Privacy notice for visitors, business partners and interested parties
Personal data is required for communication, the provision of information and services and for the purposes associated with the relationship, e.g. name, contact details and function of the data subject.
This is done in accordance with legal provisions, internal regulations and the personal rights of the data subjects.
1. Which data are processed by us?
The following categories of data may be collected and processed:
a. Identification data, e.g. name, gender, company, vehicle license plate number (visitors), special authorizations (truck drivers), video and image data (visits to monitored areas)
b. Addresses and contact data, e.g. postal addresses, e-mail addresses, telephone numbers, organizational data such as company/organization, department, function
c. Authorizations and their use
d. Time recording, e.g. on the premises of GKD or for the provision of services
e. Video/image data, e.g. for monitoring publicly accessible areas of the company premises and certain areas on the company premises. If areas outside our company premises are recorded during video surveillance, these are pixelated and made unrecognizable.
2. For what purpose is data collected and used?
Personal data can generally be used for:
1) Communication, e.g. to clarify questions, exchange information or make appointments
2) for documentation, e.g. of meetings, events and agreements
In relation to GKD business partners, e.g. suppliers, customers, contractors, contractual partners, service providers, personal data may also be used for
3) Processing of transactions, e.g. payment, invoicing and contract management
4) Logistics, e.g. transportation
5) Authorization and identity management for electronic services, including technical support and troubleshooting
6) Administrative communication, e.g. sales promotion or product development
7) Monitoring and controls
In order to comply with existing export and payment restrictions – e.g. companies and individuals are included in various government lists – business partner data can be checked against these lists.
In addition, in cases of suspicion, official investigations and defense against claims, an investigation and, if necessary, the provision of data and documents on the respective case and the persons concerned may be necessary.
In all cases, the internal regulations, the statutory provisions and the personal rights of the data subjects apply.
In relation to visitors and interested parties, personal data may be used for:
8) Identification and access authorization
9) Contacting and providing requested information following trade fairs
10) Provision of information and requested services (e.g. newsletter)
11) Surveillance, property protection, security checks
3. On what legal basis is this?
The legal bases for the processing of your personal data are
– the implementation of contractual, pre-contractual or similar measures in accordance with Art. 6 para. 1 lit. b GDPR
– the fulfillment of legal obligations to which we are subject pursuant to Art. 6 para. 1 lit. c GDPR
– the pursuit of legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR. Our interest then consists in particular in carrying out security checks, ensuring smooth communication with our customers and suppliers and exercising domiciliary rights.
Beyond this, we only use your personal data if you have given us your consent. In such cases, we will request your consent in advance.
4. Data security and processing principles
Appropriate technical and organizational measures for data security are ensured by internal regulations and – if the data is processed by an external service provider – by corresponding contractual agreements.
Various methods are used to ensure data protection and our IT security in the event of various threats (malware, hacker attacks, spam, espionage and theft of intellectual property), e.g. transmitted data is checked for viruses and connection data is analyzed for anomalies. In suspicious cases, relevant documents and connection data can be analyzed.
5. Will your data be passed on?
6. How long will your data be stored?
Personal data is only stored for as long as is necessary to fulfill the respective purpose and to comply with official requirements, usually for the duration of the respective contractual relationship, including any statutory retention period.
In the case of business partners, deletion generally takes place 10 years after the last contact, in the case of other persons, e.g. visitors or subscribers to information/newsletters, 5 years after the last contact or on request.
Recorded video data is generally deleted after 72 hours, but after a maximum of 10 days.
7. Your rights as a “data subject”
You have the right to information about the personal data we process about you. When requesting information, we ask for your understanding that we may require you to provide proof that you are the person you claim to be. Furthermore, you have a right to rectification or erasure or to restriction of processing, insofar as you are legally entitled to do so, you have the right to object to processing within the scope of the statutory provisions, the right to data portability and the right to lodge a complaint with a competent supervisory authority.
8. Responsible person
The controller for the collection, processing and use of your personal data within the meaning of the GDPR is
GKD – Gebr. Kufferath AG
Metallweberstraße 46
52353 Düren
T: 0049 2421 803-0
If you have any questions or concerns in connection with data protection (e.g. correction, deletion or requests for information), please contact our data privacy officer
GKD – Gebr. Kufferath AG
– Data privacy officer –
Metallweberstraße 46
52353 Düren
[email protected]