DATA PROTECTION

A. SIMPLE PRIVACY POLICY

Thank you for your visit to our website and for your interest in our company and products. We want you to feel secure and comfortable when visiting our website and we take the protection and confidential handling of your personal data very seriously.

The following simple Privacy Policy provides an overview of the collection and processing of your data in accordance with the applicable data protection regulations. Full and detailed information on data protection can be found in our extensive Privacy Policy.

1. WHAT DATA DO WE COLLECT FROM YOU?

1.1 TECHNICAL INFORMATION

We collect your computer’s domain name or IP address, the client (browser) request to our web server and its response, and the website from which you are visiting us. In addition, we store the date and time of the request, information about the browser type and version used as well as your operating system and the internet service provider you use. All data will be deleted after 7 days.

1.2 SESSION COOKIES (ESSENTIAL)

We use cookies on our website, small text files that are temporarily stored on your computer and saved by your browser to enable you to log in or use our website more easily, for example. These cookies will be deleted at the end of your web session (or when closing the browser).

1.3 TRACKING COOKIES AND USER PROFILES

We use tracking services and cookies to process usage profiles under a pseudonym. This kind of usage profile contains information about a visitor's behaviour on websites. It is not possible to draw any direct conclusions about you from this information.

You need to actively consent to the use of this type of cookies. You do this via our cookie banner where you can choose the type of cookies you accept to be used.

Change your cookie preferences here.

2. HOW AND FOR WHAT PURPOSE ARE YOUR DATA COLLECTED AND PROCESSED?

We automatically collect data when you visit our website. We collect the data only on the basis of the information you enter on our website (for example in the contact form) or through the use of cookies.

We need this data in order to operate and administer the website, to detect abuse and to rectify any faults. We also need it to improve our offer on the website and to create pseudonymous user profiles, which we use for advertising and market research purposes – provided you give your consent.

In some cases, we also use other service providers that support us as a processor to the extent legally permissible.

3. WHAT ARE YOUR DATA PROTECTION RIGHTS?

You have the right to access your personal data, as well as the right to correct it, erase it or restrict its processing, as well as the right to data portability and to object to processing of personal data in specific cases as well as the right to lodge complaints with a supervisory authority.

To do so, you may contact our Service Centre: dataprotection@knoell.com

4. MORE INFORMATION ABOUT OTHER DATA PROCESSING

If you need further information that you are unable to find here, please request this in confidence from your contact partner or our Service Centre.

B. Detailed Privacy Policy

With the following information, we would like to give you an overview of the collection, use and processing of your personal data by us and your rights under the data protection regulations. If you wish to use special services of our company through our website, it is necessary to process your personal data. If the processing of personal data is required and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address or email address, is always in accordance with the General Data Protection Regulation (GDPR) and in accordance with the applicable data protection law.

1. Name and address of the controller

The controller, as defined by the law, is:

knoell Germany GmbH
Konrad-Zuse-Ring 25
68163 Mannheim
Germany

2. CONTACT DETAILS

If you have any questions or suggestions regarding data protection, please feel free to contact us at dataprotection@knoell.com.

3. TECHNIQUE

This site uses an SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login details or contact requests that you send to us as the operator. An encrypted connection can be recognized by the fact that the address bar of the browser contains an "https: //" instead of an "http: //" and the lock symbol in your browser bar.


If SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.

4. DATA PROCESSING WHEN ACCESSING THE WEBSITE

4.1 DESCRIPTION AND SCOPE OF DATA PROCESSING

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data are collected:

  • Information about the browser type and version used
  • The user’s operating system
  • The user’s internet service provider
  • The user’s IP address
  • Date and time of access
  • Websites from which the user's system is accessing our website
  • Websites that are accessed by the user's system through our website

The log files contain IP addresses or other data that can be attributed to a user. This could be the case, for example, if the link to the website from which the user accesses the website or the link to the website which the user switches to contains personal data. This data are stored in our system’s log files. They are not stored together with other personal data of the user.

4.2 LEGAL BASIS FOR DATA PROCESSING

The legal basis for the temporary storage of data and log files is Art. 6 Para. 1(f) GDPR.

4.3 PURPOSE OF DATA PROCESSING

The temporary storage of the IP address by the system is necessary to enable the provision of the website to the user’s computer. To do this, the user's IP address must be stored for the duration of the session. Storage in log files is done to ensure the functionality of the website. In addition, the data are used to optimise the website and to ensure the security of our information technology systems. No data are analysed for marketing purposes in this context. Our legitimate interest in data processing also lies in these purposes pursuant to Art. 6 Para. 1(f) GDPR.

4.4 PERIOD OF STORAGE

Data are erased once they are no longer necessary for the purpose for which they were collected. If data have been collected for the provision of the website, they are erased when the respective session is concluded. When data are stored in log files, they are erased after not more than seven (7) days. It is possible to store the data beyond that time. In this case, the user’s IP addresses will be erased or altered so that the accessing client can no longer be attributed to that user.

4.5 OPTION TO OBJECT AND REMOVE

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. As such, the user has no option to object.

5. Use of cookies

This website uses cookies. Cookies are text files that are filed and stored on a computer system through an internet browser.

Many websites and servers use cookies. Many cookies contain a cookie ID. A cookie ID is a unique code identifying the cookie. It consists of a string through which websites and servers can be assigned to the specific web browser in which the cookie was stored. This allows websites and servers that have been visited to distinguish the individual's browser from other web browsers that contain other cookies. A particular web browser can be recognised and identified by the unique cookie ID.

Cookies are stored on the user’s computer and sent to us from there. This means that, as a user, you have full control over the use of cookies. By changing your browser’s settings, you can restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time through a web browser or other software programs. This can also be done automatically. If cookies are disabled for our website, it may no longer be possible to use all of the features of our website.

5.1 TECHNICALLY NECESSARY COOKIES

We use cookies (session cookies) to make our website more user-friendly, e.g. in order to identify that you already visited individual pages of our website or save your language settings. When leaving our site, these cookies will be automatically deleted. The processing of your personal data for this purpose is based on our legitimate interest to provide you with the full functionalities of our website (Art. 6 Para. 1 (f) GDPR).

We also use cookies to comply with our legal obligation pursuant to GDPR to create proof of – if applicable – your consent to use of tracking cookies. These cookies are automatically deleted from your browser. The legal basis for this processing activity is our legal obligation to lawfully process personal data and to demonstrate our compliance with this requirement (Art. 6 Para. 1 (c) GDPR in combination with Art. 5 Para. 1 (a), Para. 2 GDPR).

5.2 TRACKING COOKIES

In addition, we use cookies to record the use of our website statistically, to evaluate it for the purpose of optimising our offer for you. We also use cookies to place ads that are relevant to your interests. These cookies enable us to automatically recognise that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined time.

When accessing our website, users are informed about the use of cookies for analysis purposes and their consent is obtained to process the personal data used in this context. The legal basis for this processing activity is Art. 6 Para. 1 (a) GDPR.

Users are also linked to this Privacy Policy. For further information on our use of tracking cookies please see details below and Section 5.2.1 and 5.2.3.

You can change your cookies settings or revoke your previously given consent in the section below.

5.2.1 Cookiebot (Consent Management Tool)

We use the consent management tool "Cookiebot" by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark. This service enables us to obtain and manage the consent of website visitors to data processing.

Cookiebot collects data generated by end users who use our website. When an end user provides consent via the cookie consent tool, Cookiebot automatically logs the following data:

  • The end user's IP number in anonymised form (the last three digits are set to 0).
  • Date and time of consent.
  • User agent of the end user's browser.
  • The URL from which the consent was sent.
  • An anonymous, random and encrypted key.
  • The consent status of the end user, which serves as proof of consent.

The key and consent status are also stored in the end user's browser in the cookie "CookieConsent" so that the website can automatically read and follow the end user's consent in all subsequent page requests and future end user sessions for up to 12 months. The key is used for proof of consent and for an option to check that the consent status stored in the end user's browser is unchanged from the original consent submitted to Cybot.

The functionality of the website is not guaranteed without the described processing. There is no possibility for the user to object, as long as there is a legal obligation to obtain the user's consent to certain data processing operations (Articles 7 Para. 1, 6 Para. 1(c) GDPR). Cybot is a recipient of your personal data and acts as a processor for us.
Detailed information on the use of Cookiebot can be found at: https://www.cookiebot.com/de/privacy-policy/.

5.2.2 Matomo

On this website we have integrated the component “Matomo” of the supplier InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand.

Matomo is a software tool for web analysis, ie for the collecting, collating and evaluating data on the behavior of visitors to websites. Among other things, data are collected on which website an affected person has accessed a website (so-called referrer), which subpages of the website have been accessed or how often and for how long a sub-page has been viewed. This is used to optimize the website and cost-benefit analysis of internet advertising.

The purpose of the Matomo component is to analyse the flow of visitors to our website. Among other things, we use the data and information obtained to evaluate the use of this website and to compile online reports for us that show activity on our website.

Matomo sets a cookie on your IT system. By setting the cookie, we are enabled to analyze the use of our website. Each time you visit one of the pages on this website, the Internet browser on your IT system automatically causes the Matomo component to submit data to our server for online analysis. In the course of this technical process, we gain knowledge of personal data, such as the IP address of the person concerned, which among other things serves to help us understand the origin of visitors and clicks.

The cookie stores personal information, such as access time, the place from which access was made, and the frequency of visits to our website. Each time you visit our website, this personal information, including the IP address of the Internet connection you use, is transmitted to our server. These personal data are stored by us. We do not share this personal information with third parties.

You can prevent the setting of cookies through our website at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Such a setting of the Internet browser used would also prevent Matomo from setting a cookie on your IT system. In addition, a cookie already set by Matomo can be deleted at any time via an internet browser or other software programs.

These processing operations only take place if express consent is granted in accordance with Article 6 Paragraph 1(a) GDPR.

6. Newsletter

6.1 Newsletter for regular customers

If you have provided us with your email address when purchasing goods or services, we reserve the right to send you regular emails with offers on products or services from our collection similar to those you have already purchased. We do not require your specific consent for such purposes as per Art. 7 Para. 3 of the UWG (Unfair Competition Act). The sole basis for the data processing is our legitimate interest in personalised direct marketing in line with Art. 6 Para. 1(f) GDPR. We will not send you any emails should you expressly object to the use of your email address for that purpose. You are entitled to object to the use of your email address for the aforementioned purpose at any time with immediate effect by notifying the data controllers listed in the opening of this statement. By taking this action, you will incur submission fees only in line with basic rates. After receipt of your objection, your email address will immediately be removed for marketing purposes.

6.2 MARKETING NEWSLETTER

You can subscribe to newsletters via our website. The input screen determines which personal data are shared with us when subscribing to the newsletter.

At regular intervals, we use our newsletter to inform our customers and business partners about our training courses and events. These newsletters address, amongst other things, regulatory developments and data requirements, e.g. in the area of authorisation and transport of chemicals, biocides, plant protection products and medical devices. The newsletter is sent out 4 times a year minimum. Special newsletters can be sent out for high priority topics.

You can, therefore, only receive our company’s newsletter if

  1. you have a valid email address and
  2. have registered for the newsletter

For legal reasons, as part of the double opt-in procedure a confirmation email will be sent to the email address you provided when registering for the newsletter. This confirmation email is sent to check if you are the holder of the email address and have authorised the newsletter.

When you register for the newsletter we also save the IP address used by your IT system at the time of registration, which is issued by your Internet Service Provider (ISP) as well as the date and time of registration. We must collect this data to investigate any (possible) misuse of your email address at a later stage and it is therefore lawful for the purposes of our security.

The personal data collected during registration are used solely for sending our newsletter unless you have actively agreed to additional individual contact by e-mail or telephone. Furthermore, subscribers to the newsletter may receive information via email if this is required in order to administer the newsletter service for registration purposes, which may be the case if our newsletter is amended or technical circumstances change. Personal data collected for our newsletter service are not shared with third parties. You may terminate your subscription to our newsletter at any time. You can at any time withdraw your consent to the storage of the personal data you shared during registration. A link is provided in each newsletter to allow you to withdraw your consent. It is also possible to unsubscribe from our newsletter directly through the website or to contact us in another manner.

The legal basis for data processing for the purposes of sending a newsletter is Art. 6 Para. 1(a) GDPR.

6.3 CLEVERREACH

This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, (CRASH Building), Schafjückenweg 2, 26180 Rastede. CleverReach is a service which enables the management and analysis of newsletters. The data you have provided for the newsletter (e.g. email address) are saved on CleverReach servers in Germany and/or Ireland.

We can analyse the behaviour of newsletter recipients by sending newsletters through CleverReach. Examples of analyses include determining how many recipients have opened the newsletter E-Mail and how often they have clicked on certain links contained within the newsletter. Conversion Tracking can also be used to analyse if clicking on the link led to a pre-determined action (e.g. if a product was purchased on our website). For further information on data analysis through the CleverReach newsletter service, see https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.

The legal basis for data processing is your consent (Art. 6 Para. 1(a) GDPR). You can withdraw your consent at any time by unsubscribing from the newsletter. Withdrawal of consent does not affect the legality of data processing carried out previously.

If you do not want CleverReach to perform the data analysis, you must unsubscribe from the newsletter. We provide a link for this in each newsletter. You can also unsubscribe from the newsletter directly on our website.

We will store your personal data which we retain for the purposes of sending the newsletter. They will be blocked for further use after you unsubscribed from the newsletter. If you would like to have your data deleted from our servers and the CleverReach servers after you have unsubscribed from the newsletter, please contact our Service Centre. Data we retain for other purposes (e.g. email addresses for the members’ area) shall remain unaffected.

For further information on the terms and conditions of data privacy at CleverReach, see https://www.cleverreach.com/en/privacy-policy/.

7. FORMS, INDIVIDUAL CONTACT VIA PHONE AND/OR E-MAIL, PARTICIPATION IN TRAINING COURSES, AGREEMENTS ON THE PROVISIONS OF SERVICES

7.1 DESCRIPTION AND SCOPE OF DATA PROCESSING

Forms are provided on our website which can be used to engage in electronic contact and to actively request further information via phone and/or e-mail. It is also possible to register for our training courses via our website.

If a user avails themselves of one of these options, the data entered in the respective input mask are transmitted to us and stored.  Personal data transmitted in this process are as specified in the respective form and include in particular:

  • Name
  • E-Mail address
  • Address
  • Telephone number
  • Country
  • Company

The following data are also stored at the time a message is sent via a form:

  • The user's IP address
  • Date and time of registration

You may also contact us via email addresses, telephone and fax numbers and addresses provided on our websites. We also process your personal data for the purpose of exercising our legitimate interest in congratulating on the occasion of seasonal events. In this case, the user’s personal data transmitted with the email are stored, same as the personal data communicated by the caller or sender.

7.2 RECIPIENTS OF DATA

In context of the above-mentioned purposes, the data will be processed internally by us but may also be transferred to our cooperation partners, vicarious agents and service providers (including tax consultants, IT service providers, processors such as hosting service providers) and within the context of training courses in particular to external instructors. Within the scope of our legal obligations, we also transfer data to authorities or courts.

Depending on the training course you registered for or the service that your request relates to, your personal data may be transferred to third countries (non-EU/EEA). In principle, a worldwide transmission is possible, but of particular relevance are the knoell sites in Brazil, Taiwan, China, Thailand, the United States of America, Japan, Korea and Switzerland.

In order to ensure legitimacy of the personal data transfer to third countries, EU standard contractual clauses with appropriate technical and organisational measures on site are used within the knoell group, unless the transfer is permitted on the basis of adequacy decisions by the Commission. If the standard contractual clauses are not sufficient to ensure an adequate level of security, your consent pursuant to Article 49 Para. 1 (a) GDPR may serve as the legal basis for the transfer to third countries.

Adequacy decisions by the Commission exist for the knoell sites in Japan ((EU) 2019/419) and Switzerland (2000/518/EC). All adequacy decisions are available on the European Commission's website (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de).

Further information on the implemented transmission mechanism pursuant to Art. 44 ssq. GDPR can be obtained by sending an informal request to our Service Centre.

7.3 LEGAL BASIS FOR DATA PROCESSING

The legal basis for the data processing activities in which we obtain consent for a specific processing purpose is Article 6 Para. 1(a) GDPR.

If the processing of personal data is necessary for the performance of a contract to which you are a party (e.g., participation in a training course or request for services as a company representative), the processing is based on Article 6 Para 1(b) GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in the case of enquiries about our products or services.

If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfilment of tax obligations, the processing is based on Art. 6 Para. 1(c) GDPR.

In rare cases, the processing of personal data might become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, e.g., if a visitor were to be injured on our premises and as a result their name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Article 6 Para. 1(d) GDPR.

Finally, processing operations could be based on Art. 6 Para. 1(f) GDPR. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if you are a customer of our company (recital 47 sentence 2 GDPR).

7.4 PURPOSE OF DATA PROCESSING

The processing of personal data as described above serves the following purposes, which - to the extent that the processing is not aimed at the conclusion of a contract with you as a data subject - also represent our legitimate interests in the processing:

  • Contacting via forms/e-mail/telephone/fax/letter: Processing the contact you wish to make.
  • Registration for training courses: Organisation and implementation of the training courses for which you have registered (preparation, participant lists, name badges, attendance list, certificates, issuing of offers or invoices as well as optional maintenance of a waiting list)
  • Requests for the conclusion of contracts: The establishment and execution of contracts for services (preparation and execution of the order, storage of contact data in an internal database to ensure communication with the customer, mentioning contact persons in contracts, letters, emails, invoices etc.)
  • Collection of technical data (IP address, date and time of registration): The personal data processed during sending of a form is used to prevent misuse of the forms and to ensure the security of our information technology systems.

7.5 PERIOD OF STORAGE

Data are deleted as soon as they are no longer necessary for the purpose for which they were collected. This is the case when the respective conversation with the user has ended and as soon as the statutory retention periods under commercial and tax law have expired. The conversation shall be deemed to have ended when it can be concluded from the circumstances that the matter in question has been conclusively clarified. The legal retention periods can be up to ten years after the end of the year of communication.

8. SOCIAL MEDIA PRESENCE

Our company uses presences within social networks and/or platforms in order to be able to communicate up-to-date with customers, interested parties and users active within these networks and/or platforms and to inform them about our services, offers and current topics.

Your data may be processed within the framework of the use of these networks and/or platforms by the relevant providers outside the territory of the European Union. This can result in certain risks for you as a user. For example, the enforcement of your rights as a data subject may be more difficult. A processing of your data by the platform provider usually takes place for market research and advertising purposes. User profiles can be created from your usage behaviour (of the respective network) and the resulting interests. For example these profiles can be used to place advertisements inside and outside the platforms that match your interests.

The basic legal basis for the processing of your personal data is Art. 6 Para. 1 (f) GDPR. Our legitimate interests are based on effective user information and modern communication with you. Insofar as the network and/or platform providers obtain consent for the aforementioned data processing, the legal basis of Art. 6 Para. 1 (a) in conjunction with Art. 7 GDPR.

8.1 Xing

We maintain an online presence at the career network Xing (New Work SE, Am Strandkai 1, 20457 Hamburg, Germany).

Xing's Privacy Policy can be found at: https://privacy.xing.com/de/datenschutzerklaerung

Information requests for XING members:
https://www.xing.com/settings/privacy/data/disclosure

8.2 LinkedIn

We maintain an online presence at the LinkedIn network. LinkedIn is operated by the LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For privacy matters outside the United States, LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

Further information can be found in LinkedIn's Privacy Policy at: https://www.linkedin.com/legal/privacy-policy

8.3 kununu

We maintain an online presence at kununu (New Work SE, Am Strandkai 1, 20457 Hamburg, Germany).

Kununu’s Privacy Policy can be found at: https://privacy.xing.com/de/datenschutzerklaerung

8.4 Twitter

(Jointly) Data controller responsible for data processing in Europe:

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland

Privacy Notice:
https://twitter.com/en/privacy
Information about your data:
https://twitter.com/settings/your_twitter_data
Opt-out and advertising settings:
https://twitter.com/personalization

8.5 YOUR RIGHTS AS DATA SUBJECT / USER

The assertion of your rights as a user of the networks and/or platforms is most effective vis-à-vis the respective providers. Only they have access to your data and can take and implement appropriate measures and provide information. Of course you can also contact us for questions and help.

9. Open Source Map

We have integrated map sections of the online mapping tool "OpenStreetMap" on our website. This is a so-called open source mapping, which we can access via an API (interface). This function is offered by the OpenStreetMap Foundation, St John's Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. By using this service, for example, our location can be shown to you and a possible journey can be made easier.

When you call up those sub-pages in which the Open Street Map is integrated, information about your use of our website (such as your IP address, data on your browser, device type, operating system) is transmitted to Open street Map and stored there.

For the purpose of accelerating the service, Open Street Map uses the Content Delivery Network (CDN) of Fastly, Inc., PO Box 78266, San Francisco, CA 94107, USA (fastly). A CDN is a service with the help of which the contents of our online offer, in particular large media files such as graphics or scripts, are delivered more quickly with the help of regionally distributed servers connected via the Internet. Your data is processed solely for the aforementioned purposes and to maintain the security and functionality of the CDN.

Fastly transfers personal data from the log files (e.g. IP addresses) to the USA for each data processing, as certain servers for processing the log files are only located in the USA. Fastly has consequently committed itself to comply with the standards and regulations of European data protection law. Fastlys current Privacy Policy can be found at: Privacy Policy | Fastly

These described processing operations are only carried out if express consent is given in accordance with Article 6 Para. 1(a) GDPR.

Open Street Maps current Privacy Policy can be found at:
Privacy Policy – OpenStreetMap Foundation (osmfoundation.org)

10. APPLICATION MANAGEMENT / JOB PORTAL

We process the personal data of applicants for the purpose of processing the application. Unless stated otherwise below, this is done on basis of § 26 Para. 1 sentence 1 Federal Data Protection Act (BDSG) and Art. 6 para. lit. 1 b, f GDPR. The provision of the data is necessary to establish an employment relationship.

The processing can be done electronically via our career portal or when an applicant sends us the relevant application documents by email.

Recipients of the data are the job portal provider and, within the knoell group, our Global People Partner employees, the managing directors, heads of division & department, group leaders and, if applicable, other interview partners of the department of the knoell company to which the application refers and who are involved in the application process and the conclusion of an employment contract.

If the application is made for a position in a knoell company outside the EU/EEA or from a country outside the EU/EEA to a position within the EU/EEA, the personal data of the applicant may be transferred to a third country. Naturally, this primarily affects the knoell group's sites in Taiwan, China, Thailand, the United States of America, Japan, Korea and Switzerland.

In order to ensure legitimacy of the personal data transfer to third countries, EU standard contractual clauses with appropriate technical and organisational measures on site are used within the knoell group, unless the transfer is permitted on the basis of adequacy decisions by the Commission.

Adequacy decisions by the Commission exist for the knoell sites in Japan ((EU) 2019/419) and Switzerland (2000/518/EC). All adequacy decisions are available on the European Commission's website (https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de).
Further information on the implemented transmission mechanism pursuant to Art. 44 ssq. GDPR can be obtained by sending an informal request to our Service Centre.

If we enter into an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If we do not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests on our part stand in the way of deletion. Such other legitimate interests include, for example, an obligation to provide evidence in a litigation under the General Equal Treatment Act (AGG). On the basis of our legitimate interest, the data will be stored for a period of six months from the date of notification of the cancellation decision. After this, the data will be deleted, unless we have entered into a litigation under the AGG.

In this respect, data processing is carried out solely on the basis of our legitimate interest in accordance with Art. 6 Para. 1 (f) GDPR.

11. Surveys

We use surveys to collect information about our business partners, such as clients and suppliers.

11.1 Collection and use of data

We collect personal data from business partners to conduct surveys on various business-related topics (including satisfaction surveys) and obtain information about, for example, the needs and preferences of our clients, as well as for the purpose of onboarding the business partner by means of a survey. The data collected may include names, contact details, demographic information and other relevant information from business partners provided as part of the survey.

11.2 purpose of processing

The data provided by the business partner is only used for internal purposes, e.g. to better understand which products and services are relevant for our clients and how we can improve our client service. We use the data to analyse our clients' needs and provide them with tailored proposals and information.

11.3 data transfer

The (personal) data are also received by the company of the knoell group at whose request/under whose responsibility the survey is carried out and/or which has created and processed the proposal belonging to the relevant business relationship. In individual cases, this company may also be located in a third country. In this case, the transfer to knoell companies located in the third country is provided on the basis of applicable adequacy decisions and - if no adequacy decisions are applicable - the standard contractual clauses as amended in 2021/914.

11.4 storage and security

The personal data collected in the survey will be stored and processed for the duration of the business relationship. Upon expiry of this period due to termination of the business relationship, the surveys will be deleted after 3 years.

11.5 legal basis for processing

The processing activity is carried out on the basis of the consent of the data subjects (Art. 6 para. 1 sentence 1 lit. a) GDPR).

12. RIGHTS OF THE DATA SUBJECT

12.1 RIGHT TO CONFIRMATION

As the data subject, you have the right to ask us for confirmation of your personal data being processed.

12.2 RIGHT TO INFORMATION ART. 15 GDPR

As the data subject, you have the right to receive free information from us at any time about the personal data stored about you as well as a copy of this data.

12.3 RIGHT TO CORRECTION ART. 16 GDPR

As the data subject, you have the right to ask us for confirmation of your personal data being processed.

12.4 RIGHT TO ERASURE ART.17 GDPR

Any data subject affected by the processing of personal data has the right to request that the personal data regarding the data subject be erased if and insofar as one of the reasons stipulated in Art. 17 Para. 1 GDPR applies.

12.5 RIGHT TO RESTRICTION OF PROCESSING ART. 18 GDPR

Any data subject affected by the processing of personal data has the right to request the controller immediately restricts processing if the conditions stipulated by Art. 18 Para. 1 GDPR are met.

12.6 RIGHT TO DATA PORTABILITY ART. 20 GDPR

Any data subject affected by the processing of personal data has the right obtain personal data relating to the data subject and provided by the same to the controller in a structured, commonly used and machine-readable format. They also have the right to transfer these data to another controller without hindrance by the controller to whom the personal data was provided, provided that the processing is based on the consent pursuant to Art. 6 Para. 1(a) GDPR or Art. 9 Para. 2(a) GDPR or on a contract pursuant to Art. 6 Para. 1(b) GDPR, and the data are processed using automated procedures.

12.7 RIGHT TO OBJECT ART. 21 GDPR

Any data subject affected by the processing of personal data has the right to lodge an objection to the processing of personal data relating to you for reasons relating to your particular situation where this is done on the basis of Article 6 Para. 1(e) or (f) GDPR. This also applies to profiling based on these provisions.

In the event of an objection, the company will no longer process the personal data unless we can demonstrate compelling and legitimate reasons for such processing that outweigh the interests, rights and freedoms of the data subject, or where processing serves the assertion, exercise or defence of legal claims.

If the company processes personal data in order to run a direct mail campaign, the data subject has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling where this is connected to this kind of direct marketing. Should the data subject object to the processing of their data for direct marketing purposes, we will no longer process their personal data for this purpose.

13. REVOCATION OF A DATA PROTECTION CONSENT

You have the right to revoke your consent to the processing of personal data at any time with future effect.

14. DELETION OF DATA AND PERIOD OF STORAGE

The data subject’s personal data are erased or blocked as soon as the purpose of the storage no longer applies. The data may continue to be stored if this is stipulated by European or national legislation in EU regulations, laws or other provisions to which the controller is subject. Data are also blocked or erased upon the expiry of a storage deadline stipulated by the standards mentioned above, unless further storage of the data is necessary to conclude or fulfil a contract.

15. UPDATING AND CHANGING THE PRIVACY POLICY

This Privacy Policy is currently valid and has the status: 28 November 2023.
Due to further development of our websites and offers or due to changed legal or official requirements, it may be necessary to change this Privacy Policy. The current Privacy Policy can be viewed and printed on the website at any time.