1.1 FOREWORD
Cookie Policy
No matter whether you are a customer, a prospective customer, a job applicant or a visitor to our website: We (hereinafter: ‘KLÖBER’, ‘Klöber GmbH’, ‘we’) take the protection of your personal data very seriously. But what does this mean in concrete terms?
In what follows, we offer you a glimpse into the personal data we collect from you, and of the form in which we process these data. You will also gain an overview of your rights under the current data-protection laws. We also offer you a contact in the event that you happen to have any further questions.
1.1.1 WHO ARE WE?
For more than 80 years Klöber GmbH, with its head office in Owingen on the shores of Lake Constance, has focused on its core competence of designing, developing and manufacturing innovative office seating. Klöber employs state-of-the-art technology and craftsmanship of the highest standard to create seating solutions that are convincing in design, quality, ergonomics and function.
As the controller within the meaning of the applicable legislation on data protection, we,
Klöber GmbH
Hauptstraße 1
88696 Owingen
Email: info@kloeber.com
Telephone: +49 (0) 75 51 - 838-0
Fax: +49 (0) 75 51 - 838-142,
take all steps required under the applicable data-protection laws to ensure the protection of your personal data.
If you have any questions concerning data processing in our company and the exercise of your rights, you are welcome to contact our Data Protection Officer free of charge.
KLÖBER Data Protection Officer:
2B Advice GmbH
Contacts: Mr Clemens Dorner
Joseph-Schumpeter-Allee 25
53227 Bonn
Tel.: +49 (228) 926165 120
kloeber@2b-advice.com
1.2 SCOPE OF THE PRIVACY STATEMENT
The law takes the processing of personal data to denote activities such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or any other rendering-available, alignment or combination, restriction, erasure or destruction of personal data.
‘Personal data’ refers to all information relating to an identified or identifiable natural person.
This Privacy Statement applies to the personal data of customers, prospective customers, job applicants or visitors.
This Privacy Statement applies not only for our website www.kloeber.com but also to the website www.kloeber-klimastuhl.com.
1.3 WHICH PERSONAL DATA DO WE PROCESS?
We collect your personal data if you contact us, e.g. as an interested party or customer. This may occur, for example, if you express an interest in our products, register for our online services, get in touch with us through our communication channels, or use our products or services within the scope of existing business relationships.
We process the following types of personal data:
• Particulars for personal identification
o e.g. first and last names, address data, e-mail address, telephone number, fax number
• Order data
o e.g. customer number, order number, invoice data
• Company-related data
o e.g. company name, department, line of business
• Data on your online behaviour
o e.g. IP addresses, user names, data on your visits to our website, in the customer portals or in the app, actions performed on our websites and in the customer portals, the location from which our offerings are accessed
• The information you provide us on your interests and wishes
o e.g. via our contact form or via other communication channels
• Information about your career history
o e.g. career training, previous employers, other qualifications
along with other information comparable to these data categories.
1.3.1 SENSITIVE DATA
Sensitive data – meaning special categories of personal data such as information on health, political opinions, religious or trade-union affiliation – are not collected via this route.
1.3.2 PERSONAL DATA OF MINORS
The personal data of children or minors are collected only if they register in the career portal or avail themselves of our communication channels.
1.3.3 USE OF COOKIES
1.3.3.1 WHAT ARE COOKIES?
Cookies are files that our website or customer portals store on our computer when you access the site. These files store information that makes your use of this site more efficient.
The web-analytics service we use is Google Analytics or Google Universal Analytics, a web-analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, to analyse use behaviour on the website and in the customer Portals. For purposes of this analysis, the usage information generated by the cookie (including the user’s truncated IP address) is transmitted to our servers and stored there for purposes of usage analysis. We rely on usage analysis in order to optimise our own websites, customer portals, customer appeals and other advertising measures, and for market-research purposes as well. The users’ IP addresses are immediately truncated during this process; this prevents identification of the users via their IP address. In the case of Google Universal Analytics, IP anonymisation is performed. We would like to point out that on this website Google Analytics has been extended by the code ‘anonymizeIp’ in order to ensure anonymous collection of IP addresses (known as ‘IP masking’). By its own accounts, Google does not link your truncated IP address with any other Google data.
You can object to any additional tracking analysis at any time. You can also prevent Google from collecting and evaluating the data generated about your use of the website (including your IP address) by downloading and installing the browser plug-in provided through the following link: tools.google.com/dlpage/gaoptout. If you use multiple devices or browsers, you must separately opt out for each device and each browser.
Through Google Universal Analytics, we assign a user ID to the user upon access to the personal area. If the same user accesses the personal area from different devices, we can communicate this user ID to Google Universal Analytics, with the usage profiles linked to each other across the different devices through creation of an additional client ID. This allows us to pursue cross-device tracking. In addition, the user's profile could be enriched with further data that are not related to the visit to the website.
At this point, it is to be noted that, according to information provided by Google Inc., all Google Analytics accounts will be converted to Google Universal Analytics.
We use Google Fonts on our website. Google Fonts are used without authentication, and no cookies are sent to the Google Fonts API. If you have an account with Google, none of your Google account details will be transmitted to Google during usage of Google Fonts. Google only notes the use of CSS and of the fonts used and securely stores these data. For more on these and other questions, visit developers.google.com/fonts/faq.
To ensure uniform display of fonts on this site, we use what are known as “web fonts” provided by Google. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
The browser you are using must contact the Google servers for this purpose. This makes Google aware that our website was accessed through your IP address. The use of Google Web Fonts is done in the interest of facilitating a uniform and appealing presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.
If your browser does not support Web Fonts, your computer will apply a standard font instead.
You can find further information about Google Web Fonts under developers.google.com/fonts/faq and in the Google Privacy Policy: www.google.com/policies/privacy/
Furthermore, we use the social-share tool addtoany.com. This tool is automatically integrated into Google Analytics and is integrated into other analytics software. When Google Analytics or Google Universal Analytics are in use, AddToAny automatically transmits statistics. AddToAny is integrated by means of what are known as link shorteners and custom URLs and parameters (including Google Analytics parameters). AddToAny does not store any personal data. For information about the use and function of AddToAny, please visithttps://www.addtoany.com/buttons/faq/#gdpr.
In the case of appointment requests made on our website, execution of the contract requires that these data be transmitted to the relevant specialist dealer, in conjunction with your contact details.
Every user who does not consent to the storage and evaluation of his or her anonymised user data pertaining to visits to our website may object to this storage and usage at any time. Anonymised use of customer portals is not possible.
To draw attention to our current products and new developments, and our planned activities and services, we use Google AdWords ads, and within the framework of this we also use Google conversion tracking for our marketing activities. These ads are displayed after searches on websites of the Google advertising network. We have the option of combining our adverts with certain search terms. If you visit certain pages within our website, we and Google can see that you, as a user, have clicked on one of the adverts we have placed with Google and were directed to our website. This is used to generate visit statistics in order to evaluate the effectiveness of the advertising measures deployed.
In addition, we use AdWords remarketing lists for search ads. This allows us to customise search ad campaigns for users who have visited our site. Through these services, we have the opportunity to combine our ads with certain search terms, or to display ads for previous visitors by e.g. promoting services that visitors to our website have viewed.
Interest-based offers require an analysis of online user behaviour. Google uses cookies to perform this analysis. When a user clicks on an ad or visits our website, Google places a cookie on that user’s computer. This information is used to target an appeal to the visitor during a subsequent search within the Google advertising network.
Our website uses the ‘Google Maps’ component to facilitate location of KLÖBER dealers. With each individual call-up of ‘Google Maps’, Google sets a cookie in order to process user settings and data in the display of this page. This cookie is typically not deleted when the browser is closed and instead expires after a certain time. If you do not consent to this processing of your data, you can disable the ‘Google Maps’ service. To do this, you must disable the JavaScript function in your browser. However, we would like to point out that in this case you cannot use the functions of ‘Google Maps’, or, if so, only to a limited extent.
Our website does not use any plug-ins linking to social networks. The ‘share functions’ integrate the share buttons in social networks on our website only as a graphic containing a link to the relevant social network. The social-media button provides direct contact between the social network and our users only if the visitor actively clicks the ‘Share' button. By clicking on the relevant graphic, you will be redirected to the service of the respective network. So no information whatsoever is transmitted to the social-media platforms when you load the Klöber website. The corresponding social-media site only opens up in a pop-up when the user clicks the respective link. On our website, we link to the following social networks and services:
Facebook, Xing, LinkedIn, Google+, Twitter, Pinterest and e-mail
We maintain online fan pages within various social networks and platforms in order to communicate with the customers who are active there, as well as interested parties, and to inform them there about our services.
We wish to point out that your personal data may be processed outside of the European Union; this may result in risks to you (e.g. relative to asserting your rights under European/German law). Please note that some US providers are certified under the Privacy Shield, committing them to compliance with the data-protection standards of the EU.
Users’ data are usually processed for market-research and promotional purposes. Thus, for example, user profiles can be generated based on user behaviour and associated user interests. These usage profiles can in turn be used, for instance, to display advertisements, both within and outside of the platforms, that presumably reflect users’ interests. For these purposes, cookies are usually stored on users’ computers in which user usage behaviour and interests are stored as well. Data can also be stored in user profiles that are independent of the devices used by the users (particularly if the users are members of the respective platforms and are logged in to these).
Users’ personal data are processed on the basis of our legitimate interests in offering users effective information and communicating with users in compliance with Art. 6 (1) (f) GDPR. If the respective providers ask users to consent to data processing (i.e. to give their consent, e.g. by ticking a box or clicking a button), the legal basis for this processing is provided under Art. 6 (1) (a) and Art. 7 GDPR.
Further information about the processing of your personal data as well as your options to object thereto can be found under the links of the respective provider as shown below. The assertion of information and other rights of the data subjects can also be lodged with the providers, as only these have direct access to users’ data and have appropriate information available to them. We shall of course be available to answer questions or provide support if you should need assistance.
Provider:
Google/YouTube
On our website, we use videos provided by YouTube, LLC 901 Cherry Ave., 94066 San Bruno, CA, USA, a company of Google Inc., Amphitheatre Parkway, Mountain View, CA 94043, USA. We use the ‘enhanced privacy mode’ option provided by YouTube for this purpose. If you call up a site that has an embedded video, a connection is set up to YouTube servers, and the selected content is presented through delivery to your browser. According to data provided by YouTube, in ‘enhanced privacy mode’, data are forwarded to the YouTube server only if you view the video. If you are are logged into YouTube at the same time, this information will be associated with your member account at YouTube. You can prevent this by logging off from your member account before visiting our website.
Google provides additional information about privacy and YouTube under the following link: www.google.de/intl/de/policies/privacy/
In this directory, you will also find a guide on the privacy features of the various Google services.
Opt-Out: adssettings.google.com/authenticated
Privacy Shield: www.privacyshield.gov/participant
Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Statement www.facebook.com/about/privacy/
Opt-Out: www.facebook.com/settings and www.youronlinechoices.com
www.youronlinechoices.comPrivacy Shield: www.privacyshield.gov/participant
XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Privacy statement / Opt-Out: privacy.xing.com/de/datenschutzerklaerung
1.4 WHY DO WE PROCESS YOUR PERSONAL DATA – AND ON WHAT LEGAL BASIS?
1.4.1 CONTRACT PERFORMANCE
We process your data in order to fulfil our contracts. This also applies to disclosures you make to us within the scope of pre-contractual correspondence. Specific purposes for data processing are a function of the product involved, and of the application submitted; they can also serve to analyse your needs and to check which products and services might be suitable for you.
1.4.1.1 EXECUTING THE CONTRACTUAL RELATIONSHIP
To execute the contract, we require your name, your address and your telephone number and/or e-mail address, so that we can contact you.
1.4.1.2 OFFER OF GOODS AND SERVICES
We also require personal data in order to check whether and which products and services we can and may offer you.
Details of the various purposes of data processing can be found in the contract documents, and in our General Terms and Conditions.
1.4.1.3 IMPLEMENTATION OF THE APPLICATION PROCESS
We process your data you have sent to us as part of your job application in order to determine whether your professional qualifications are suitable for the vacancy in question. We use your information for the application process only and transfer it to your personnel file once the employment agreement is concluded. If the contact does not result in an agreement, your information is deleted or destroyed. We will use your candidate information for no purpose other than to conduct the application process.
1.4.2 AFTER A BALANCING OF INTERESTS: WE IMPROVE OUR SERVICES AND OFFER YOU SUITABLE PRODUCTS
1.4.2.1 FOR STRENGTHENING AND OPTIMISING THE CUSTOMER RELATIONSHIP
As part of our effort to continuously improve our relationship with you, we occasionally ask you to participate in our customer surveys. The results of the surveys are used to better tailor our products and services to your needs.
1.4.2.2 DATA PROCESSING AND ANALYSIS FOR MARKETING PURPOSES
Your needs are important to us, and we make every effort to offer you information about products and services that suit you perfectly. To do this, we draw on the findings from our joint business relationship as well as from market research. The main aim is to tailor our product suggestions to your needs. In this context, we guarantee that we will always process data in accordance with applicable data-protection laws. Important: You may object to the use of your personal data for this purpose at any time.
What specifically do we analyse and process?
· the results of our marketing promotions, in order to measure the efficiency and relevance of our campaigns;
· information gleaned from your visits to our website;
· We analyse the possible demand for our products and services.
1.4.2.3 NEWSLETTER
You are welcome to sign up through our website to receive our newsletter. We shall require your e-mail address to send it to you; all other information is voluntary. You will begin receiving our newsletter only after successful completion of a double opt-in procedure. You have the right to view your declaration of consent, or to unsubscribe from the newsletter, at any time. Links to this effect are implemented in every cover letter accompanying our newsletter. If you should unsubscribe to our newsletter, we will promptly delete your contact details from our newsletter distribution list.
The laws place certain requirements with regard to the effectiveness of the kind of electronic statement of consent used to subscribe to the newsletter. This also includes the logging of your declaration of consent. This is why we log the date and time of the consent, the text of the declaration of consent, a record of whether the checkbox was ticked, your e-mail address and all other optional information. We also log the date and time of the click on the confirmation link and on the link in the confirmation e-mail. We collect these disclosures exclusively to comply with legal obligations.
1.4.2.4 MEASURES THAT SERVE YOUR SAFETY
We make use of your personal information in the following cases, among others:
· To protect you and/or your enterprise from fraudulent activity, we analyse your data. This may occur, for instance, if you have been the victim of an identity theft, or if unauthorised persons have gained access to your user account in some other way;
· To improve the reliability of our web applications, our IT support staff work closely with you in the event of technical problems. In this context, we also evaluate logging of page views, actions performed, etc.;
· To ensure IT security;
· In the event of possible legal disputes, this permits us to record and demonstrate facts.
1.4.3 BASED ON YOUR CONSENT
We are permitted to process your data if you have consented to the processing of your personal data for one or more specified purposes. You may withdraw this consent, effective for the future, at any time without incurring any costs other than the basic rates of transmission (the costs associated with your Internet connection). Withdrawal of consent, however, does not affect the legality of processing performed prior to the withdrawal.
1.4.4 BASED ON REQUIREMENTS OF LAW, OR IN THE PUBLIC INTEREST
As a company, we are subject to a very wide array of legal requirements (under tax legislation, for instance). In order to meet our legal obligations, we process your personal data to the extent necessary.
1.5 WHERE WE TRANSMIT DATA, AND WHY
1.5.1 DATA USAGE WITHIN SEDUS/KLÖBER
Within SEDUS/KLÖBER, access to your personal information is granted only to such entities as require it to meet our contractual or legal obligations, or to protect our legitimate interests.
1.5.2 DATA USAGE BEYOND SEDUS/KLÖBER
We respect the protection of your personal data and will share information about you only if required to do so by law, or if you have consented to our doing so, or in order to meet contractual obligations.
A legal obligation to disclose your personal data is considered, for example, for the following recipients:
- Public agencies or supervisory authorities,e.g. tax authorities, customs authorities;
- Judicial and law-enforcement agencies, e.g. police, courts, public prosecutor’s offices;
- Lawyers or notaries, e.g. in the event of legal disputes;
- Auditors.
We cooperate with other companies in order to be able to meet our contractual obligations. These include:
- Transport service providers and freight forwarders;
- Event organisers and providers of training services, if you have registered for certain trade fairs or events through us;
- Banks and providers of financial services for the handling of all financial matters.
Own service providers
To make our operations efficient, we rely on the services of external service providers; these providers may receive personal information about you in fulfilment of the purposes described. They include providers of IT services, printing and telecommunications service providers, collection firms, and consulting or sales companies.
Important: We pay very close attention to your personal data!
We have concluded job-processing agreements as appropriate as a way to ensure that the same standards of data protection that apply in our company are met by these service providers as well. Among other things, these agreements provide:
- that third parties are given access only to such data as they require to perform the tasks assigned to them;
- that access to your data is given only such employees of these service providers who have explicitly committed to complying with the data-protection regulations;
- that the service providers will comply with technical and organisational measures to ensure data security and data protection;
- what happens to the data when the business relationship between the service provider and us is terminated.
For service providers with registered offices outside the European Economic Area (EEA), we take special security measures (e.g. through the use of special contract clauses) to ensure that the data are treated with the same degree of prudence as applies within the EEA. We regularly check all of our service providers for their compliance with our specifications.
Tremendously important: Under no circumstances do we sell your personal data to third parties!
1.5.3 DATA USAGE WITHIN THE SEDUS/KLÖBER GROUP
In our effort to offer you the best service possible, we occasionally exchange data within the Group. In doing so, we ensure that the applicable data-protection regulations are observed and that your personal data are appropriately protected at all times.
For this reason, we have taken appropriate measures to ensure compliance with data protection within the SEDUS/KLÖBER Group:
We have concluded agreements to this effect with the individual subsidiaries in order to ensure that personal data shared within the Group remain protected at all times.
In accordance with these agreements and applicable data-protection law, we transfer personal data to our production and distribution subsidiaries only for the purposes spelled out in this Privacy Statement. In doing so, we assist our subsidiaries not only operationally but also in their compliance with such technical and organisational measures as those we apply at the parent company in the effort to ensure the security of your personal data. Wherever possible, we protect your data through measures for pseudonymisation or anonymisation. If subsidiaries are located outside the EEA, we take appropriate measures to ensure that the personal data processed there are just as protected as they are within the EEA.
1.6 ARE YOU REQUIRED TO PROVIDE US WITH PERSONAL INFORMATION?
We require you to provide the following categories of personal data in the context of the business relationship between you and Klöber GmbH:
- all necessary data for the establishment and execution of a business relationship;
- data required to fulfil contractual obligations;
- data we are required by law to collect.
Without these data, we cannot enter into or execute contracts with you.
1.7 DELETION DEADLINES
In accordance with applicable regulations for data protection, we do not store your personal data any longer than we need to for processing purposes. If the data are no longer required to meet contractual or legal obligations, we regularly delete them unless their temporary storage is still required. Continued retention may owe to the following reasons:
- There are retention requirements under commercial or fiscal law that must be observed: The retention periods based mainly on the provisions of the German Commercial Code and the German Tax Code range up to 10 years.
- To preserve evidence in the event of legal dispute within the context of the statutory periods of limitation: Under civil law, periods of limitation can range up to 30 years, though the regular period of limitation takes effect after three years’ time.
1.8 YOUR RIGHTS
You also have certain rights where the processing of your personal data is concerned. More details can be found in the corresponding provisions of the General Data Protection Regulation (there, in Articles 15 to 21).
1.8.1 RIGHT OF ACCESS AND RECTIFICATION
You have the right to obtain information from us indicating which of your personal data we process. You can request that we rectify any information that is not correct (any more); if disclosures are incomplete, you can request that we supplement them. If we have passed your data along to third parties, we shall inform the corresponding third parties where the legal situation indicates.
1.8.2 RIGHT TO ERASURE
You may request the immediate erasure of your personal data in the following circumstances:
- If your personal information is no longer required to fulfil the purposes for which it was collected;
- If you have revoked your consent, and there is no other legal basis for data processing;
- If you object to processing of your data, and there are no overriding, legitimate reasons for data processing;
- If your personal data are unlawfully processed;
- If your personal data must be deleted to comply with legal obligations.
Please note that, before we delete your data, we must verify that there is no legitimate reason to process your personal information.
1.8.3 RIGHT TO RESTRICT PROCESSING (‘RIGHT TO BLOCK’)
You may require us to restrict processing of your personal data for one of the following reasons:
- If you contest the accuracy of the data, until we have had an opportunity to verify the accuracy of the data;
- If the data are processed unlawfully but, in lieu of deletion, you only require restriction of the use of the personal data;
- If we no longer need the personal data for processing purposes but you require these data to establish, exercise or defend legal claims;
- If you have objected to processing of the data, and it is still unclear whether your legitimate interests outweigh ours.
1.8.4 RIGHT TO OBJECT
1.8.4.1 CASE-BY-CASE RIGHT OF OBJECTION
If the data are processed based on a public interest or a balancing of interests, you have the right to object to processing of the data for reasons arising from your particular situation. In the event of an objection, we will not process your personal data any further, unless we can demonstrate compelling grounds, worthy of protection, for processing your data, and these grounds outweigh your interests, rights and freedoms, or because your personal data serve the establishment, exercise or defence of legal claims. The objection does not preclude the lawfulness of processing that has occurred up until the time of the objection.
1.8.4.2 RIGHT TO OBJECT TO THE USE OF YOUR DATA FOR PROMOTIONAL PURPOSES
In those cases in which your personal information is used for promotional measures, you can object to this form of processing at any time. In this case, we will no longer process your personal data for these purposes.
The objection may be lodged informally and should be addressed to:
Klöber GmbH
Hauptstraße 1
88696 Owingen
e-mail: info@kloeber.com
Telephone: +49 (0) 75 51 - 838-0
1.8.5 RIGHT TO DATA PORTABILITY
Upon request, you have the right to obtain, in a portable, machine-readable format, personal data you have provided to us us for processing.
1.8.6 RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY (ART. 77 GDPR)
We make every attempt to process your requests and claims as quickly as possible in order to protect your rights accordingly. Depending on the frequency of requests, however, it may take up to 30 days to provide you with further information with regard to your concern. If it should happen to take longer than this, we will promptly notify you of the reasons for the delay and consult with you about the further steps going forward.
There may be cases in which we are unable to provide you with any information, or prevented from doing so. Where legally permissible, we shall notify you of the reason for the denial of information.
If you are not satisfied with our answers and responses, however, or are of the view that we are in violation of applicable data-protection law, you are free to file a complaint both with our Data Protection Officer and with the appropriate supervisory authority. The supervisory authority with jurisdiction in our case is:
Landesbeauftragter für Datenschutz und Informationsfreiheit Baden-Württemberg
Königstraße 10a, 70173 Stuttgart, Germany
Postal address: Postfach 10 29, 32 70025 Stuttgart, Germany
www.baden-wuerttemberg.datenschutz.de/
2. VERSION
This Privacy Statement is dated 24 July 2018. Registered customers will be informed of any changes in the Privacy Statement. Previous versions of this Privacy Statement are available through the website, or through our Data Protection Officer.