1. General and scope of application
Keyweb AG takes the protection of your personal data very seriously. We treat your personal data confidentially and according to the legal data protection regulations as well as this data protection declaration.
Keyweb AG, as the data controller, has implemented numerous technical and organisational measures to ensure the most complete possible protection of the personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed.
2. Definitions of terms
It is our aim that this data protection declaration is easy to read and understand for the public as well as for customers and business partners and offers a maximum of transparency. Therefore, we would like to explain some of the terms used in advance.
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). A natural person shall be considered identifiable if he can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more specific characteristics expressing the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
rocessing means any operation or set of operations which is carried out with or without the aid of automated processes and which relates to personal data, such as collection, recording, organisation, sorting, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or association, qualification, erasure or destruction.
Limitation of processing
Limitation of processing is the marking of stored personal data with the aim of limiting their future processing.
Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movement of that natural person.
Pseudonymisation means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the provision of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.
Data controller or controller
The controller or data controller is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or controllers may be designated in accordance with Union law or with the law of the Member States on the basis of specific criteria.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
The recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the course of a specific investigation task under Union law or the law of the Member States shall not be considered as recipients.
Third party means any natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or processor.
Consent shall mean any voluntary, informed and unambiguous expression by the data subject of his or her will in the particular case, in the form of a statement or other unequivocal confirmatory act, indicating that he or she consents to the processing of his or her personal data.
3. Name and address of the controller
The person responsible within the meaning of the Basic Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is the Data Protection Commissioner:
Board of Directors:
Frank Nowag (Chairman)
Holger Amberg (Technology)
Charman of the board:
Phone: +49 (0)361 65853 – 0
Fax: +49 (0)361 65853 – 88
4. Name and address of the Data Protection Officer
Mr. Johannes Schilling
Phone: +49 (0)361 65853 – 0
5. Your data protection rights
You have the right,
- to request information on the categories of data processed, the purposes of processing, any recipients of the data, the planned storage period (Art. 15 GDPR);
- require the correction or addition of inaccurate or incomplete data (Art. 16 GDPR);
- to revoke the consent given at any time with effect for the future (Art. 7 para. 3 GDPR);
- to object to data processing which is to be carried out on the basis of a legitimate interest for reasons arising from your particular situation (Art. 21 para. 1 GDPR);
- in certain cases to request the deletion of data within the framework of Art. 17 GDPR – in particular if the data are no longer required for the intended purpose or are processed unlawfully, or if you have withdrawn your consent pursuant to Art. 7 para. 3 GDPR or have declared an objection pursuant to Art. 21 para. 1 GDPR;
- under certain circumstances to demand the restriction of data if deletion is not possible or the obligation to delete is in dispute (Art. 18 GDPR);
- data transferability, i.e. you can transfer the data you have provided to us in a common machine-readable format and, if necessary, to others (Art. 20 GDPR);
- complain to the responsible supervisory authority about the data processing. The responsible supervisory authority for data protection issues is the data protection officer of the federal state in which our company is based. A list of data protection officers and their contact details can be found at the following link:
6. Provision of the website and creation of log files
6.1 Description and scope of data processing
If you access our website without registering or otherwise providing us with information, we will only collect the personal data that your web browser sends to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to enable you to view our website and to ensure stability and security:
- IP address
- date and time of the request
- content of the website
- access status
- transferred data volume
- Website from which you came to our website
- Browsert type and browser version
- used operating system
The data is also stored in the log files of our system. This data is not merged with other data sources.
6.2 Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1lit. f GDPR.
6.3 Purpose of data processing
The collection and temporary storage of the IP address is necessary to enable our website to be displayed on your terminal device. For this purpose, your IP address must be stored for the duration of your visit to our website. The storage in log files serves to ensure the functionality and optimisation of our website as well as to ensure the security of our information technology systems. These data are not evaluated for marketing purposes.
These purposes also include our legitimate interest in data processing pursuant to Art. 6 para. 1 lit. f GDPR.
6.4 Duration of storage
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data to provide the website, this is the case when the session in question has ended.
In the case of storage of data in log files, this is the case after 14 days. A storage going beyond this is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
6.5 Transfer of data
The data is only passed on to the respective department within the company.
6.6 Possibility of objection and removal
The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.
7.1 Description and scope of data procesing
This website uses the following types of cookies, the scope and function of which are explained below.
Cookies that are stored in your web browser:
Session cookies: These are automatically deleted at the end of your visit.
7.2 Legal basis for data processing
The legal basis for the use of personal data using session cookies is Art. 6 para. 1 lit. f GDPR. The legal basis for the processing of personal data using opt-out cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
7.3 Purpose of data processing
The processing of personal data by the aforementioned cookies serves to make the offer of our website more user-friendly and effective for you. Some functions of our website cannot be offered without the use of these cookies. In particular, some functions of our website require that your web browser can be identified even after a page change. The data which is processed by cookies and which is required for the provision of the functions of our website is not used to create user profiles.
Our legitimate interest in data processing lies in the above purposes.
7.4 Duration of storage, objection and removal options
Since all cookies used are stored locally on your computer, you have full administrative freedom and control over them. The transmission of cookies can be restricted or completely deactivated by any changes or settings of your web browser. Cookies that have already been set can also be deleted at any time via an Internet browser or other software programs. This is possible in all common web browsers. If the person/visitor in question deactivates the setting of cookies in the web browser used, this may restrict the functionality of our websites or set the functionality completely.
8. Contact form and e-mail contact
8.1 Description and scope of data processing
A contact form is available on our website, which can be used for electronic contact. If a user makes use of this possibility, the data entered in the input mask will be transmitted to us and stored. These data are:
- email adresse
- message content
In addition, we record your IP address and the time of sending.
Your consent will be obtained for the processing of the data during the sending process and reference will be made to this data protection declaration.
Alternatively, you can contact us via the e-mail address provided. In this case, the personal data of the user transmitted with the e-mail will be stored.
The data will not be passed on to third parties in this context. The data will be used exclusively for the processing of the conversation.
8.2 Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para.1 lit. a GDPR if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
8.3 Purpose of data processing
The processing of the personal data from the input mask serves us exclusively for the processing of the establishment of contact.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
This is also our legitimate interest in the processing of your personal data.
8.4 Duration of storage
The data entered by you in the contact form or transmitted by e-mail will remain with us until you request deletion, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.
8.5 Disclosure of data
The data is only passed on to the respective department within the company.
8.6 Possibility of objection and removal
You can revoke the consent given to us to process your personal data at any time. If you contact us by e-mail, you can object to the storage of your personal data at any time. We would like to point out that in this case your request cannot be processed any further. You can declare your revocation or objection by sending an e-mail to the e-mail addresses given in this data protection declaration. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
9. Change of the data protection explanation
If you have any further questions, you are also welcome to contact us at the above addresses.
Status: May 2019