Skip to main contentSkip to page footer

Data protection

This privacy policy informs you about the processing of personal data in relation to the services we offer on our website at www.kipp-group.de. 

I. General Information 

1. The data controller 

HEINRICH KIPP WERK GmbH & Co. KG 
Heubergstraße 2 
72172 Sulz am Neckar 
Telefon: +49 7454 793-0 
Telefax: +49 7454 793-33 
Internet: www.kipp.com

2. Contact details of the data protection officer 

HEINRICH KIPP WERK GmbH & Co. KG 
Heubergstraße 2 
72172 Sulz am Neckar 
E-Mail: datenschutz@kipp.com

3. Erasure and restriction of personal data 

Unless otherwise provided for in this privacy notice, personal data will be deleted, if the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed and the deletion does not conflict with statutory retention requirements. We will erase personal data processed by us on your request in accordance with the conditions provided in Art. 17 GDPR. If personal data are required for other lawful purposes, they will not be erased, but their processing will be restricted in accordance with Art. 18 GDPR and the data will not be processed for other purposes. This applies, for example, to personal data that must be retained by us for commercial or tax law reasons. 

4. Rights of data subjects 

As a data subject you have the following rights: 

  • Pursuant to Art. 15 GDPR, you may request information about your personal data processed by us. You may also request information regarding the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored or the criteria used to determine that period, the data source (where personal data is not collected from you), the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing; the existence of the right to request rectification or erasure of data concerning you, the right to restrict processing or to object to such processing, the right to lodge a complaint with a supervisory authority. Finally, you have a right to know whether personal data has been transferred to a third country or to an international organization, and, if so, the appropriate safeguards relating to this transfer;
  • Pursuant to Art. 16 GDPR, to demand the immediate rectification of inaccurate personal data and to have incomplete personal data completed which is stored by us;
  • Pursuant to Art. 17 GDPR, to demand the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defense of a legal claim.
  • Pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data if the accuracy of the personal data is contested by you; the processing is unlawful but you oppose the erasure of the personal data and request the restriction of their use instead; we no longer need the personal data for the purposes of the processing but they are required by you for the establishment, exercise or defense of legal claims; you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification of whether our legitimate grounds override your interests;
  • Pursuant to Art. 20 GDPR, to receive your personal data, which you have provided for us, in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller;
  • Pursuant to Art. 21 GDPR, to object to the processing of your personal data on grounds relating to your particular situation, or if you object to processing for direct marketing purposes and the legal basis for processing is our legitimate interests pursuant to Art. 6 (1)(f) GDPR;
  • Pursuant to Art. 7 (3) GDPR, to withdraw your consent given to us at any time. As a result, we are no longer allowed to continue to process the data that was based on this consent in the future;
  • Pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.. 
     

If you wish to assert the data subject rights mentioned above, you can contact us or our privacy officer at any time using the contact details above. 

5. Consent for data transfer to the USA 

We may ask you for your consent in accordance with Art. 49 (1)(a) GDPR as legal basis for data transfers to the USA and/or other third countries. For such consent, the following conditions will apply: 

a. Your personal data may be transferred to a third country or an international organization that does not provide a level of protection that is adequate to European and/or German data protection law. Notwithstanding any permissions according to contract or to applicable law, personal data will be transferred in accordance with the conditions provided in Art. 44 et seq. GDPR. 

This means that for the respective third country, either an adequacy decision by the EU commission according to article 45 GDPR is in place, or appropriate safeguards according to article 46 GDPR have been provided or binding corporate rules according to article 47 GDPR are in place. Further information is provided in explanations of the respective processing operations in this data privacy information. 

b. For some countries, especially the USA, an adequacy decision by the EU commission according to article 45 GDPR does not exist, and it might not be possible to achieve a level of protection that is adequate to the data protection law in the European Union, neither by providing appropriate safeguards according to article 46 GDPR nor by implementing binding corporate rules according to article 47 GDPR. There is a risk that such third countries do not offer an adequate level of protection. It is possible that no data protection authorities and/or principles relating to processing of personal data might exist in such third countries, and/or that the data subject might not be entitled to data protection rights in such third countries. It is possible that there might not be sufficient legal remedies available to you to defend against a violation of your rights in such countries. 

II. Individual processing operations 

1. Cookies 

Our website uses cookies. Cookies are small text files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, PC, etc.) when you visit our website. Cookies do no harm to your device, nor do they contain any viruses or other malicious software. The cookie stores information which is collected in relation to the specific device you are using. However, this does not mean that we become immediately aware of your identity. Cookies are mainly used to make the website more user-friendly, effective and secure. 

We are using Cookiebot for our website. Cookiebot is a service provided by Cybot A/S, Havnegade 39, 1058 Kopenhagen, Dänemark, Tel.: + 45 50 333 777, E-Mail: mail@cookiebot.com, companies’ register no.: DK34624607. 

Cookiebot creates a cookie banner that lists all cookies that are being used for the operation of our website. If necessary, we also use Cookiebot to ask for your consent. For each cookie, the name of the cookie, its purpose, an eventual third-party access and the lifetime of a cookie respectively the timeframe after which a cookie is deleted, is listed. Session cookies will be deleted when you stop using our services respectively when you close the browser session. 

The following information is collected by Cookiebot: 

  • IP address of the requesting computer;
  • Date and time of any given consent;
  • The browser used and the operating system of your computer or device. 
     

After IP addresses are transmitted to Cookiebot, IP addresses are anonymized as soon as technically possible by deleting the last 8 bits of an IPv4 or respectively the last 80 bits of an IPv6 address. Your IP address will not be permanently stored by Cookiebot at any time. These measures are being taken to prevent Cookiebot from relating this information personally to you. 

If you use the form generated by Cookiebot to give your consent that additional cookies may be stored on your device by our website in addition to the essential cookies, Cookiebot creates an individual identifier and stores it on your device. This individual identifier is assigned by Cookiebot to each consent submitted via Cookiebot on our website. The individual identifier is stored in a cookie together with the enumeration of the consent given. If through Cookiebot you permit us to set all cookies, a special individual identifier for this across-the-board consent is stored in the cookie in your browser. The service life of the cookie is one year. From this cookie, our website can read out which cookies we may set on subsequent visits. 

Cookiebot helps us to obtain the necessary consent we require as a legal basis for an appropriate use of cookies on our website. By clicking the activation button in the Cookiebot form, you also consent to the transfer of your personal data to Cookiebot and/or its operator as described herein. Without this transfer, the use of non-essential cookies on our website is not possible. Cookiebot is solely responsible for the processing of your personal data after the transfer to Cookiebot. The legal basis for transfer of your personal data is your consent in accordance with Art. 6 par. 1 lit. a of the GDPR. 
 
The details on how Cookiebot processes the data obtained, as well as general information on Cookiebot, can be found in Cookiebot's privacy policy available at https://www.cookiebot.com/en/privacy-policy/ . 
 
Cookiebot uses Microsoft hosting services to provide its services. Microsoft may also process data on servers in the USA. Microsoft entered into Standard Contractual Clauses to comply with the requirements of the GDPR to legitimately transfer personal data in third countries outside the European Union (EU) or the European Economic Area (EEA). Information about the standard contractual clauses used by Microsoft is available at https://aka.ms/licensingdocs

2. Hosting 

In order to make our website available, we use services provided by hosting companies, such as provision of web servers, disk space, database services, and security or maintenance services. We, and our hosting providers on our behalf, process personal data of website visitors in order to provide efficient and secure access to our website. 

By visiting our website or its individual pages, your device’s internet browser automatically sends information to the server of our website. This information is stored in log files by us or our hosting provider. 
 
The following information is stored: 

  • IP address of the requesting computer;
  • Date and time of access;
  • Name and URL of the requested file;
  • Website from which our site was accessed (referrer URL);
  • The browser used and your computer’s operating system;
  • Status codes and the amount of data transferred;
  • Name of your access providers. 
      

These data will be used for the following purposes: 

  • The provision of our website, including all of its features and contents;
  • To ensure a smooth connection to our website;
  • To ensure a more user-friendly experience on our website;
  • To ensure system security and stability;
  • For anonymized statistical evaluation of website access;
  • website optimization;
  • For disclosure to law enforcement authorities in the event of unlawful interference/attacks on our systems;
  • For further administrative purposes. 
      

These data will be deleted at the latest after 6 months, except it is needed for other purposes, for example for the establishment, exercise or defense of legal claims. 

The legal basis for data processing is Art. 6 (1)(f) GDPR. Our legitimate interest relates to the data collection purposes mentioned above. 

III. Google Services 

Provider of the services below for EU and EEA residents is Google Ireland Limited (Register No: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter “Google“). 

Personal data collected by Google for the provision of the following services may be transferred to servers in third countries outside the EU or the EEA. Google entered into Standard Contractual Clauses to comply with the requirements of the GDPR to legitimately transfer personal data in third countries outside the European Union (EU) or the European Economic Area (EEA). Information about the standard contractual clauses used by Google is available at https://policies.google.com/privacy/frameworks?hl=en&fg=1. Further information on how Google processes the data obtained is provided in the Google privacy policy at https://policies.google.com/privacy?hl=en&fg=1

1. Google services requiring your consent 

The legal basis for the use of the following Google services is your consent in accordance with Art. 6 (1)(a) GDPR. The legal basis for data transfers to the USA is your consent in accordance with Art. 49 (1)(a) GDPR. For such consent to data transfers to third countries outside the EU or the EEA, the conditions according to section II. 6 of this Privacy Policy will apply. 

​​​​​​​​​​​​​​a. Google Analytics 

Our website uses Google Analytics without cookies. Google Analytics collects anonymized information about the visits of website users and analyzes their behavior. This data serves the purpose of developing a user-friendly website design, the continuous optimization of our services and offers, measuring the success of marketing activities and creating statistical analysis. In this context, pseudonymized device profiles are created. Google Analytics collects information such as browser type/version, operating system, referrer URL (the previously visited page), host name of the accessing computer (IP address) and time of server request. None of this information is retrieved from storage on the device you are using or stored on such device. The data collected about your device is anonymized by calculating a “salted” hash value so that assignment to individual users is practically impossible. The information generated is stored on servers owned by Google. Information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. 

You can use our cookie banner to object the storage of cookies in your browser or device. Likewise, you can prevent storage of the cookies by setting your browser or device to reject cookies. If you reject cookies, it is possible that you cannot use all features and services offered on our website. You can also prevent Google from collecting and processing data generated by cookies relating to your use of our website by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de

​​​​​​​​​​​​​​b. Google maps 

Our website uses Google maps provided by Google to display locations, maps, terrain data or geographical maps. Google maps collects your IP address, the pages on our website accessed by you as well as search terms and location data. This collected information is stored on servers in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. if you use Google maps, the additional terms for Google maps available at https://www.google.com/intl/de_de/help/terms_maps/ apply. 

​​​​​​​c. Google Tag Manager 

Our website uses Google Tag Manager in order to manage the website through a single tag management interface. Google Tool Manager only implements tags. This means no cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which may collect data. However, Google Tag Manager does not access this data. If deactivated at the domain or cookie level, it will remain effective for all tracking tags as far as they are implemented with the Google Tag Manager. 

2. Other Google services 

The legal basis for the use of the following services are our legitimate interests according to Art. 6 (1)(f) GDPR. Our legitimate interests are listed below for each service individually. 

​​​​​​​a. reCAPTCHA 

Our website uses Google reCAPTCHA to ensure that the forms provided on our website are used by an actual person and are not abused by bots or automated procedures. We use this service in our legitimate interest in the security of our website and the detection of bot activity. This service collects your IP address and any additional data required by Google for providing the reCAPTCHA service. 

The following information may be processed: 

  • Duration of your session on our website
  • IP address of the requesting computer;
  • Date and time of access;
  • Website from which our site was accessed (referrer URL);
  • The browser used and your computer’s operating system;
  • Cookies
  • Status codes and the transferred amount of data;
  • geolocaliziation. 
     

The collected information about your use of this website is stored on servers in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. 

 
Status: April 2024 


Cookiebot