PRIVACY POLICY
I. Name and Address of the Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the Member States as well as other data protection regulations is:
KooSys GmbH
Franz-Mayer-Straße 1
93053 Regensburg
Germany
E info@koosys.de
–
II. General Information on Data Processing
–
1. Scope of the Processing of Personal Data
We generally process personal data of our users only to the extent necessary to provide a functional website as well as our content and services. The processing of personal data of our users regularly takes place only with the consent of the user. An exception applies in cases where obtaining prior consent is not possible for factual reasons and the processing of the data is permitted by legal provisions.
–
2. Legal Basis for the Processing of Personal Data
Where we obtain the consent of the data subject for processing personal data, Art. 6(1)(a) GDPR serves as the legal basis.
When processing personal data necessary for the performance of a contract to which the data subject is a party, Art. 6(1)(b) GDPR serves as the legal basis. This also applies to processing operations necessary to carry out pre-contractual measures.
Where the processing of personal data is necessary to comply with a legal obligation to which our company is subject, Art. 6(1)(c) GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.
If processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, Art. 6(1)(f) GDPR serves as the legal basis.
–
3. Data Deletion and Storage Duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. Storage may take place beyond this point if required by European or national legislation in regulations, laws, or other provisions to which the controller is subject. Blocking or deletion of the data also occurs when a storage period prescribed by the aforementioned standards expires, unless further storage of the data is necessary for contract fulfillment or completion.
–
III. Provision of the Website and Creation of Log Files
–
1. Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.
The following data is collected:
· Information about the browser type and version
· The user’s operating system
· The user’s internet service provider
· The user’s IP address
· Date and time of access
· Websites from which the user’s system accesses our website
· Websites accessed from our website by the user’s system
The data is also stored in the log files of our system. Storage of this data together with other personal data of the user does not take place.
–
2. Legal Basis for Data Processing
The legal basis for the temporary storage of data is Art. 6(1)(f) GDPR.
–
3. Purpose of Data Processing
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s device. For this purpose, the user’s IP address must remain stored for the duration of the session.
Storage in log files ensures the functionality of the website. Additionally, the data helps us optimize the website and maintain the security of our IT systems. No evaluation of the data for marketing purposes takes place.
These purposes also constitute our legitimate interest in data processing pursuant to Art. 6(1)(f) GDPR.
–
4. Storage Duration
The data is deleted as soon as it is no longer required for the purpose of its collection. For data collected to provide the website, this is the case when the respective session ends.
For data stored in log files, deletion occurs after seven days at the latest. Further storage is possible. In this case, the IP addresses of users are deleted or anonymized so that identification of the client is no longer possible.
–
5. Right to Object and Removal
The collection of data for providing the website and storing data in log files is essential for website operation. Consequently, the user has no right to object to this processing.
–
IV. Use of Cookies
–
a) Description and Scope of Data Processing
Our website uses cookies. Cookies are text files stored in the internet browser or by the browser on the user’s computer system. When a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a unique string that enables identification of the browser when the website is revisited.
We use cookies to make our website more user-friendly. Some elements of our website require the browser to be recognized even after a page change.
The following data is stored and transmitted in cookies:
· Language settings
–
b) Legal Basis for Data Processing
The legal basis for processing personal data using cookies is Art. 6(1)(f) GDPR.
The legal basis for the processing of technically necessary cookies is Art. 6(1)(f) GDPR.
–
c) Purpose of Data Processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website cannot be provided without cookies. For these features, recognition of the browser after a page change is required.
We require cookies for the following:
· Language settings
· Saving search terms
The data collected through technically necessary cookies is not used to create user profiles. These purposes also constitute our legitimate interest in processing personal data under Art. 6(1)(f) GDPR.
–
d) Storage Duration, Objection, and Removal
Cookies are stored on the user’s device and transmitted to our website. Therefore, you as a user have full control over the use of cookies. You may disable or restrict the transfer of cookies through your browser settings. Cookies already stored may be deleted at any time. This may also occur automatically. If cookies for our website are disabled, not all functions of the website may be fully available.
–
V. Contact Form and Email Contact
–
1. Description and Scope of Data Processing
A contact form is available on our website for electronic contact. If a user submits the form, the data entered in the form is transmitted to us and stored.
The following data is collected:
- Contact form
- Name (mandatory)
- Email (mandatory)
- Telephone number
- Company
- Message (mandatory)
At the time of message submission, the following data is also stored:
· The user’s IP address
· Date and time of submission
During the sending process, your consent is obtained, and reference is made to this privacy policy.
Alternatively, contact may be made via the provided email address. In this case, the user’s personal data transmitted via email is stored.
No data is passed on to third parties. The data is used exclusively for processing the conversation.
–
2. Legal Basis for Data Processing
The legal basis for processing data with user consent is Art. 6(1)(a) GDPR. The legal basis for processing data transmitted by email is Art. 6(1)(f) GDPR. Where email contact aims to conclude a contract, Art. 6(1)(b) GDPR applies additionally.
–
3. Purpose of Data Processing
Processing the personal data from the input form serves solely to handle the contact request. For email contact, this also constitutes our legitimate interest in processing the data.
The additional personal data processed during submission prevents misuse of the contact form and ensures the security of our IT systems.
–
4. Storage Duration
The data is deleted once it is no longer necessary to achieve the purpose for which it was collected. For personal data from the contact form and emails, this occurs when the respective conversation has ended. A conversation is deemed ended when the circumstances indicate that the matter is fully resolved.
Additional personal data collected during the submission process is deleted after seven days at the latest.
–
5. Right to Object and Removal
Users may revoke their consent to the processing of personal data at any time. If a user contacts us via email, they may object to the storage of their personal data at any time.
In such cases, the conversation cannot continue.
Please send your revocation or objection to: datenschutz@koosys.de
All personal data stored during contact will be deleted in this case.
–
VII. Rights of the Data Subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights:
–
1. Right of Access
You may request confirmation from the controller as to whether personal data concerning you is being processed by us. If such processing is taking place, you may request the following information from the controller:
(1) the purposes for which the personal data is being processed;
(2) the categories of personal data that are being processed;
(3) the recipients or categories of recipients to whom the personal data concerning you has been disclosed or will be disclosed;
(4) the planned duration of storage of the personal data concerning you or, if specific information is not possible, the criteria used to determine the storage period;
(5) the existence of a right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
(6) the existence of a right to lodge a complaint with a supervisory authority;
(7) any available information regarding the source of the data, if the personal data was not collected from the data subject;
(8) the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR and—at least in those cases—meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.
You also have the right to request information on whether personal data concerning you is transferred to a third country or an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Article 46 GDPR related to the transfer.
–
2. Right to rectification
You have the right to request that the controller correct and/or complete personal data concerning you if it is inaccurate or incomplete. The controller shall correct the data without undue delay.
–
3. Right to restriction of processing
You may request the restriction of processing of your personal data under the following circumstances:
(1) if you contest the accuracy of your personal data for a period allowing the controller to verify its accuracy;
(2) if the processing is unlawful and you oppose the erasure of the personal data and instead request restriction of its use;
(3) if the controller no longer needs the personal data for the purposes of processing, but you need it for the establishment, exercise, or defense of legal claims;
(4) if you have objected to processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the controller's legitimate grounds override your grounds.
If processing has been restricted under the above conditions, the data may only be processed—with the exception of storage—with your consent, for the assertion, exercise, or defense of legal claims, to protect the rights of another natural or legal person, or for important public interest reasons of the Union or a member state. You will be informed by the controller before the restriction of processing is lifted.
–
4. Right to erasure (“Right to be forgotten”)
a) Obligation to erase
You may request the controller to delete personal data concerning you without undue delay, and the controller is obliged to erase such data, if one of the following grounds applies:
(1) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
(2) you withdraw consent on which the processing is based according to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal ground for processing;
(3) you object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for processing, or you object pursuant to Art. 21(2) GDPR;
(4) the personal data has been unlawfully processed;
(5) erasure is required to comply with a legal obligation under Union or member state law to which the controller is subject;
(6) the personal data has been collected in relation to the offer of information society services to a child pursuant to Art. 8(1) GDPR.
b) Information to third parties
If the controller has made personal data concerning you public and is obliged to erase it, the controller shall take reasonable steps, considering available technology and implementation costs, to inform other controllers processing such data that you have requested erasure of any links, copies, or replications of your personal data.
c) Exceptions
The right to erasure does not exist if processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) to comply with a legal obligation under Union or member state law or for the performance of a task carried out in the public interest or in the exercise of official authority;
(3) for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research, or statistical purposes pursuant to Art. 89(1) GDPR, where the right in (a) is likely to render impossible or seriously impair the achievement of the objectives of the processing;
(5) for the establishment, exercise, or defense of legal claims.
–
5. Right to notification
If you have requested rectification, erasure, or restriction of processing, the controller is obliged to inform all recipients to whom your personal data have been disclosed of this correction or erasure of data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed of these recipients.
–
6. Right to data portability
You have the right to receive the personal data you provided to the controller in a structured, commonly used, and machine-readable format and have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that:
(1) the processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR, or on a contract pursuant to Art. 6(1)(b) GDPR; and
(2) the processing is carried out by automated means. In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. This right does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
–
7. Right to object
You have the right to object, at any time and for reasons arising from your particular situation, to the processing of personal data concerning you based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. The controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds for processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims. If personal data is processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing. This also applies to profiling in so far as it is related to such direct marketing. You may exercise your right to object in connection with the use of information society services by automated means using technical specifications.
–
8. Right to withdraw consent
You have the right to withdraw your consent to the processing of personal data at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
–
9. Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, except when:
(1) the decision is necessary for the conclusion or performance of a contract between you and the controller;
(2) the decision is authorized by Union or member state law;
(3) the decision is based on your explicit consent. In these cases, the controller shall implement suitable measures to safeguard your rights and freedoms, including the right to obtain human intervention, express your point of view, and contest the decision.
–
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.
The supervisory authority shall inform you of the progress and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
VII. Plugins
Google Web Fonts
This site uses so-called web fonts provided by Google to ensure a consistent display of fonts. When you access a page, your browser loads the required web fonts into its cache to display texts and fonts correctly.
For this purpose, the browser you use must establish a connection to Google’s servers. As a result, Google becomes aware that our website has been accessed via your IP address. The use of Google Web Fonts is carried out in the interest of a consistent and attractive presentation of our online offerings. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
If your browser does not support web fonts, a standard font from your computer will be used.
For more information about Google Web Fonts, please visit https://developers.google.com/fonts/faq and Google’s privacy policy at https://www.google.com/policies/privacy/
Google Maps
his site uses the Google Maps service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
In order to use the functions of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.
The use of Google Maps is carried out in the interest of an attractive presentation of our online offerings and to ensure easy accessibility of the locations listed on our website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
More information on the handling of user data can be found in Google’s privacy policy: https://www.google.de/intl/de/policies/privacy/
Our information obligations pursuant to Articles 13 and 14 GDPR can be found here: