Privacy Policy

We, Kieback&Peter GmbH & Co. KG (hereinafter referred to as Kieback&Peter), appreciate your interest in our company. Our Privacy Policy serves to inform visitors to our website, applicants, interested parties, and external partners as well as other groups of individuals from whom we process personal data.

We aim to design our Privacy Policy in such a way that everyone can easily and quickly see what data we process and for what purposes.

If you have any questions about our Privacy Policy, please contact us at privacy[at]kieback-peter.com.

General Information

The data controller pursuant to Article 4 (7) General Data Protection Regulation (GDPR) is:

Kieback&Peter GmbH & Co KG
Tempelhofer Way 50
12347 Berlin, Germany

E-Mail: info[at]kieback-peter.de

(see our Legal Notice).

You can reach our Data Protection Officer, Mr. Marco Tessendorf, at privacy[at]kieback-peter.com or at our postal address with the addition “Data Protection”.

You have the following rights with regard to personal data concerning you:

  • Right of access: Article 15 GDPR
  • Right to rectification: Article 16 GDPR
  • Right to erasure: Article 17 GDPR
  • Right to restrict processing: Article 18 GDPR
  • Right to data portability: Article 20 GDPR

If the data processing is based on Article 6 (1) (e) or (f) GDPR, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this Privacy Policy.

If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defense of legal claims (objection under Article 21 (1) GDPR).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Article 21 (2) GDPR).

The objection is free of charge and may be made form-free, ideally to privacy[at]kieback-peter.com. Please send a postal objection to our postal address with the addition “Data Protection”.

You have the right to complain to a data protection supervisory authority about our processing of your personal data.

The competent supervisory authority is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
[Berlin Commissioner for Data Protection and Freedom of Information]

Friedrichstr. 219
10969 Berlin, Germany

Phone: +49 30 13889-0

E-mail: mailbox[at]datenschutz-berlin.de

1. Information security and data protection management

The protection of personal data is an important concern for us. In addition to a data protection management system, Kieback&Peter also maintains an information security management system in which data protection standards are anchored.

Kieback&Peter’s information security management system is regularly audited and certified according to DIN ISO 27001.

There are procedures and rules stipulating that every employee is familiarized with data protection issues. This includes every employee receiving a briefing on the applicable provisions at the start of their employment. Together with the employment agreement, each employee signs the obligation to handle personal data confidentially. Training courses on data protection are regularly held. In addition, information on data protection is available at a central location. A data protection officer has been appointed (cf. “Our Data Protection Officer”).

Your data is stored on an external data center’s servers, which are conscientiously protected against loss, destruction, falsification, unauthorized access, or unauthorized disclosure by special precautions.

2. Website encryption

This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential contents (e.g., inquiries via our contact form). You will recognize an encrypted connection by the abbreviation “https://” in the browser’s address header and by the lock symbol in your browser header. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

1. General

If we disclose, transfer, or grant access to your personal data to other persons and companies (processors or third parties), this is always done on a legal basis such as your consent, a legal obligation or in our legitimate interest (e.g., if we use email service providers, etc.). When we engage processors to process data, the data is always processed on the basis of Article 28 GDPR.

2. Hosting service providers and maintenance and upkeep of the website

We use external service providers to support the operation of our website. They have been carefully selected and commissioned by us, are bound by our instructions, and are regularly monitored. The collaboration occurs on the basis of processing contracts on behalf of a controller in accordance with Article 28 GDPR.

These external service providers, who support us in technical terms (e.g., web hosters, programmers), usually have at least the possibility to access personal data. Such access is not intended. It cannot be ruled out in individual cases, however, that certain personal data will be disclosed to such service providers in the course of their activities.

We use the following external service providers:

  • UpCloud Ltd. Company, Eteläranta 12, 6. krs, FI-00130 Helsinki, Finland, email: hello[at]upcloud.com, website: http://www.upcloud.com/; data protection: https://upcloud.com/privacy-policy/; purpose: hosting for content management system
  • networkteam GmbH, Kleiner Kuhberg 42, 24103 Kiel, Germany, email: info(at) networkteam.com, website: https://networkteam.com/; purpose: maintenance and support of our website
  • TEMA Technologie Marketing AG, Aachener-und-Münchener-Allee 9, 52074 Aachen, email: info[at]tema.de, website: https://www.tema.de/; purpose: maintenance, hosting and upkeep of our website
  • DAYONE GmbH, Oudenarder Str. 16, 13347 Berlin, email: info[at]dayone.de, website: https://dayone.de/; purpose: maintenance and care of our website

3. Transfers to third countries

If we transfer data to a third country (i.e., outside the EU or EEA) for processing to use third-party services, or if we disclose or transfer data to third parties, we do so because it is in our legitimate interest to process the data, because it is necessary for the performance of our (pre-)contractual obligations, because we have to comply with a legal obligation or because you have given your consent.

Subject to statutory or contractual permissions, we only process data or have data processed in a third country if the specific requirements of Articles 44 et seqq. GDPR are met. The data is therefore only processed on the basis of special guarantees such as an EU adequacy decision or compliance with officially recognized special contractual obligations (referred to as standard contractual clauses).

Profiling (Article 4 (4) GDPR) describes a type of automated processing of personal data that consists in evaluating, analyzing, or predicting certain personal aspects such as work performance, economic situation, health or personal preferences of individuals. Kieback&Peter does not use automated decision-making and profiling which may produce legal effects concerning you or similarly significantly affect you.

This Privacy Policy was last updated in April 2022.

It may become necessary to change this Privacy Policy due to the further development of our website or due to amended statutory or official requirements.

Processing of your data

1. Usage data and log files

a) Description of the data processing

In cases of the mere informative use of our website, i.e., if you do not register or otherwise transmit information to us, our system automatically collects data and information that your browser transmits to our server (usage data):

  • IP address,
  • date and time of the request,
  • time zone difference from Greenwich Mean Time (GMT),
  • content of the request (specific page),
  • access status/HTTP status code,
  • the amount of data transferred in each case,
  • web page from which the request originates,
  • browser,
  • operating system and its interface,
  • language and version of the browser software.

The data will be temporarily stored in the log files of our system. There will be no storage of this data together with other personal data.

b) Legal basis for data processing

The legal basis for the temporary storage of the data is Article 6 (1) (f) GDPR (legitimate interest).

c) Purpose of the data processing

The temporary storage of data by the system is necessary to provide you with our website. For this purpose, in particular the IP address of the user must remain stored for the duration of the session.

The storage in log files ensures the functionality of the website. In addition, the data serves to ensure the security of our information technology systems. These purposes are also our legitimate interest in data processing in accordance with Article 6 (1) (f) GDPR.

d) Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after 7 days at the latest.

e) Possibility of objection

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection by the website visitor.

2. Cookies and similar web storage technologies

a) Use of cookies and web storage

This website uses cookies. Cookies are small text files that are stored on your hard drive associated with the browser you are using and through which the entity that sets the cookie (in this case, us) receives certain information. Cookies cannot execute programs or transmit viruses to your computer.

In addition to cookies, we use local storage technology and session storage technology. Information is stored locally in your browser’s cache (“buffer memory”) and can be read. This technology is also referred to as web storage technology.

For ease of reference, we summarize cookies and web storage technology as “cookies” below. You can find out what types of cookies and other web storage technologies this website uses, what they do and how they work in the following section:

Essential cookies (local storage, session storage)

The use of web storage technology on this website is technically necessary so that the consents to the use of cookies requiring consent may be managed by us. We use the Consent Management Tool (“CMT”) of Usercentrics GmbH (“Usercentrics”) to obtain and document consents for data processing by the services we use. Details can be found in the section “Description of the services that use these technologies”.

The legal basis for the use of local storage or session storage (essential) and the associated data processing is Section 25 (2) (2) German Telecommunications and Telemedia Data Protection Act in conjunction with Article 6 (1) (c) GDPR.

Functional cookies

Functional cookies are used to analyze how our website is used. We use these cookies, for example, to determine the number of visitors to this website. We use the information to optimize our website and adapt it to user needs. The legal basis for the use of functional cookies and the associated data processing is consent in accordance with Section 25 (2) (2) Telecommunications and Telemedia Data Protection Act in conjunction with Article 6 (1) (a) GDPR.

Content cookies

Content cookies are used to show you content (maps, videos). They serve to provide useful functions on our website. The legal basis for the use of these cookies and the associated data processing is consent in accordance with Section 25 (2) (2) Telecommunications and Telemedia Data Protection Act in conjunction with Article 6 (1) (a) GDPR.

Marketing cookies

Marketing cookies are used to show you personalized promotional content that is relevant to your interests. This occurs not only on this website, but also on other advertising partner websites (third-party providers). This is referred to as retargeting. Marketing cookies help us to display relevant promotional content to you. The legal basis for the use of marketing cookies and the associated data processing is consent in accordance with Section 25 (2) (2) Telecommunications and Telemedia Data Protection Act in conjunction with Article 6 (1) (a) GDPR.

b) Use of pixel technology (functional)

The technologies used on this website include “pixels”. A pixel is a small amount of code on a web page that is typically used in conjunction with cookies to identify users and track user behavior. We use pixels, for example, to find out whether you have interacted with certain website content. This allows us to measure and improve our services. The legal basis for the use of pixel technology and the associated data processing is consent in accordance with Section 25 (2) (2) Telecommunications and Telemedia Data Protection Act in conjunction with Article 6 (1) (a) GDPR.

c) Description of the services using these technologies

In the following, we describe the services for which we use the technologies described above on this website.

Additional information is available in the CMT of Usercentrics

Usercentrics (technology used: local storage)

The CMT is a consent management system that automatically blocks all cookies and pixels that are not technically necessary until the user has given their consent. We use Usercentrics to comply with statutory obligations and to store your consent for certain functions. Thus, when visiting this website, you have the option to set the cookies and pixels according to your settings.

Additional information is available in the CMT of Usercentrics

Google Analytics and Google Optimize (technologies used: cookies, pixels)

This website uses the Google Analytics and Google Optimize services of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”) to analyze and optimize website use. We use the anonymization “_anonymizeIp()” extension to anonymize the IP address.

Additional information is available in the CMT of Usercentrics

Google Tag Manager (technology used: Pixel)

This website uses the Google Tag Manager. Through this service, third-party website tags can be managed on our website (e.g., Google Analytics) via an interface.

Additional information is available in the CMT of Usercentrics

Google Double Click Ad (technology used: cookies)

Google uses the DoubleClick cookie on websites in the Google advertising network and on certain Google services.

Additional information is available in the CMT of Usercentrics

Google Maps (technology used: cookies)

On this website we use the offer of Google Maps. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function. 

Additional information is available in the CMT of Usercentrics

YouTube videos (technology used: cookies)

This website uses a plugin of YouTube, which is a member company of Google. We have activated the extended data protection mode, i.e., videos are not accessed via youtube.com, but via youtube-nocookie.com. Additional information is available in the CMT of Usercentrics.

Additional information is available in the CMT of Usercentrics

d) Third-country transfers

Data processing in connection with the aforementioned services partly takes place outside the EU or the EEA. An adequate level of data protection pursuant to Article 46 (2) (c) GDPR can be expected via the use of standard contractual clauses. We will provide the concluded standard contractual clauses upon request.

Please note: When using the services described here, data is transferred to the USA, a country without an adequate level of data protection. 

Please refer to the description of the individual services in the CMT of Usercentrics to find out which other third countries are involved.

 

e) Right of withdrawal

You may revoke consent given at any time and without providing reasons with effect for the future. 

The revocation may be made at any time by changing the settings in the CMT of Usercentrics.

1. Description of the data processing

There are several ways to contact us on our website.

2. Via contact form

If you use our contact form, we collect the data you enter there (your email address, the content of your request, your postal code, if applicable your first and last names, your company). When sending the message, the date and time of the contact are also transmitted to us and stored. Data that you transmit to us in this way will be electronically processed by Kieback&Peter in our system (cf. section “Systems for processing data“) for the purpose of responding to and processing your inquiry.

The processing is based on our legitimate interest in the effective processing of the inquiries addressed to us as well as the handling of business relations with our B2B partners (Article 6 (1) (f) GDPR). The other personal data processed during the submission process (e.g., date and time of contact) serve to prevent misuse of the contact form and to ensure the security of our information technology systems. In this respect, we also invoke legitimate interests.

3. By email

When you communicate with us by email, you transmit data to us such as your email address, information in the content of your message or your signature (e.g., your position and contact details), general data such as the time of sending, as well as specific data that you may transmit in an attachment (in the case of job applications, e.g., your CV). Data that you transmit to us in this way will also be electronically processed in our system (cf. section “Systems for processing data“) for the purpose of responding to and processing your request.

We provide this communication channel to enable you to quickly contact us electronically. In addition, the processing is based on our legitimate interest in the effective processing of requests addressed to us as well as the processing of business relationships with our B2B partners (Article 6 (1) (f) GDPR).

4. By phone

When you make a phone call to one of our employees, we record certain traffic and communication data such as the phone number used or the duration of the call. Our employees are also required to briefly log the content of the call in our system (cf. section “Systems for processing data“).

The processing is based on our legitimate interest in the effective processing of requests addressed to us and the handling of business relations with our B2B partners (Article 6 (1) (f) GDPR).

5. By mail

When you contact us by postal mail, we record data on your sender address and the content of the document. Some of the documents sent are also stored digitally for faster processing. Here, too, we refer to Article 6 (1) (f) GDPR as the legal basis.

6. Via personal contact, e.g., at trade shows

You may also get in touch with Kieback&Peter at events, lectures, or trade shows and leave us your information, e.g., in the form of a business card. We digitize the data collected in this way by transferring it to our CRM system. Where necessary, the content of the conversation will be recorded.

The processing of this data regularly takes place on the basis of Article 6 (1) (f) GDPR. Staying in contact with interested parties and potential business partners is a legitimate interest of any company. The logging of the associated conversation is based on our legitimate interest in being able to advise you optimally in a subsequent conversation (Article 6 (1) (f) GDPR).

At trade shows and other events, our employees sometimes use the lead app of provider Alivello. Contact data, language, and additional data such as interest in our products are collected. The collected data is transferred to the systems of Alivello and transmitted to the responsible branch of Kieback&Peter to follow up on the contacts (e.g., create offers, capture in the CRM system). After the capture, the prospect receives a personalized thank you letter via the lead app.

The data is used to carry out quantitative and qualitative evaluations of a trade show booth visit, e.g., customers from which region visited our booth, which products were they interested in. In addition, the data will be used to contact the interested party with the objective of providing requested (product) information and initiating business. We base the processing on Article 6 (1) (f) GDPR.

The cooperation with Alivello occurs on the basis of a contract on processing on behalf of a controller in accordance with Article 28 GDPR.

7. Verification and enrichment of data

To be able to respond to inquiries in the best possible way and to verify and update our database, we supplement personal data by research and enrichment where necessary (e.g., by adding the salutation or the assignment of a position or department). We use only publicly accessible sources as sources for this purpose.

8. Duration of storage

The data you send us will remain with us until you request us to delete such data or the purpose for storing the data no longer applies. Mandatory statutory provisions – in particular statutory storage obligations – will remain unaffected.

This section serves to inform you about how Kieback&Peter processes your personal data when you apply for a job advertised by us or on your own initiative.

You provide us with your personal data voluntarily as part of the application process. The provision of personal data is necessary for the processing of your application or the conclusion of an employment contract with us. This means that if you do not provide us with personal data when applying, we will be unable to enter into an employment relationship with you.

1. Description of the data processing

We process all data that you provide to us via your application. This includes, among other things, your contact details, your application documents (CV, cover letter, previous work experience, education and certificates as well as our notes from interviews with you), your desired salary, the type of employment you are seeking and the date available and, in exceptional cases, your identification documents.

In addition, this also applies to all other data that you send us, including all correspondence with us during the application process and, where applicable, the results of recruitment tests or online tests (cf. also “Competence and potential analyses”).

In individual cases, special categories of personal data (Article 9 GDPR) may also be collected, e.g., health data, such as information on any severe disability.

To carry out the personnel search efficiently, we use recruitment agencies in individual cases, which forward interesting application profiles to us for review.

We may also obtain the above data about you from other sources that you provide to us as well as websites and other publicly accessible sources on the Internet. This includes, for example, data that you have obviously made public as part of an online profile (e.g., XING, LinkedIn). We may also receive data that you submit to us via third-party websites, e.g., from job boards such as StepStone or Monster.

2. Purpose of the data processing

We process your personal data to be able to carry out the selection procedure. The data you provide will be processed for the purpose of processing your application and, if an employment relationship is established, also for the purpose of implementing the employment relationship.

3. Legal basis for data processing

The legal basis for this is Section 26 (1) Federal Data Protection Act and Section 22 (1) (b) Federal Data Protection Act or, in the case of public profiles, Article 6 (1) (f) GDPR in conjunction with Article 9 (2) (e) GDPR. The legitimate interest in this case is to receive a clear brief profile of you, which you have obviously made public within the meaning of Article 9 (2) (e) GDPR.

Where consent is required for processing (e.g., for inclusion in our talent pool), the legal basis is Section 26 (2) Federal Data Protection Act in conjunction with Article 7 GDPR or – depending on the case – Article 6 (1) (a) GDPR.

In addition, we may process personal data about you where this is necessary for the defense of asserted legal claims against us arising from the application process. The legal basis for this is Article 6 (1) (f) GDPR. The legitimate interest is, for example, a duty of proof in proceedings under the German General Equal Treatment Act.

If an employment relationship is established between you and us, we may process the personal data already received from you for the purposes of the employment relationship in accordance with Section 26 (1) Federal Data Protection Act.

4. Recipients of data

Your application will be processed as quickly as possible by the responsible HR department at Kieback&Peter. Kieback&Peter consists of several legally independent companies, each with its own HR department, which processes the applications received for the job advertisements of the individual Kieback&Peter companies.

If you do not apply for a job posting but register in the talent pool, a Kieback&Peter HR department will contact you as soon as a job opening that is matching your profile is available. In the meantime, you will remain in the talent pool with your profile visible to all Kieback&Peter companies.

Provided that you have given your consent, the application will then be reviewed by the relevant departments as well as affiliates and subsidiaries of Kieback&Peter.

5. Job applicant management system Bewerber3 of P&I Personal & Informatik AG

We use the “Bewerber3” applicant management system from P&I Personal & Informatik AG, Kreuzberger Ring 56, 65205 Wiesbaden, Germany, to carry out the personnel selection process. The system is operated and maintained by us, so that the provider does not obtain any access to your personal data.

6. Competence and potential analyses

In certain cases (e.g., when selecting managers or sales staff), a personality analysis of the applicant is carried out during the application process. For this purpose, the applicant (voluntarily) goes through an online questionnaire. In this case, Kieback&Peter generates a link which allows the respective applicant to log in to our service provider and complete the questionnaire. The results of the analysis are made available to the responsible HR department at Kieback&Peter, will be discussed as part of the job interview, and then forwarded to the superior(s) where appropriate.

Such analysis is always carried out in consultation with the applicant and on the basis of voluntary consent within the meaning of Section 26 (2) Federal Data Protection Act. For this purpose, we involve our service provider, Insights MDI International Deutschland GmbH, as a processor on behalf of a controller. Our service provider uses other processor on behalf of a controller to provide the services, which may also be located in an unsafe third country. To mitigate the resulting risks, Insights MDI International Deutschland GmbH has taken appropriate technical and organizational measures, in particular the primary storage of data within the EU and the conclusion of standard contractual clauses pursuant to Article 46 (2) (c) GDPR

7. Duration of storage

We store your personal data for 6 months or for as long as we need it for the legitimate interest of Kieback&Peter under applicable laws. We will retain your data beyond this period if you have given your consent to the continued storage and provision of your applicant information (talent pool). You may revoke your consent at any time without giving reasons. Your data will then be deleted from the talent pool without delay.

If you accept employment with us, we will retain your personal data for the duration of your employment in accordance with the Kieback&Peter Employee Privacy Policy.

1. Description of the data processing

In the case of customers, suppliers, other business partners and interested parties, we process personal data essentially for the purpose of initiating, establishing, and processing contractual, pre-contractual, and supply relationships, including delivery, payment, and any warranty or product liability.

In particular, we collect the following information:

  • Salutation, first name, last name, academic title
  • Email address
  • Address
  • Telephone number (landline and/or mobile)
  • Fax number
  • Bank details
  • Position or activity in the company (e.g., project manager)
  • Affiliation to the departmental organization (e.g., departmental affiliation)
  • Correspondence (correspondence, minutes of meetings)

2. Purpose of the data processing

The processing of this data is carried out for the following purposes:

  • Identification
  • Performance of our contractual relationship
  • Correspondence and communication
  • Invoicing
  • Credit check
  • Information by letter about upcoming events (e.g., in-house exhibitions) as well as our services and products (e.g., in case of exchanges)
  • Settlement of any existing claims and assertion of any claims against you or the customer or supplier.

In addition, we process – where necessary within the framework of the contractual relationship and/or other cooperation – personal data which we obtain from publicly accessible sources (e.g., public registers, press, Internet) in a permissible manner or which are transmitted by other third parties (e.g., a credit agency) in a justified manner.

3. Recipients of data

At Kieback&Peter, only those persons and departments (e.g., specialist department) obtain access to personal data that require such information to meet our contractual and legal obligations or to protect our legitimate interests.

In addition, personal data is also transmitted to other companies within our group of companies, transmitted to us by them or access to such data is granted to these companies.

We also use ­various service providers (e.g., IT service companies) and vicarious agents to meet our contractual and statutory obligations, ­who also receive data for such purposes.

We may further transfer your personal data to other recipients outside the company where necessary to meet contractual and statutory obligations. These may include:

  • public bodies and institutions (e.g., tax authorities, courts)
  • auditors, tax consultants, experts
  • bank of the customer, supplier, or business partner (SEPA payment medium)

In addition, we pass on data to credit agencies for the purpose of checking creditworthiness.

4. Legal basis for data processing

The processing is based either on our legitimate interest in processing the necessary (contact) data of our B2B partners to conduct business relationships (Article 6 (1) (f) GDPR), on Article 6 (1) (b) GDPR (in the case of sole traders or other individuals) or is necessary to comply with a statutory obligation (Article 6 (1) (c) GDPR). Where personal data of B2B contacts is used to send information about upcoming events, services and products by post, we rely on Article 6 (1) (f) GDPR. We expect that this is in your and our economic interest and that you reasonably expect that processing will take place for this purpose.

5. Duration of storage

We will delete your personal data as soon as they are no longer required for the above-mentioned purposes. After termination of the contractual relationship, your personal data will be stored as long as we are legally obligated to do so. This regularly arises from statutory obligations to provide proof and to store data, which are governed, among other things, by the German Commercial Code and the German Fiscal Code. The storage periods are then up to ten years.

In addition, personal data may be retained for the period during which claims may be brought against us (statutory limitation period of three to thirty years).

If the respective purpose ceases to apply or the corresponding time limits have expired, your data will be routinely deleted.

1. Description of the data processing

We offer various training courses and seminars on our products and services as part of our in-house academy.

To register for our customer training courses, we collect the following information in particular:

  • First name, last name
  • Activity
  • Email address
  • Phone number
  • Company with address
  • Department (optional)
  • Registration date
  • Seminar topic
  • Seminar date/ alternative date
  • Hotel reservation (date)
  • Invoice address (company/ contact person/ department/ address)
  • Contact (name and email) for sending the registration confirmation

2. Purpose of the data processing

The processing of data in connection with our training courses and seminars is carried out for their planning, organization, performance, and documentation.

Lists of participants

For the performance of the training courses and seminars, we create a list of participants, which we keep for internal documentation purposes and by means of which we verify the attendance of the registered persons. Following the event, a certificate of attendance can be issued upon request.

Hotel bookings & food orders

The training courses and seminars are held either on-site or in digital form. In the case of on-site events, we will also take care of any hotel bookings and food orders upon request. In the case of hotel bookings, your first and last name as well as the day of arrival and expected departure will be passed on to the booked hotel for the purpose of making the reservation. If food orders are made, the canteen or the booked restaurant will receive the information about the requested food. As a rule, however, the food orders are aggregated and passed on without assigning the dishes to the names.

Digital training

For digital training courses and seminars, we use the Microsoft Teams video conferencing system from Microsoft Ireland Operations Ltd. The data generated in the course of using the service (in particular login, connection, and log data) is also usually transmitted to insecure third countries, in particular to the USA. For additional information on Microsoft, please refer to the section “Systems for processing data“. There is no recording of the training sessions via Teams in the process.

3. Conducting feedback surveys

Following an event that has been held, we regularly ask you to provide us with anonymous feedback. For this purpose, you will receive an email with a link to participate in a survey. We receive the survey results in an anonymized form and can therefore not draw any conclusions about you personally. Feedback surveys help us to continually improve our customer training courses.

We use Microsoft Forms to create, implement, and evaluate the feedback form. Your IP address and the data you voluntarily provide will be passed on to Microsoft. This also involves the transfer of data to the USA, a country without an adequate level of data protection. For additional information on Microsoft, please refer to the section “Systems for processing data“.

4. Other recipients of your data

With regard to the other recipients of data, we refer to the explanations on the recipients of personal data under the section “Customers, suppliers and other business partners“. These apply here accordingly.

5. Legal basis for data processing

The processing is based either on our legitimate interest in being able to offer our customers an optimal service by providing specific expertise on our products (Article 6 (1) (f) GDPR) or – where you participate in the training as a sole trader or other individual – on Article 6 (1) (b) GDPR. Where we process data to comply with a statutory obligation, we base this on Article 6 (1) (c) GDPR. Otherwise, such as in the case of creating participant lists, using Microsoft Teams and conducting feedback surveys, we base the related data processing on Article 6 (1) (f) GDPR. The legitimate interests arise from the purposes of the respective aforementioned data processing.

6. Duration of storage

We will delete your personal data as soon as they are no longer required for the aforementioned purposes. After termination of the contractual relationship, your personal data will be stored as long as we are legally obligated to do so. If the respective purpose ceases to apply or the corresponding periods have expired, your data will be routinely deleted.

In addition to feedback surveys on our in-house training courses and seminars, we also conduct surveys with Microsoft Forms on other topics from time to time, for example as a follow-up to trade shows. The objective of these surveys is to stay in contact with interested parties and potential business partners. This purpose is also our legitimate interest in data processing (Article 6 (1) sentence 1 (f) GDPR).

In all other respects, the information on “Customer training“ about Microsoft Forms and the duration of the storage applies accordingly.

Products, Services, and Apps

Personal data is also processed when you use our “Connect” service platform.

1. Description and purpose of the data processing

Registration

If you wish to use our service platform and thus our remote access, we ask you to register. As part of the registration process, we collect the personal data required to establish and perform the contract, such as first name, last name, email address, address of the registered office and the password specified by you. This data is transferred from our CRM system.

User management

The service platform has a user administration which allows you, as administrator, to save and change the email address and password (mandatory data), name, notes, and phone number for additional users.

Log files

When using “Connect”, log data is automatically collected by the system and stored in log files. In particular, the following information with date is recorded in the log files:

  • Login
  • Logout
  • Acceptance of the General Terms and Conditions for Remote Access for the Provision and Use of Online Services (Yes/No).
  • Acceptance of the General Terms and Conditions for Remote Access (Yes/No).
  • Creating/deleting user accounts
  • Activating/deactivating user accounts
  • Email release/blocking
  • Remote access enabling/disabling

2. Remote maintenance and order processing

If you use our service in the form of remote maintenance, there is sometimes the need or the possibility of access to personal data. In such cases, you will need a contract for processing on behalf of a controller pursuant to Article 28 GDPR with us, which you enter into by accepting the Allgemeine Geschäftsbedingungen für Fernzugriffe der Kieback&Peter GmbH & Co. KG.

3. Legal basis for data processing

The legal basis of the data processing for the establishment, provision and use of the service platform is Article 6 (1) (f) GDPR. Our legitimate interest is to provide our customers with the best possible service. Where we process log data collected and stored by the system, this serves us to ensure the security and continual improvement of the service platform. We base this on our legitimate interest in accordance with Article 6 (1) (f) GDPR.

4. Duration of storage

We generally only process your personal data for as long as necessary to meet our contractual and statutory obligations. This means that we will delete your personal data as soon as it is no longer required for the aforementioned purposes. Personal data may be retained for the period during which claims can be asserted against us.

Additionally, administrators may delete their user accounts themselves at any time. The deletion of the administrator account will be carried out by us upon request.

Automatically stored log data will be deleted after the end of the contract upon the expiry of 10 years.

The “Qanteon ReadMe” app (hereinafter referred to as the “app”) may be used to record the meter reading using a mobile device, e.g., a smartphone or tablet.

1. Data processing when downloading the app

You must first register for a user account with Google and conclude a corresponding user agreement to download and install our app from the Google Play Store. We have no influence on this process. In particular we are not a party to such a user contract. When downloading and installing the app, the necessary information is transferred to the respective app store, in particular the username, the email address and the customer number of the account, the time of the download and the unique number of the device (IMEI = International Mobile Equipment Identity).

We have no influence on this data collection and are not responsible for it.

Additional information on this data processing can be found in the Google Privacy Policy.

2. Data transmission to “Qanteon

To synchronize the data with “Qanteon”, you must log in to “Qanteon” in the app with a valid user account.

The following data is then transferred when the meter reading results are synchronized:

  • Measuring unit number
  • Measured value
  • Date and time of reading
  • Photos of the meter reading (if you use the photo documentation)

All measured values are stored in the database together with the name of the user account. For identification of the smartphone or tablet by “Qanteon”, the IMEI is additionally transmitted to “Qanteon” and stored there.

Please note: The company providing the app is responsible for this data processing, not Kieback&Peter.

3. Device authorizations

It is necessary that you allow access to certain functions of the smartphone or tablet for the app to function properly. You will be asked to grant the corresponding access authorization once at the beginning or only when using the respective function. Permissions may be revoked in the device settings. It should be noted that the app may be impaired in its proper function by the revocation of such permissions.

If the user grants one of the permissions mentioned below, the respective personal data may be processed (i.e., accessed) by the app.

Network access & network connections

Network access is required because synchronization can only be used in online mode.

NFC (“Near Field Communication”)

The NFC interface is accessed to read NFC stickers with the smartphone.

Camera

To offer you the optional metering point identification via QR code or the photo documentation of the meter reading, the app must access the camera of your mobile device.

Memory

Your photo memory is accessed when you transfer photos of the reading to Qanteon during synchronization.

The access to the device functions serves exclusively the functionality of the offered functions of our app.

Please note: Again, this is not the responsibility of Kieback&Peter, but of the company providing the app.

1. Description of the data processing

To be able to provide our contractual partner with proof of services provided on site, we require confirmation of our services by way of a signature from a contact person on site. For this purpose, we use the “Anveo” app, in which we document services performed and transfer them to a service report. For the purpose of service confirmation, we record the first and last name and the signature of the contact person on site via this app. The data is then automatically transferred to our ERP system. The generated, signed service report with personal data is then stored in a document management system for archiving purposes.

2. Purpose of the data processing

The data is collected for the purpose of fulfilling our service contract with our contractual partner. For this purpose, we require the confirmation of services provided on site.

The service report is stored and archived for the purpose of documentation and due to statutory retention obligations.

3. Recipients of data

The data will not be passed on to third parties. Access to the data is only granted to those persons and departments employed by Kieback&Peter who need this information to perform their duties. In addition, it is possible that employees of our service providers gain access to the data within the scope of maintenance and support orders.

4. Legal basis of the processing

We base the processing of the data in these cases on Article 6 (1) (f) GDPR. Our legitimate interest is to be able to efficiently prove the services provided by us to our contractual partner.

5. Duration of storage

The signature will be deleted without delay after archiving. Only the information that a signature has taken place will be retained. First and last name will be retained until the purpose for the data storage ceases to apply. Mandatory statutory provisions – in particular statutory retention obligations – will remain unaffected.

From time to time, we offer webinars to inform you about news on our products and services and for direct marketing of personal offers. To conduct the webinars, we use the “GoToWebinar” software solution from LogMeIn Ireland Unlimited Company, 10 Hanover Quay, Dublin 2, D02R73, Republic of Ireland (“LogMeIn”).

1. Description of the data processing

The following personal data is processed:

  • Participant details: first name, last name, email address, name of company/organization (optional), personal participation link,
  • Webinar Metadata: attendee IP addresses, device and hardware information,
  • Text, audio, and video. You may have the opportunity to use the chat, question or survey functions in a webinar. Your text entries will then be processed to display them in the webinar and, where necessary, to log them. Where applicable, the webinar organizer will give you the option to “share” your screen so that your screen content is also displayed to the other webinar participants and the organizer as well as any moderators/speakers. To enable this, and the display of video and the playback of audio, the data from your device’s microphone and any video camera, as well as the video data displayed on your screen, will be processed for the duration of the meeting. You may turn off or mute the camera, microphone, and screen sharing yourself at any time through GoToWebinar.

2. Purposes of the data processing

We process this data primarily for the purpose of holding webinars. An encrypted connection is established between you and the organizer of the webinar.

If you participate in our free webinars, we will also use your registration data to provide you with information before or after the webinar to

  • send information on the product range (goods and services) of Kieback&Peter and its affiliates (an up-to-date overview of our affiliated companies can be found here) by email,
  • invite you by email to our webinars, product demonstrations, educational sessions, and similar events,
  • make you an individual offer by email or to address you personally (direct advertising).

We therefore make our webinars available to you free of charge if you allow us to advertise in return. By registering for the webinar, you expressly agree thereto.

In some cases, a webinar will be recorded to make it available on our website for later retrieval. We take technical measures to ensure that no personal data of our webinar participants is disclosed when recordings are made.

Where it is necessary for the purposes of logging the results of a webinar, we will log the chat content. This will, however, not usually be the case.

For the purpose of following up on webinars, we may also process questions asked by webinar participants.

Participants are prohibited from making recordings of the webinar of any kind. Sound, image, or text data may not be recorded, copied, or stored.

3. Data recipients

Your registration data is disclosed to our data processor LogMeIn and its sub-processors by transmission. When using “GoToWebinar”, data is transferred to third countries, in particular to the USA. For these cases, we have concluded a processing contract on behalf of a controller with LogMeIn including the standard general contractual clauses approved by the EU Commission (appropriate safeguards pursuant to Article 46 (2) (c) GDPR).

4. Legal basis for data processing

The data processing is based on Article 6 (1) (b) GDPR, which allows the processing of data for the performance of a contract. Where there is no contractual or pre-contractual relationship, the legal basis is Article 6 (1) (f) GDPR. Our legitimate interest in these cases is the effective holding of webinars. Incidentally, by participating in our webinar and thereby expressing an interest in our goods and services, we expect that direct advertising by email is also in your interest.

5. Duration of storage

We store your personal data for an initial period of one year after the end of the webinar for the purposes of direct marketing. If we have contacted you during such period and thus entered into a business relationship with you, we will retain your contact data beyond the expiry of the one-year period. The storage period will then be governed by the general periods for our customer relationships.

We operate the website www.riedel-at.de to market the Riedel product brand.

During the mere informative use of the website, i.e., if you do not transmit information to us in any other way, our system automatically collects data and information that your browser transmits to our server (access data). You can find more information on this in the section “Usage data and log files“.

1. Contact via the contact form

a) Description of the data processing

On the website http://www.riedel-at.de/ you have the possibility to contact us via a contact form. We collect the data entered there, i.e., your email address, the content of the request, and your name. The specification of further personal data (first name, company, address) is optional and serves only the more precise address.

Data that you transmit to us in this way will be electronically processed by Kieback&Peter in our system (cf. section “Systems for processing data“) for the purpose of responding to and processing your inquiry.

b) Legal basis of the data processing

The processing is based on our legitimate interest in the effective processing of requests addressed to us and the handling of business relations with our B2B partners (Article 6 (1) (f) GDPR).

c) Purpose of the data processing

The processing of the personal data collected by us serves solely for the effective handling of the inquiries addressed to us. This is also our legitimate interest in processing the data within the meaning of Article 6 (1) (f) GDPR.

d) Duration of storage

The data you send us via contact requests will remain with us until you request us to delete it, you object to its storage or the purpose for storing the data no longer applies. The purpose for data storage ceases to apply if it can be inferred from the circumstances that the underlying concern has been conclusively clarified. Mandatory statutory provisions – in particular statutory retention obligations – will remain unaffected.

2. Your rights, contact persons on data protection

Information on your rights as a data subject can be found in the sections “Your data protection rights“ and “Your rights of objection“.

The contact details of our data protection officer and the supervisory authority responsible for us can be found in the sections “Our data protection officer“ and “Competent supervisory authority“.

We operate the website http://www.brix2bytes.io/. brix2bytes is a BIoT platform that is developed by us.

1. Usage data and log files

During the mere informative use of the website, i.e., if you do not transmit information to us in any other way, our system automatically collects data and information that your browser transmits to our server (access data). You can find more information on this in the section “Usage data and log files“.

2. Content delivery networks (CDNs)

For the administration and presentation of the website, we use the system “Contentful” of Contentful GmbH, Max-Urich-Straße 3, 13355 Berlin, Germany. Through this system, among other things, “Content Delivery Networks” (CDNs) are used, which serve to optimize the loading times of the website and to avoid latency times. When using such CDNs, your IP address is forwarded to the provider of the CDN. The provider may also be located in a third country, so that a data transfer to third countries is not excluded.

The providers of CDNs used by Contentful GmbH are contractually obligated to comply with the applicable data protection provisions. We have concluded a processing contract on behalf of a controller with Contentful GmbH, which also contains the standard contractual clauses approved by the EU Commission (Article 46 (2) (c) GDPR) for the purpose of safeguarding third-country transfers. The legal basis for the use of the Contentful system and the associated data processing is Article 6 (1) (f) GDPR (legitimate interest). Our legitimate interest is the technically flawless and fast administration and presentation of our website.

3. Matomo

We use the open-source web analytics tool Matomo Cloud from InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington (New Zealand) on the website.

a) Description of the data processing

Matomo stores cookies on your device, which enable an analysis of the use of our website. In particular, the following data is collected:

  • IP address (anonymized)
  • Location data
  • Browser and device data (browser version, device type, operating system, user agent, screen resolution)
  • Date, time, time zone
  • Visited web pages and sub-pages, referrer URL, information on downloaded files, clicked links, search terms from search engines used, mouse movements.
  • User ID/ Session ID

The data collected in this way enables us to create user profiles and to evaluate surfing behavior on our website.

b) Purpose and legal basis of the data processing

We use the Matomo web analytics service to analyze and optimize the use of our website. Matomo is only used on the basis of your consent in accordance with Section 25 (2) (2) Telecommunications and Telemedia Data Protection Act in conjunction with Article 6 (1) (a) GDPR. To effectively obtain and document your consent, we use the Consent Management Tool (“CMT”) of Usercentrics GmbH (“Usercentrics”). The CMT is a consent management tool that automatically blocks all cookies and pixels that are not technically necessary until users have given their consent. We use Usercentrics to comply with statutory obligations and to store your consent for certain functions. Thus, when visiting this website, you have the option to set the cookies and pixels according to your pre-selection. The legal basis for the use of Usercentrics and the associated data processing is Section 25 (2) (2) Telecommunications and Telemedia Data Protection Act in conjunction with Article 6 (1) (c) GDPR. Additional information is available in the CMT of Usercentrics.

c) Recipients of data

The provider of the Matomo analytics service, InnoCraft Ltd, has access to the data collected by us and processes it on our behalf and based on our instructions. For this reason, we have concluded a contract on processing on behalf of a controller with the provider in accordance with Article 28 GDPR. Through the use of Matomo, the collected data is processed in New Zealand, which is considered a third country. The EU Commission has, however, certified New Zealand as having an adequate level of data protection. The data transfer is therefore legitimized in accordance with Article 45 (1) GDPR (adequacy decision).

d) Storage period

The collected data is stored for six months and then automatically deleted. Although the analyses and statistics based on the data are retained, they no longer allow any conclusions to be drawn about personal data.

e) Right of withdrawal

You may revoke consent given at any time and without giving reasons with effect for the future. The revocation may be given at any time by changing the settings in the cookie consent banner.

4. Contact form, beta test

We have included a contact form on the website http://www.brix2bytes.io/. You may use it to contact us if you want to learn more about the brix2bytes software or if you want to become a member of the partner program.

For this purpose, we need your name (first and last name) and your email address. Data that you transmit to us in this way will be electronically processed by Kieback&Peter in our system (cf. section “Systems for processing data“) for the purpose of responding to and processing your inquiry.

The processing is based on our legitimate interest in establishing contact and providing information about our company and the services we offer (Article 6 (1) (f) GDPR).

The data you send to us will remain with us until you request us to delete it or the purpose for storing the data no longer applies. Mandatory statutory provisions – in particular statutory storage obligations – will remain unaffected.

5. Job applications

There is the possibility to apply digitally for a job. For this purpose, you will be redirected to the website of Kieback&Peter GmbH & Co KG. You can find more information on this in the section “Applications and application procedures“.

6. Your rights, contact persons on data protection

Information on your rights as a data subject can be found in the sections “Your data protection rights“ and “Your rights of objection“.

The contact details of our data protection officer and the supervisory authority responsible for us can be found in the sections “Our data protection officer“ and “Competent supervisory authority“.

We operate the website https://www.qanteon.com, where we inform you about our “Qanteon” building and energy management system. Below please find information on the data processing that takes place on that website.

1. Usage data and log files

During the mere informative use of the website, i.e., if you do not transmit information to us in any other way, our system automatically collects data and information that your browser transmits to our server (access data). More information is available in the section “Usage data and log files“.

2. Cookies and similar web storage technologies

We also use cookies and similar web storage technologies. Some of these technologies are necessary for the provision. The legal basis is then Section 25 (2) Telecommunications and Telemedia Data Protection Act in conjunction with Article 6 (1) (c) GDPR (statutory obligation). In addition, we also use such technologies that are not necessary for the operation of the website, but pursue other purposes (especially performance measurement, analysis of user behavior). The legal basis for this data processing is your consent pursuant to Section 25 (1) Telecommunications and Telemedia Data Protection Act in conjunction with Article 6 (1) (a) GDPR. More detailed explanations of the individually used cookies and similar web storage technologies can be found above in the section “Cookies and similar web storage technologies“.

3. Contact form

a) Description of the data processing

You have the option on the website to contact us via a contact form and thus request consultation. In this case, we collect the data you provide, i.e., your name, your company, your postal code, your consultation request and the contact method you have selected (either telephone number or email address).

When sending the message, the date and time of the contact are additionally transmitted to us and stored. Data transmitted to us in this way will be electronically processed by Kieback&Peter in our system (cf. section “Systems for processing data“) for the purpose of responding to and processing your inquiry.

If you wish to be contacted by telephone, we record certain traffic and communication data as part of the call, such as the telephone number used or the duration of the call. Likewise, our employees are required to briefly log the content of the conversation in our system (cf. section “Systems for processing data“).

If you wish to be contacted by email, you will receive a confirmation email from the system after receipt of your request. Your data will then be transferred to our system and processed by one of our contact persons. If you communicate with us by email, you provide us with data such as your email address, information contained in the content or your signature (e.g., your position and contact details) and general data such as the time of sending the email. Data transmitted to us in this way will also be processed electronically in our system (cf. section “Systems for processing data“) for the purpose of responding to and processing your inquiry.

The processing is based on our legitimate interest in the effective handling of the inquiries addressed to us as well as the handling of business relations with our B2B partners (Article 6 (1) (f) GDPR).

b) Purpose and legal basis of the data processing

The processing is based on our legitimate interest in the effective processing of the inquiries addressed to us as well as the processing and initiation of business relationships with our B2B partners (Article 6 (1) (f) GDPR). The other personal data processed during the submission process (e.g., date and time of contact) is used to prevent misuse of the contact form and to ensure the security of our information technology systems. We invoke legitimate interests in this instance as well.

c) Duration of storage

The data you send us via contact requests will remain with us until you request us to delete it, you object to its storage, or the purpose for storing the data no longer applies. The purpose for data storage ceases to apply if it can be inferred from the circumstances that the underlying concern has been conclusively resolved. Mandatory statutory provisions – in particular statutory retention obligations – will remain unaffected.

4. Your rights, contact persons on data protection

Information on your rights as a data subject can be found in the sections “Your data protection rights“ and “Your rights of objection“.

The contact details of our data protection officer and the supervisory authority responsible for us can be found in the sections “Our data protection officer“ and “Competent supervisory authority“.

Systems for processing data

For the processing of inquiries, but also for further communication with customers, prospective customers, users, suppliers, and other business partners, we use Microsoft 365/ Outlook for receiving and sending emails. The provider is

Microsoft Ireland Operations Ltd.
One Microsoft Place,
South County Business Park Leopardstown Dublin 18,
D18 P521 Ireland.

The data is processed exclusively in Microsoft data centers in the EU. If, in exceptional cases, data should nevertheless be transferred to the USA, we have entered into a data protection contract with Microsoft including the standard contractual clauses (suitable guarantees in accordance with Article 46 (1) (c) GDPR). We will gladly provide you with the concluded standard contractual clauses upon request.

A ticket or support system is a system specialized in processing support requests. When your data is captured (usually by sending an email) by such a system, you will receive a confirmation and a ticket number.

For this purpose, Kieback&Peter operates a self-hosted ticket system of OTRS AG. System maintenance or remote access for problem solving is performed by:

Znuny Ltd.
Marienstrasse 18
10117 Berlin, Germany

Our social media presence

We maintain publicly accessible profiles on the following social networks:

1. XING

We have a profile on XING. The provider is XING AG, Dammtorstr. 29-32, 20354 Hamburg, Germany. For details on how XING handles your personal data, please refer to XING’s Privacy Policy.

2. LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

For details on how they handle your personal information, see LinkedIn’s Privacy Policy.

3. YouTube

We have a profile on YouTube. The provider is YouTube, LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is a member company of Google. For details on their handling of personal data, please refer to Google’s Privacy Policy.

In addition to Kieback&Peter, there are also the operators of the social media platforms themselves. These are also another data controller that (separately from us) carries out its own data processing, over which we have no influence.

At the points where we can exert influence, we work within the scope of the possibilities available to us to ensure that the operators of the social media platform handle your data in a manner that complies with data protection law. In many instances, however, we are unable influence the data processing (cf. below) by the operators of the social media platforms and also do not know exactly what data they process.

If you visit one of our social media sites, we are jointly responsible with the operator of the social media platform for the data processing operations triggered during such visit. In principle, you may assert your rights (information, correction, deletion, restriction of processing, data portability, and complaint) both against us and against the operator of the respective social media portal.

The data you enter on our social media pages, such as comments, videos, pictures, likes, tweets, etc., are published by the social media platform and are not used or processed by us for any other purpose at any time. We only reserve the right to delete content where such should be necessary. Where applicable, we share your content on our site if this is a function of the social media platform and communicate with you via the social media platform. The legal basis is Article 6 (1) (f) GDPR. The legitimate interest is public relations and communication.

 

The operators of the social media platforms use web tracking methods. The web tracking may also occur irrespective of whether you are logged in or registered with the social media platform. We have no influence on web tracking and cannot switch it off.

It cannot be ruled out that the providers of the social media platforms use your profile and behavioral data, for example to evaluate your habits, personal relationships, preferences, etc. We also have no influence on such data processing.

You can find more detailed information on data processing by the providers of the social media platforms in the Privacy Policies or data guidelines of the providers linked above.

The data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies.

We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g., in their Privacy Policy, cf. below).