KTR360°

Data protection declaration for ktr360.com

We are legally obliged to inform you about the processing of your personal data (hereinafter called “data”) in connection with using our website (hereinafter called the “website”). We take the protection of your personal data very seriously. This data protection notice provides you with information about the details of how your data is processed, and about the legal rights you hold in this connection. The legal definitions established in Art. 4, GDPR are applicable to concepts such as “personal data” or “processing” .

We reserve the right to adapt our data protection declaration with effect for the future, particularly in the event of redevelopment of the website, in the event of using new technologies or in the event of the amendment of underlying statutory regulations and/or applicable precedent. We would advise you to read our data protection declaration from time to time and to keep a printout or a copy of the declaration on your files.

Scope of application
The data protection declaration is addressed to all users of the website www.ktr360.com (clause I) and to all of the customers and suppliers of KTR Systems GmbH (clause II). Its applicability does not extend to any linked websites and/or Internet presences of our own or of other providers. For applicants and other users of our Careers page www.ktr-karriere.de there applies the data protection declaration for applicants, and you can download this via https://www.ktr-karriere.de/#datenschutz. For our internet pages ktr.com, ktr-events.com, otools.ktr.com, onlinetools.ktr.com and our webshop shop.ktr.com, the data protection declarations that are respectively posted there are applicable.

Responsible party/Data manager
The responsible party/data manager for the processing of personal data within the scope of application of this data protection declaration is:
KTR Systems GmbH
Carl-Zeiss-Straße 25
48432 Rheine
Germany

Tel.: +49 5971 798-0
Email: mail@ktr.com
Website: www.ktr.com

Questions concerning Data protection
If you have any questions concerning the topic of data protection as it affects our Company or our website, please contact us directly using the contact details given above, or apply to our data protection officer. Here are the contact details for our data protection officer:
René Floitgraf
CompliPro GmbH
Frankenstrasse 34
52223 Stolberg
Germany

Tel.: +49 2402 9245980
E-Mail: dsb@complipro.de
Webseite: www.complipro.de

Your rights
You hold the following rights with regard to the personal data concerning yourself, and you can claim these rights from ourselves as follows:

Right of information: You can require information under Article 15, GDPR, concerning your personal data as processed by ourselves.
Right of amendment: Should any of the information concerning yourself not (or no longer) be correct, then under Article 16, GDPR, you can require amendment. If your data is incomplete, then you can require that it be supplemented.
Right of erasure: You can require the erasure of your personal data under Article 17, GDPR.
Right of restriction of processing: Under Article 18, GDPR, you are entitled to require that your personal data be restricted.
Right of objection to processing: You have the right at any time to object – for reasons relating to your particular situation – to the processing of our personal data as conducted under Article 6, paragraph 1, clause 1, subclause (e) or subclause (f), GDPR, in pursuance of Article 21, paragraph 1, GDPR. In that event, we will discontinue processing your data unless we are able to prove that there are urgent, protectable reasons for the processing which outweigh your own interests, rights and freedoms if the purpose of the processing is in order to claim and to exercise – or to defend against – legal entitlements (refer Article 21, paragraph 1, GDPR). Furthermore, under Article 21, paragraph 2, GDPR, you are entitled at any time to raise an objection against the processing of personal data relating to yourself for purposes of direct advertising; and the same is applicable to any instance of profiling to the extent that it is associated with the above-mentioned direct advertising. In this Data protection declaration, we indicate your right of objection as associated with the corresponding processing.
Right of revocation of your consent: If you previously issued consent for processing, then, under Article 7, paragraph 3, GDPR, you hold a right of revocation. Right for transferability of data: You are entitled to receive the personal data concerning yourself – which you have provided for ourselves – in a structured, currently processable and machine-scannable format (“transferability of data”) together with the right to have this data forwarded to a different responsible party/data manager, subject to fulfilment of the pre-requisites under Article 20, paragraph 1, clauses (a) and (b), GDPR, (refer Article 20, GDPR).

You can claim your rights by sending a message to the contact details indicated under the section headed Responsible party/Data manager” or to our designated Data-protection officer.

If you believe that the processing of your personal data infringes the data protection regulations, then you also hold the right, under Article 77, GDPR, to place the matter before the data protection supervisory body of your choice. The choice of data protection supervisory bodies competent to govern the relevant responsible party/data manager includes the following: Landesbeauftragte für Datenschutz und Informationsfreiheit (=Regional officer for data protection and freedom of information) Nordrhein-Westfalen, Postfach 200444, 40102 Düsseldorf, 0211/38424-0, poststelle@ldi.nrw.de.

I. Using our website

1. Access details
The rules state that you are able to visit our website – purely in order for you to gain information – without having to disclose your identity. When individual pages of the website are visited for that purpose, all that will be released will be the contact details for our website provider, thus enabling you to gain a display of the website. In this context, the following data is processed:

Browser type/browser version,
Employed operating system,
Language and version of browser software,
Date and time of access,
IP address,
Content of request (specific website),
Access status/HTTP status code,
URL referrer (previously visited website),
Indication as to whether the visit was successful and
Quantity of data transferred
Difference in time zone relative to GMT.

The temporary processing of this data is required in order to make it technically possible for a website visit to take place and for the website to be made available to your terminal. The contact details are not utilised for purposes of identifying individual users, and they are not combined with any other data sources. There is continued storage in protocol files (log files) in order to ensure functionality of the website and the security of IT systems. The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (f), GDPR. We hold justified interests for protecting the functionality of the website and the integrity and security of the website. The storage of access data in log files – particularly the IP address – for a long period, enables us to detect abuse and to exercise protection against it. This includes, for example, defence against enquiries which would overload our service, or the utilisation of any bots. Access data is deleted as soon as it is no longer required in order to achieve the purpose of your processing. Where the data is logged in order to make the website available, then this is the case when you end your visit to the website. The rule is that the protocol data is stored directly and exclusively for administrators’ access, no later than by seven days afterwards. After that, the data will be available only indirectly – by reconstructing backup tapes (backups) – and will be permanently erased after a maximum of four weeks.

You can file an objection to this processing. Your right of objection will be applicable for reasons arising from your particular situation. You can send us your objection using the contact details set out in the Section entitled “Responsible party/Data manager”.

2. Cookies and other functions

On our website, cookies and other functions are used, and these carry out the processing of our users’ terminals information and personal data. Some of them are urgently needed (“essential cookies”), whilst others fulfil the function of incorporating external elements, statistical analysis, company attribution or reach measurement.

2.1 Data protection settings

In our website, we have incorporated a consent management tool for purposes of requesting consents for the use of cookies or comparable functions. By recourse to the “Data protection settings”, you have the option of issuing or declining your consent for certain functionalities on our website, for example the functionalities for incorporating external elements, statistical analysis and reach measurement. Under “Data protection settings”, you can issue your consent for all functions (“Accept all”) or you can decline (“Accept only essential cookies”), or issue your consent for individual purposes or for individual functions. The settings which you have applied can also be changed by yourself, subsequently. The purpose of incorporating these tools is to leave it to the users of our website to decide about the setting of cookies and similar functionalities and to give them the opportunity – in their future use of our website – to amend settings which they had previously applied. In the process of using the consent management tool, there will be processing of personal data and information concerning the employed terminals.

The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (f), GDPR. Our justified interests in processing relate to the storage of user settings and preferences concerning the use of cookies and other functionalities. User settings are stored by means of a cookie which has a storage period of one year. After that storage period has elapsed, a fresh consent request will be made. The applied user settings will then once again be stored for the same period.
You can file an objection to this processing. Your right of objection will be applicable for reasons arising from your particular situation. You can prevent cookie-based data processing as follows: by deactivating or restricting or deleting cookies, in the settings for your browser software or by opening “Private mode” in the browser which you use.

2.2 Essential cookies

Essential cookies are required for basic website functions. This assures that the website will operate correctly. On our website, urgently required cookies are stored for the following purposes:

Log-in details
This cookie is a WordPress standard session cookie. When a user logs in, it will store the session ID. Accordingly, the logged-in user can be recognised and will be granted access to protected areas. Storage period: 1 week
Cookie opt-in

This comprises the selected data protection settings. Storage period: 1 year.
The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (f), GDPR. Our justified interests in processing relate to providing the above-mentioned particular functionalities so that the use of the website is configured to be more attractive and more effective.
You can file an objection to this processing. Your right of objection will be applicable for reasons arising from your particular situation. You can prevent cookie-based data processing as follows: by deactivating or restricting or deleting cookies, in the settings for your browser software or by opening “Private mode” in the browser which you use.

2.3 Statistical analysis

Google Analytics
In order to make it possible for our website to be matched ideally to users’ interests, we use “Google Analytics”, a “Google” web analysis service (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001). “Google Analytics” uses “cookies” (refer section on “Cookies”, above) which are stored on your terminal. Using the cookies, “Google” processes the information which has been generated in the process of your terminal’s use of our website – if you have visited a specific website, for example – and the data which we will process will include the data mentioned in the Section on “Utilisation of our website”, with particular reference to your IP address, browser information, the previously visited website together with the date and time of the server request; for purposes of statistical analysis of website use. For this purpose, it is also possible to determine whether various terminals belong to yourself or to your household. This website uses “Google Analytics” with the extension “anonymizeIp()”. Accordingly, IP addresses (in an abbreviated form) are further processed in order to make it substantially difficult to identify any individuals. According to information from “Google”, your IP address is pre-abbreviated within European Union member states. Only in exceptional cases will your full IP address be sent to a “Google” server in the USA, and abbreviated there. On our behalf, “Google” will process this information for purposes of analysing your utilisation of the website, will compile reports for us (concerning website activities) and – if we stipulate this separately – in order to provide us with further services relating to website utilisation. The IP address released by your browser in the context of the above-described purposes is not combined with any other data by “Google”. 61The legal basis for this processing is your consent under Art. 6 Abs. 1 clause 1, subclause (a), GDPR. To some extent, “Google” also processes the data in the USA. When it comes to the transfer of data to the USA, there is no adequacy decision from the EU Commission; the legal basis for forwarding (of data) to the USA is your consent under Article 49, paragraph 1, clause 1, subclause (a), GDPR. Your data in connection with “Google Analytics” will be erased after fourteen months at latest. You can find out more information about data protection with “Google” by visiting: http://www.google.de/intl/de/policies/privacyhttp://www.google.de/intl/de/policies/privacy.

It is possible to revoke your consent for processing and third-party country transfer at any time by resetting the controller under Cookie settings for the consent tool. This does not, as the result of the revocation, affect the legitimacy of processing conducted on the basis of consent before the revocation was applied.

2.4 Marketing

Google Ads Conversion

We use the “Google Ads” service provided by “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001), in order – with the aid of advertising media (formerly referred to as “Google AdWords”) on external websites -- to draw attention to our attractive offers. By consulting the details gathered from advertising campaigns, we can draw conclusions as to how successful individual advertising measures have been. These advertising measures are supplied by “Google” by way of “ad servers”. For that purpose, we use “ad server” cookies which make it possible to measure certain parameters relating to reach measurement, such as the fading in of advertisements or clicks applied by the user. To the extent that you visit our website by way of having selected a “Google” advertisement, a “cookie” will be stored by “Google Ads” on your terminal. By means of “cookies”, “Google” processes the information generated from your terminal, referring to interactions with our own advertising media (calling up a given Internet page or clicking on a promotion/advertisement) and the data are mentioned in the section entitled “Utilisation of our website”, with particular reference to your IP address, browser details, the previously visited website and the date and time of the server request – in order to analyse and to display our advertisements’ reach measurement. For this purpose, it is also possible to determine whether various terminals belong to yourself or to your household. Corresponding to the marketing tool employed, your browser will automatically set up a direct connection with Google’s server. If you are registered with a “Google” service, “Google” is able to attribute the visit to your user account. Even if you are not registered with “Google” and are not logged in, it is possible for the provider to learn of your IP address and to process it. We receive statistical analyses from Google purely in order to gauge the effectiveness of our advertising media. 61The legal basis for this processing is your consent under Art. 6 paragraph 1 clause 1, subclause (a), GDPR. To some extent, “Google” also processes the data in the USA. When it comes to the transfer of data to the USA, there is no adequacy decision from the EU Commission; the legal basis for forwarding (of data) to the USA is your consent under Article 49, paragraph 1, clause 1, subclause (a), GDPR. The storage period with “Google” is a maximum of 24 months. You can find out more information about data protection and the storage period with “Google” by visiting: https://policies.google.com/privacyhttps://policies.google.com/privacy.

Google Ads Remarketing
We use the “Google Ads” service – with the “dynamic remarketing” function provided by “Google” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001). This is a process which we would like to discuss with you again. We are able to use the “dynamic remarketing” function in order to recognise website users from other websites within the “Google” advertising network (in “Google” search or on “YouTube”, “Google Ads” or on other websites) and in order to present them with advertisements tailored to their interests. Such advertisements may also relate to products and services which you have already seen on our website. To that end, there is analysis of users’ interactions with our website, in order to determine, for example, which offers are interesting for users, and in order to make it possible to present targeted advertising to users on other webpages even after they have completed their visit to our own website. When you visit our website, a “cookie” will be stored by “Google Ads” on your terminal. Using cookies, “Google” processes the information generated by your terminal, indicating how our website has been used and indicating interactions with our own website together with the data mentioned in the section entitled “Utilisation of our website”, with particular reference to your IP address, browser details, the website previously visited together with the date and time of the server request, for purposes of running personalised advertisements. For this purpose, it is also possible to determine whether various terminals belong to yourself or to your household. The data logged in the context of “Google Ads” is not merged with data from any other “Google” products. 61The legal basis for this processing is your consent under Art. 6 paragraph 1 clause 1, subclause (a), GDPR. To some extent, “Google” also processes the data in the USA. When it comes to the transfer of data to the USA, there is no adequacy decision from the EU Commission; the legal basis for forwarding (of data) to the USA is your consent under Article 49, paragraph 1, clause 1, subclause (a), GDPR. The storage period with “Google” is a maximum of 24 months. You can find out more information about data protection and the storage period with “Google” by visiting: https://policies.google.com/privacyhttps://policies.google.com/privacy.

SalesViewer® technology
In order to make it possible to align our marketing specifically to potential customers, we use SalesViewer® technology, a web analysis service from providers SalesViewer® GmbH, Bongardstraße 29, 44787 Bochum, email: info@salesviewer.cominfo@salesviewer.com.
SalesViewer® technology employs a JavaScript-based code which fulfils the function of highlighting company-related details and the corresponding utilisation. The data which is gathered by means of this technology is encrypted using a non-reversible one-way function ( “hashing”). The data is directly pseudonymised and is not used in order to achieve personal identification of the users of this website. However, there is identification of the user’s underlying company – to which it is subsequently possible to attribute the corresponding field and the details of the user’s specific actions on the website.
The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (a), GDPR. The data which is logged using SalesViewer® technology is erased after 24 months, at latest.

2.5 External content

Incorporation of Vimeo videos

We use the plugins of "Vimeo" for the integration of videos on our website. "Vimeo" is operated by Vimeo LLC, 555 West 18th Street, New York, New York 10011, USA. By processing data through the plug-ins, we pursue the purpose of integrating visual content ("videos") that we have published on https://www.vimeo.com also on this website. When you call up one of our websites with the "Vimeo" plug-in, a connection is established to the servers of "Vimeo". In this process, the information about which website you have visited is transmitted to the "Vimeo" server. In addition, some personal data such as your IP address is stored. We have set the so-called "Do-Not-Track" mode on Vimeo so that Vimeo does not store any cookies and your user activities are not tracked. The legal basis for the processing is Art. 6 para. 1 p. 1 lit. f) DSGVO. With the processing, we pursue the legitimate interests of making our web offer more attractive and providing you with additional service. "Vimeo" also processes your data on servers in the USA. There is no adequacy decision of the EU Commission for a data transfer to the USA; the legal basis for the transfer to the USA is your consent according to Art. 49 para. 1 p. 1 lit. a) DSGVO. Further information on data protection and the storage period at "Vimeo" can be found at https://vimeo.com/privacy.

Revocation of your consent to processing is possible at any time, either by sending a message to us (cf. you contact details in the section "Person responsible and data protection officer") or by pushing back the slider in the "Advanced settings" of the Consent Tool Cookie settings. In doing so, the lawfulness of the processing carried out on the basis of the consent until the revocation is not affected by the revocation.

2.6 Google Tag Manager

On our website, we use Google’s “Google Tag Manager” (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001). “Google Tag Manager” is a solution which makes it possible to manage website tags and other elements from third-party providers, via an interface.
Firstly, when the website is selected using Google Tag Manager, an HTTP request is sent to Google. Consequently, terminal details and personal data such as your IP address and the details of your browser settings will be sent to Google. We use Google Tag Manager in order to make it easier to carry out electronic communication, since information is transmitted via programming interfaces (amongst other channels) to third-party providers. In Google Tag Manager, the third-party providers’ respective tracking codes are implemented without our having to laboriously change the website’s source code. Rather, incorporation takes place using a container which sets what is referred to as a “placeholder” code in the source code. Furthermore, Google Tag Manager makes it possible to replace users’ data parameters in a defined sequence, especially by the arrangement and systematic organisation of the data packets. Furthermore, your data is individually transmitted to the USA. “Standard contract clauses” have been negotiated with Google in order to assure that a reasonable level of data protection is maintained. Upon request, we will send you a copy of these standard contract clauses. The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (f), GDPR. Our justified interests in processing relate to facilitation and implementation of electronic communication by means of identifying communication transmission points, control options, the exchange of data elements in a defined sequence and the identification of transmission errors. Google Tag Manager does not authorise any data storage. You can find out more information about data protection with “Google” by visiting: http://www.google.de/intl/de/policies/privacyhttp://www.google.de/intl/de/policies/privacy.
You are entitled to file an objection to the processing to the extent that the processing arose under Article 6, paragraph 1, clause 1, subclause (f), GDPR. Your right of objection will be applicable for reasons arising from your particular situation. You can prevent the processing by erasing the history and the website data in your browser software settings, or by opening the employed browser in “private mode”.

Secondly, Google Tag Manager will, for example, install third-party provider tags such as tracking codes, and possibly also counting pixels, on our website. This tool creates the facility for triggering other tags which also detect your data; and we inform you of this fact elsewhere in this Data protection declaration. Google Tag Manager itself analyses neither the terminal information which is detected by the tags, nor users’ personal data. Rather, your data is forwarded to the respective third party provider service for the purposes mentioned in our section on the consent management tool. On our consent management tool, we have set Google Tag Manager so that the triggering of certain third-party provider services in Google Tag Manager is made conditional on your selection in our consent management tool, so that data processing will be triggered only for the third-party provider tags for which you have issued consent. The utilisation of Google Tag Manager is covered by consent for the respective third-party provider service. 61The legal basis for this processing is your consent under Article 6 Paragraph 1 clause 1, subclause (a), GDPR. To some extent, Google also processes the data in the USA. When it comes to the transfer of data to the USA, there is no adequacy decision from the EU Commission; the legal basis for forwarding (of data) to the USA is your consent under Article 49, paragraph 1, clause 1, subclause (a), GDPR. You will find the storage period for your data in the descriptions, as set out below, for individual third-party provider services. You can find out more information about data protection with “Google” by visiting: https://policies.google.com/privacyhttps://policies.google.com/privacy.

3. Making contact with our Company

When you make contact with our Company, either by email or using the contact form on the website, we’ll process the personal data which you have disclosed in order to respond to your enquiry. The only essential details for the processing of enquiries via the contact form on the website will be the disclosure of a valid email address together with your message. At the point in time at which your message is sent to ourselves, furthermore, your IP address and the date and time of the transmission procedure will be processed. The legal basis for this processing is Article 6 paragraph 1 clause 1, subclause (f), GDPR and Article 6, paragraph 1, subclause (b) GDPR, if contact was made for purposes of negotiating a contract. The sole purpose of processing personal data from the input screen is to handle the contact case, and this includes the necessary justified interest in the processing of data. The other data which is processed during the transmission procedure is needed so as to prevent the abuse of the contact form and to ensure the security of our IT systems. No data is forwarded to any third parties in this connection. We will delete the data which arises in this connection once it is no longer necessary for it to be processed, or we will restrict processing as applicable to what is needed so as to adhere to the mandatory, statutory storage obligations applicable at the time.

4. Hosting

We use external hosting services from providers Vimexx BV (Keulenstraat 12, 7418 ET Deventer, Niederlande for purposes of providing the following services: Infrastructure and platform services, computing capacity, memory resources and database services, security services and technical maintenance services. For the above purposes, all data – including the access data described under the section on “Utilisation of our website” – will be processed as required for the operation and utilisation of our website. The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (f), GDPR. Our intention in using external hosting services is to achieve efficient and secure provision of our web content.

5. Cloudflare

In addition, we use the services of the Content Delivery Network (hereinafter "CDN") of Cloud-flare Inc. (101 Townsend St., San Francisco, CA 94107, United States; hereinafter "Cloudflare") on our website for the purpose of faster retrieval of our online offer. When you visit the website, a library from the "CDN" is temporarily stored on your terminal device to prevent the content from being reloaded. Your IP address is transmitted to the provider in the USA. We have concluded a Data Protection Agreement (DPA) with "Cloudflare", according to which the so-called "standard contractual clauses" are also included in order to guarantee an adequate level of data protection. The agreement can be consulted here:
https://www.cloudflare.com/resources/assets/slt3lc6tev37/1M1j5uuFDuLTYiZJJDPBag/770322411bcac7f8bcc350e31b1e8319/Customer_DPA_v.3_1_-_de-de_19_Oct_2020.pdf.

The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (f), GDPR. With the use of "cloudflare" we are pursuing the justified interest of faster retrieval and a more effective and improved presentation of our online offering. Further information on data protection and the storage period for "cloudflare" can be found at: https://www.cloudflare.com/de-de/privacypolicy/.

6. Social Media

We do not use any “social media plug-ins”. At various points on our website, however, we do offer you the option of visiting our presences on social networks such as Facebook, Twitter, LinkedIn, XING and YouTube. If you click on the respective logo or name of a social network, you will be forwarded – via a link – to our corresponding presence.

Before you click on the logos or links – meaning that you will be forwarded to the corresponding social network website – none of your personal data will be forwarded to the social networks. It’s only possible for your personal data to reach the respective social network and be processed by it once you have clicked on the corresponding logo on our website and have been forwarded to the social network’s website. Personal data will be processed in particular once you are logged in to your respective social media account and once the content – associated with your account – has been posted on social networks. Furthermore, though, data – such as your IP address, for example – can also be processed even if you do not have any social media account.
Neither can we exert any influence on the logged data and the data processing procedures, nor are we aware of the full extent of data logging, the purposes for which the processing is conducted and the periods for which the data may come to be stored. Nor do we hold any information concerning the erasure of the logged data on the part of the respective social network.

You should be able to find out more about the purpose and the extent of data logging and of its processing, by consulting the respective network’s data-protection declaration. There, you will also gain further information concerning your entitlements in this connection, and your setting options when it comes to protecting your privacy:

LinkedIn: https://www.linkedin.com/legal/privacy-policy
Facebook: https://de-de.facebook.com/policy.php
Instagram: https://www.facebook.com/help/instagram/155833707900388/
Xing: https://privacy.xing.com/de/datenschutzerklaerung
YouTube: https://policies.google.com/privacy?hl=de&gl=de

II. Customers and suppliers

1. Processing for contractual purposes
We process our customers’ and suppliers’ personal data – and their employees’ corresponding data (for example, the name and contact details of the contact person) -- if and to the extent that this is necessary in order to set up, to establish, to apply and/or to terminate a transaction with our company. The corresponding legal basis for this is to be found under Article 6, paragraph 1, clause 1, subclause (b), GDPR. You will need to provide your data for purposes of negotiating the contract, and you will be under contractual obligation to provide your data. You will not be able to negotiate and/or apply any contract without having provided your data. Once the due purpose has been achieved (e.g. processing of the contract), personal data is blocked from further processing and/or erased, unless we are entitled to conduct further processing under a consent issued by yourself (e.g. consent for processing of your email address so that we can send you our newsletter), a contractual agreement, a legal authorisation (e.g. authorisation to send you “existing customer” advertising) or on the basis of justified interests (e.g. storage for purposes of enforcing claims).
Your personal data is forwarded to third parties to the extent that

this is necessary in order to establish, to operate or to terminate legal transactions with our company (e.g. where data is forwarded to a payment services provider/dispatch firm for purposes of processing a contract with yourself), (refer Article 6, paragraph 1, clause 1, subclause (b), GDPR, or
where this data is needed by a subcontractor or by agents whom we have specifically appointed in order to provide the offers or services you have requested (such providers are entitled to process your data – unless you are specifically informed otherwise– only to the extent required in order to provide the offer or the service) or
an enforceable official order (refer Article 6, paragraph 1, clause 1, subclause (c), GDPR, has been issued, or
an enforceable Court order has been issued (refer Article 6, paragraph 1, clause 1, subclause (c), GDPR, or
if we are legally required to do so by law (refer Article 6, paragraph 1, clause 1, subclause (c), GDPR), or if
the corresponding processing is necessary in order to protect the vital interests of the data subject or of any other individual (refer Article 6, paragraph 1, clause 1, subclause (d), GDPR, or
if this is necessary in order to carry out an action in the Public interest or in the event of one which is imposed by the Authorities on a compulsory basis (refer Article 6, paragraph 1, clause 1, subclause (e), GDPR, or
if we can validly invoke our own overriding, well-founded interests – or those of a third party – with regard to disclosure (refer Article 6, paragraph 1, clause 1, subclause (f), GDPR.

Your personal data will not be forwarded to any further extent to other persons, companies or offices unless you have given valid consent for such forwarding of data. The legal basis for this processing is Article 6, paragraph 1, clause 1, subclause (a), GDPR. In the context of this data-protection briefing concerning the respective processing procedures, we will inform you of the identity of the corresponding recipients of the data.

2. Webshop

On the webpage of shop.ktr.com, we provide a web shop for our customers. For you to use this shop, you will need to authorise the setting-up of a customer account. You can apply to set up your account using the corresponding form on our website. The details you will need to give in order to process your application are as follows:

Company name
Forename and surname,
Postal address and
Email address.

The legal basis for this processing is Article 6 paragraph 1 clause 1, subclause (b), GDPR. You will need to disclose your data, as a necessary and binding condition of negotiating and executing the contract. If you don’t disclose your data, then you will be unable to register, i.e. it will not be possible to negotiate and/or to execute any orders using our web shop. The data will be erased as soon as it is no longer needed in order to achieve the purpose of its processing, or otherwise it will be restricted to the extent of processing needed under statutory storage obligations.

After your enquiry has been successfully processed, we will send you your access data (username and password) either by post or by email, according to your preference.
The following functions are available to you in the log-in area:

Order from KTR catalogue
Order from KTR design programs
Overview of your invoices
View of delivery notes
Track & trace for your consignment
Rapid data-entry mask
Inputting using specific product reference number
Changing your password

We process your data for purposes of enabling the order to go through. The legal basis for this processing is Article 6 paragraph 1 clause 1, subclause (b), GDPR. It’s necessary (and mandatory) for your data to be provided in order for the contract to be negotiated and then completed. If you do not provide your data, then it will not be possible for the contract to be negotiated and/or completed. In order to prevent unauthorised third parties from accessing your personal data, the order procedure is encrypted on the website using SSL technology. We will erase the data arising in this connection once storage is no longer necessary, or otherwise we will restrict processing to the extent required under any mandatory storage obligations. Under mandatory commercial and fiscal regulations, we are obliged to place your address, payment and order details on store for a period of up to 10 years.

3. Email marketing/ Existing customer advertising

We reserve the right to use our customers’ emails as disclosed in the course of our business relationship within the legally permitted framework, in order to email to you (either during or following your order) some items of content as listed below unless you have already objected to this type of processing of your email address:

Product information
Invitations to events, fairs or webinars
News concerning KTR in general

If the sending of electronic information as required for processing of a contract (e.g. emails in an IT related format) should be necessary, the corresponding processing is governed on the legal basis under Article 6, paragraph 1, clause 1, subclause (b), GDPR. You will be under contractual obligation to share your data. If your data is not shared, then it will not be possible to email you any IT format information in the course of executing the contract. If the sending of electronic information is not required for processing of a contract (e.g. emails in an IT related format) is not necessary, then the corresponding processing is governed on a legal basis under Article Article 6, paragraph 1, clause 1, subclause (f), GDPR. Our justified interests in the above-described processing relate to enhancing and optimising our services, our dispatch of direct advertising and the assurance of customer satisfaction. We will delete your data once you have completed your utilisation process, but in any case no later than three years after the contract has terminated.

We would like you to know that you can decline at any time to receive direct advertising and that you can object to processing for purposes of direct advertising without incurring any charges other than the transmission charges according to basic tariffs. In this context, you hold a general right of objection without having to indicate reasons (refer Article 21, paragraph 2, GDPR). Just click on the “unsubscribe” link in the respective email or send us notice of your objection by means of the contact details indicated in the section on “Responsible party/Data manager”.