, name
  • Company
  • Email, telephone number
  • Reason for making contact

 

In addition, the following data is stored at the time the message is sent:

  • Date and time the message is sent


Within the scope of the sending process, your consent is requested for the processing of the data, and reference made to this privacy policy.
Alternatively, contact via the provided email addresses is possible. In this case, the user's personal data sent via email is stored.
Alternatively, it is possible to make contact via telephone. In this case, the user's telephone number is communicated along with the call, as necessary.
There is no transfer of data to third parties in this respect. The data will be used exclusively for handling the conversation.

2. Recipients

The data will be used exclusively within the KRATZER AUTOMATION Group for processing the conversation. As a rule, the KRATZER AUTOMATION Group company responsible for your location will contact you regarding your request. Should your site be within the EU, your data will not be forwarded to companies in the KRATZER AUTOMATION Group outside the EU without your consent. Data is not transferred to other third parties in this context.

3. Legal basis for data processing

The legal basis for the processing of the data is Section 6(1a) GDPR, where the user has provided consent.
The legal basis for the processing of the data in the course of sending an email is Section 6(1f) GDPR. If the email sent has the aim of concluding a contract, Section 6(1b) GDPR forms the additional legal basis for processing.

4. Purpose of the data processing

The processing of the personal data from the input mask is performed solely for handling your email/telephone call etc. The other personal data processed during the course of the sending the contact form serves to prevent the misuse of the contact form.
In the event of contact via email or telephone, this also constitutes the legitimate interest in the processing of the data.

5. Duration of storage

The data will be deleted as soon as it is no longer required for the achievement of the purpose of their collection.
For that personal data from the input mask of the contact form which has been sent by email, and for data logged in the contact process, this is the case when the given conversation with the user has ended. The conversation is ended at the latest when it is clear from the circumstances that the relevant facts have been conclusively clarified.
In the case of a telephone call, the number will be overwritten cyclically by the next call, chronologically speaking.

6. Opting out and removal options

The user has the option of revoking his/her consent for the processing of personal data at any time.
If the user has email or telephone contact with us, he/she may object to the storage of his/her personal data at any time. In such a case, the conversation cannot be continued.
Please send your objection to:
KRATZER AUTOMATION AG, Gutenbergstrasse 5, 85716 Unterschleissheim, Germany,
dpo(at)kratzer-automation.com, tel. +49 89 32152 0, fax +49 89 32152 599
All personal data that has been stored in the course of the contact process will in this case will be deleted.

The transfer of the telephone number is handled via your telephone or via your telephone provider, and is communicated to us. Therefore, you as a user have full control over the disclosure of your telephone number:

  • By modifying the settings on your phone, or by your service provider modifying your phone system, you can disable the communication of the number.

VII. Web analytics by Google Analytics, use of cookies

1.    Scope of the processing of personal data

On our website, we use the analysis software Google Analytics for analysing our users' surfing behaviour. The software places a cookie on the user's computer.
Cookies are text files that are stored in the internet browser or on the user's computer system by the internet browser. When a user visits a website, a cookie is stored on the user's operating system. This cookie contains a characteristic string, enabling the unique identification of the browser when you revisit the website.
If individual pages of our website are visited, the following data is stored:

(1)    The first two bytes of the IP address of the user's system used for the visit
(2)    The webpage visited
(3)    The website via which the user accessed the webpage (referrer)
(4)    The subpages visited via the visited webpage
(5)    The duration of visit to the website
(6)    The frequency with which the webpage is visited

In this respect, the software runs on the servers of the service provider, Google Analytics. The software is set up such that the IP addresses will not be stored completely; rather the last two bytes of the IP address are masked (e.g.:  192.168.xxx.xxx). In this way, the assignment of the truncated IP address to the accessing computer is no longer possible.

2.    Legal basis for the processing of personal data

The legal basis for the processing of the personal data of users is Section 6(1f) GPDR.

3.    Purpose of the data processing

The processing of users' personal data allows to analyse our users' surfing behaviour.
By evaluating the data obtained, we are able to compile information about the use of the individual components of our website. This helps us to continually improve our website and its user friendliness. Our legitimate interest in processing data also lies within these purposes, pursuant to Section 6(1f) GDPR. By anonymising the IP address, sufficient account is taken of the users' interest in protecting their personal data.

4.    Duration of storage; options for raising objections and for removal

Cookies are stored on the user's computer and transmitted to our site. Therefore, you as a user have full control over the use of cookies:

  • By modifying the settings in your internet browser, you can disable or restrict the transfer of cookies.
  • Previously stored cookies can be deleted at any time. This can also be done in an automated manner. If cookies are disabled for our website, it may be that not all of the features of the website can henceforth be used to their full extent.
  • You can prevent collection by Google Analytics by clicking on the link below. An opt-out cookie will be used, which will prevent the future collection of data upon visiting this website. In this way, another cookie is placed on your system, which tells our system signals not to store the user's data. If, in the meantime, the user deletes the appropriate cookie from his/her own system, he/she must once again accept the opt-out cookie.

More information about terms of use and privacy by Google can be found here:
http://www.google.com/analytics/terms/gb.html or here http://www.google.com/intl/de/analytics/privacyoverview.html.

VIII. Telemarketing (UK only)

1. Description and scope of data processing

We collect personal data in the following ways:

  • When you provide your contact details to us
  • when requesting information about our products or services, either via the telephone, our online enquiry forms or face-to-face
  • When you give us your business card
  • When you sign up for our newsletter
  • When you register to attend one of our webinars
  • When we meet you at trade shows
  • When you engage with us through social media
  • When we call to speak to you or other employees at your business
  • Via openly available public sources (e.g. LinkedIn, company websites or Google searches).

We collect the following data:

  • Business contact data (full name, email address, postal address, job title, company name)
  • Contact history of communication and conversations with KRATZER AUTOMATION employees

2. Recipients

In supplying marketing information as well as product, service and company updates and information, we are supported by our service provider Shortlist Marketing Ltd, Space 2
Dakeyne Street, Nottingham, NG3 2AR. An email providing updated product and services is distributed using Shortlist Marketing email system. The email addresses of our recipients and the data collected during the registration process are stored on Shortlist Marketing servers in UK. No forwarding to other third parties takes place.

Shortlist Marketing uses this information for the purposes of distribution and evaluation of prospects, ex-customers and suppliers on our behalf. We have concluded an agreement with Shortlist Marketing regarding the processing. It is a contract through which Shortlist Marketing is committed to protect the privacy of our recipients, to process such data on our behalf exclusively according to our data protection provisions and, in particular, not to pass it on to third parties or to combine it with other data.

3. Legal basis for data processing

The legal basis for the collection of the data and the distribution of marketing information is our legitimate interest (Section 6(1f) GDPR.). We have balanced with the interests of our prospects, suppliers and other business contacts. A copy of our balance test is available on request.

4. Purpose of the data processing

Processing personal data is necessary to enable us to contact targeted prospects at relevant organisations regarding our products and services. This will include marketing information as well as product, service and company updates and information.
Our legitimate interest in the processing of data also lies within this purpose, pursuant to Section 6(1f) GDPR.

5. Duration of storage

KRATZER AUTOMATION will store relevant personal data under the terms of Legitimate Interest on prospects for no longer than a 5 year period.

6. Opting out and removal options

The subscription may be cancelled at any time by the relevant user. To this end, there is a corresponding link in every email.
This link also provides the option to withdraw consent of the storage of personal data collected during the registration process and during newsletter tracking. Separate cancellation is unfortunately not possible.

IX. Your rights

If your personal data is processed, then you are the "party concerned" within the meaning of the GDPR, and you have the following rights vis-à-vis the data controller:

1. Right to information

You can request confirmation from the data controller as to whether personal data relating to you is being processed by us.
If such processing is indeed taking place, you can request the following information from the data controller:

(1)    the purposes for which the personal data is being processed;
(2)    the categories of personal data which are being processed;
(3)    the recipients and/or categories of recipients to whom the personal data has been or will be disclosed;
(4)    the planned duration of the storage of personal data relating to you or, if specific details are not available in this respect, the criteria for determining the duration of storage;
(5)    the existence of a right to correction or deletion of personal data concerning you, of the right to limitation of processing by the data controller or of the right to object to this processing;
(6)    the existence of a right of appeal to a supervisory authority;
(7)    all available information concerning the source of the data, if the personal data is not collected from the person concerned;
(8)    the existence of an automated decision-making system including profiling according to Section 22(1) and (4) of the GDPR and – at least in these cases – significant information as to the logic involved and the scope and desired impact of such processing for the person concerned.

You have the right to demand information as to whether your personal data is transferred to a third country or to an international organisation. In this context, you may demand information regarding the appropriate guarantees according to Section 46 GDPR, in connection with such transfer.

2. Right to correction

You have a right to have the data controller corrected and/or complete your processed personal data, where it is inaccurate, or incomplete. We will undertake this correction immediately.

3. Right to restriction of processing

In the following situations, you may demand the restriction of the processing of personal data concerning you:

(1)    if you dispute the accuracy of your personal data for a period of time which allows the data controller to check the correctness of the personal data;
(2)    the processing is unlawful and your waive the right to have your personal data deleted, and instead demand the restriction of the use of the personal data;
(3)    the data controller no longer requires the personal data for the purposes of processing, but does require it for the assertion, exercise or defence of legal claims, or
(4)    if you raise an objection to the processing in accordance with Section 21(1) GDPR and it has not yet been decided whether our legitimate reasons as the data controller prevail over the grounds you cite.

If the processing of personal data has been restricted, this data – irrespective of its storage – may only be processed with your consent or for the assertion, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of substantial public interests of the European Union or of a Member State.
If the restriction on processing has itself been restricted according to the aforementioned conditions, you will be informed by the data controller before the restriction is lifted.

4. Right to deletion

a) Deletion obligation

You may demand of the data controller that your personal data is deleted immediately, and the data controller is obliged to immediately delete this data insofar as one of the following reasons applies:

(1)    Your personal data is no longer necessary for the purposes for which they were collected or processed in any other way.
(2)    You revoke your consent to processing based on Section 6(1a) or Section 9(2a) GDPR, and there is a lack of any legal basis for the processing.
(3)    Your raise an objection against the processing of the data, pursuant to Section 21(1) GDPR, and no legitimate reasons for processing exist, or you raise an objection against the processing pursuant to Section 21(2) GDPR.
(4)    Your personal data has been processed unlawfully.
(5)    The deletion of your personal data is required in order to comply with a legal obligation in accordance with EU law or the law of the Member States to which the data controller is subject.
(6)     Your personal data is collected in relation to services rendered by the information society in accordance with Section 8(1) GDPR.

b) Information for third parties

If the data controller has made your personal data public and if it is obliged to delete it pursuant to Section 17(1) GDPR, then it shall perform appropriate measures – taking into account the available technology and the implementation costs – including measures of a technical nature, in order to inform the party responsible for the data processing that you, as a person concerned, have demanded the deletion of all links to this personal data and of any copies or replicas of this personal data.

c) Exceptions

The right of deletion does not apply if the processing is required:

(1)    to ensure the exercise of the right to freedom of expression and information;
(2)    for the fulfilment of a legal obligation, where the latter requires processing in accordance with EU law or the law of the Member States to which the data controller is subject, or for the performance of a task carried out in the public interest or in the exercise of public authority, where this has been transferred to the data controller;
(3)    for the assertion, exercise or defence of legal claims.

5. Right to information

If you have asserted the right to correction, deletion or restriction of the processing of the data vis-à-vis the data controller, then the latter is obliged to communicate this correction, deletion or restriction to all recipients to whom the personal data has been disclosed, unless this proves to be impossible or would involve disproportionate effort.
You have the right to demand that the data controller informs you about these recipients.

6. Right to data portability

You have the right to receive the personal data you have provided to the data controller in a structured, common and machine-readable format. You also have the right to communicate this data to another data controller without interference from the data controller to whom the personal data were first provided, if

(1)    the processing is based on a consent according to Section 6(1a) GDPR or Section 9 (2a) GDPR or on a contract pursuant to Section 6(1b) GDPR and
(2)    the processing is performed using automated procedures.

In exercising this right, you also have the right to have your personal data transferred directly from one data controller to another, insofar as this is technically feasible. The freedoms and rights of other persons may not be affected by this.

7. Right of objection

You have the right to raise objections – at any time and for reasons related to your specific situation – to the processing of your personal data, where this processing occurs pursuant to Section 6(1e) or (1f) GDPR.
The data controller shall no longer process your personal data, unless it can state grounds worthy of defence which outweigh your interests, rights and freedoms, or unless the processing serves the assertion, exercise or defence of legal claims.

8. Right of revocation of the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. By revoking consent, the lawfulness of the processing carried out on the basis of the consent up until the time of revocation shall not be affected.

9. Right to file a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you are entitled to file a complaint with a supervisory authority in the Member State where you reside, the Member State in which your place of work is located or where the alleged infringement took place, if you are of the opinion that the processing of personal data breaches the GDPR.
The supervisory authority to which the complaint is filed will inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy pursuant to Section 78 GDPR.
Your competent supervisory authority is that of your place of residence:

Supervisory authorities in Europe: