Data Protection
Our website can generally be used without having to disclose any personal data. Where personal data (such as name, address or email address) are collected on our web pages, this is done on a voluntary basis whenever possible. Without your express consent, these data will not be transferred to third parties. We point out that online data transfers (e.g. when communicating by email) can be subject to security gaps. It is not possible to fully protect your data against third-party access. We hereby expressly prohibit using the contact data published within the framework of our duty to provide a legal notice for sending us unsolicited advertising or information material. In the event that unsolicited promotional information is sent (e.g. by spam emails), the operators of these pages expressly reserve the right to take legal action
1. Definitions
FKT GmbH’s Privacy Policy is based on the definitions used by the European legislator and regulator in adopting the General Data Protection Regulation (GDPR). Our Privacy Policy should be easy to read and understand for both our customers and our business partners. We would therefore like to explain the specific terminology beforehand.
Amongst others, the following terms are used in our Privacy Policy:
a) Personal data
“Personal data” means any information relating to an identified or identifiable natural person (hereinafter referred to as the “data subject”). An identifiable natural person is one who can be identified, either directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
“Data subject” means any identified or identifiable natural person whose personal data are processed by the data controller.
c) Processing
“Processing” means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.
e) Profiling
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
f) Pseudonymisation
“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
g) Controller
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
h) Processor
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
i) Recipient
“Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data within the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients.
j) Third party
“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
k) Consent
“Consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he/she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him/her.
2. Name and address of the controller
Controller according to the General Data Protection Regulation, other data protection laws applicable in the EU member states and further provisions relating to the protection of personal data:
FKT GmbH
Bonvitaweg 1 – 5
53424 Remagen Kripp
Germany
Tel.: +49 2642 90740
E-Mail: info (at) fkt-gmbh.de
Website: fkt-gmbh.de
3. Collection of general data and information
Whenever the website of FKT GmbH is accessed by a data subject or automated system, it collects a series of general data and information. These general data and information are stored in server log files.
The following data and information can be collected:
(1) The used browser types and versions;
(2) The operating system used by the accessing system;
(3) The website from which an accessing system has been referred to our website (so-called referrer);
(4) The sub-pages of our website accessed by an accessing system;
(5) The date and time the website was accessed;
(6) The Internet Protocol address (IP address);
(7) The internet service provider of the accessing system;
(8) Further similar data and information that serve to avert any dangers from attacks on our IT systems.
When using these general data and information, FKT GmbH does not make any conclusions about the data subject. This information is rather necessary for the correct display of our website contents.
4. Registering on our website
The data subject may register on the controller’s website. This process involves the disclosure of personal data. The type of personal data that will be transferred to the controller during this process depends on the respective input mask for registration. The personal data submitted by the data subject will be collected and saved by the controller exclusively for the controller’s own internal purposes. The controller may arrange for these data to be disclosed to one or several processors, e.g. to a parcel service provider. Again, such processors will use these personal data exclusively for internal purposes which are attributable to the controller.
The IP address assigned by the data subject’s internet service provider (ISP) as well as the registration date and time will also be saved when registering on the controller’s website. These data are saved in view of the fact that this is the only way to protect our services against misuse. If necessary, these data can help investigate any offences committed.
In this respect, it is required to store these data for the purpose of protecting the controller. Unless required by law or for law enforcement purposes, these data will not be transferred to third parties.
Data subject registrations based on the voluntary disclosure of personal data help the controller offer the data subject contents or services which, due to their nature, can only be offered to registered users. Registered persons have the possibility to change the personal data submitted during the registration at any time or to have them completely erased from the controller’s database.
Upon request, the controller will inform the data subject about the saved personal data concerning him/her. If requested by the data subject, the controller will rectify or – provided that there are no contradicting statutory retention requirements – erase the personal data. In the event of any related questions, the data subject may always get in touch with any of the controller’s employees.
5. Getting in touch via our website
Due to statutory provisions, FKT GmbH’s website contains information that allows users to contact our company electronically and to get in touch with us directly. This information also includes a general email address. If a data subject contacts the controller by email or using a contact form provided on the website, the data subject’s personal data submitted in this context will be saved automatically. Such personal data submitted by the data subject on a voluntary basis will be used for processing purposes or for getting in touch with the data subject; they will not be forwarded to third parties.
6. Routine erasure and blocking of personal data
Apart from saving and processing the data subject’s personal data for the period of time required for achieving the storage purpose, the controller will also save and process them for the period of time stipulated by any laws and provisions of the European legislator/regulator or another legislature which the controller is subject to.
If it is no longer required to store the data, or if a storage period stipulated by the European legislator/regulator or another legislature expires, the personal data will be blocked or erased as a matter of routine and in compliance with the statutory provisions.
7. Data subject rights
a) Right of confirmation
As stipulated by the European legislator/regulator, every data subject shall have the right to obtain from the controller confirmation as to whether or not data relating to him/her are being processed. If a data subject wishes to make use of his/her right of confirmation, he/she may always get in touch with any of the controller’s employees.
b) Right of access
As stipulated by the European legislator/regulator, every data subject shall have the right to obtain, free of charge, information about his/her personal data as well as a copy thereof. Moreover, the European legislator/regulator has stipulated that data subjects shall have the right to be given access to the following information:
– the processing purposes;
– the categories of the personal data that are being processed;
– the recipients or categories of recipients to whom personal data have been or will be disclosed. This applies in particular where recipients are from third countries or international organisations.
– the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
– the right to have the personal data concerning him/her rectified or deleted or their processing restricted;
– the right to object to the processing;
– the right to file a complaint with a supervisory authority.
Where personal data have not been obtained from the data subject:
– all available information regarding the origin of the data;
– the existence of automated decision-making, including profiling pursuant to Article 22 Sec. 1 and 4 GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
Moreover, the data subject shall be entitled to obtain information as to whether his/her personal data have been transferred to a third country or international organisation. If so, the data subject shall also be entitled to obtain information about the appropriate guarantees given in connection with the transfer. If a data subject wishes to make use of his/her right of access, he/she may always get in touch with any of the controller’s employees.
c) Right to rectification
As stipulated by the European legislator/regulator, every data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him/her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. If a data subject wishes to make use of his/her right to rectification, he/she may always get in touch with any of the controller’s employees.
d) Right to erasure (“right to be forgotten”)
As stipulated by the European legislator/regulator, every data subject shall have the right to obtain from the controller the erasure of personal data concerning him/her without undue delay if any of the following grounds applies:
– the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
– the data subject withdraws consent on which the processing is based according to Art. 6 Sec. 1 lit. a GDPR or Art. 9 Sec. 2 lit. a GDPR, and there is no other legal ground for the processing.
– the data subject objects to the processing pursuant to Art. 21 Sec. 1 GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 Sec. 2 GDPR;
– the personal data have been unlawfully processed;
– the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
– the personal data have been collected in relation to the offer of information society services referred to in Art. 8 Sec. 1 GDPR.
Where one of the aforementioned grounds applies and a data subject wishes to have his/her personal data stored with FKT GmbH erased, he/she may always get in touch with any of the controller’s employees, who will make sure that the request for erasure will be implemented without delay.
Where FKT GmbH has made the personal data public and is obliged to erase the personal data as the controller according to Art. 17 Sec. 1 GDPR, our company, taking into account the available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other controllers which are processing the disclosed personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
e) Right to restriction of processing
As stipulated by the European legislator/regulator, every data subject shall have the right to obtain from the controller restriction of processing if one of the following conditions is met:
– the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
– the processing is unlawful and the data subject rejects the erasure of the personal data and requests their restriction instead;
– the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
– the data subject has objected to processing pursuant to Art. 21 Sec. 1 GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject. Where one of the aforementioned conditions is met and a data subject wishes to have the processing of his/her personal data stored with FKT GmbH restricted, he/she may always get in touch with any of the controller’s employees, who will make sure that the processing will be restricted.
f) Right to data portability
As stipulated by the European legislator/regulator, every data subject shall have the right to receive the personal data concerning him/her, which he/she has provided to a controller, in a structured, commonly used and machine-readable format. Furthermore, the data subject shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been submitted, provided that:
– the processing is based on consent pursuant to Art. 6 Sec. 1 lit. a or Art. 9 Sec. 2 lit. a GDPR or on a contract pursuant to Art. 6 Sec. 1 lit. b GDPR, and the processing is carried out by automated means, provided that the processing is not required for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In exercising his/her right to data portability pursuant to Art. 20 Sec. 1 GDPR, the data subject shall moreover have the right to have the personal data transmitted directly from one controller to another, where this is technically feasible and does not affect the rights and freedoms of other persons.
In order to make use of his/her right to data portability, the data subject may always get in touch with any of the controller’s employees.
g) Right to object
As stipulated by the European legislator/regulator, every data subject shall have the right to object, on grounds relating to his/her particular situation, at any time to the processing of the personal data concerning him/her, where the processing is based on Art. 6 Sec. 1 lit. e or f GDPR. This shall also apply to profiling based on those provisions.
In the event of objection, FKT GmbH will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or unless the processing serves the establishment, exercise or defence of legal claims.
Where FKT GmbH processes personal data for the purpose of direct marketing, the data subject shall have the right to object to the processing of his/her personal data for such promotional purposes. The same applies to profiling, provided that it occurs in connection with such direct marketing activities. If the data subject objects to FKT GmbH’s processing of his/her personal data for direct marketing purposes, FKT GmbH will no longer process the personal data for these purposes.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Art. 89 Sec. 1 GDPR, the data subject, on grounds relating to his or her particular situation, shall have the right to object to the processing of his/her personal data, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
In order to make use of his/her right to objection, the data subject may always get in touch with any of FKT GmbH’s employees or any other employee. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may furthermore exercise his/her right to object by automated means using technical specifications.
h) Automated individual decision-making, including profiling
As stipulated by the European legislator/regulator, every data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or similarly significantly affects him/her, provided that the decision:
(1) is not necessary for entering into, or performance of, a contract between the data subject and the controller;
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or (3) is based on the data subject’s explicit consent.
Where the decision (1) is necessary for entering into, or performance of, a contract between the data subject and the controller or (2) made with the explicit consent of the data subject, FKT GmbH will implement appropriate measures to safeguard the data subject’s rights and freedoms and legitimate interests, which shall at least include the right to obtain human intervention on the part of the controller, to express his/her point of view and to contest the decision.
In order to make use of his/her right relating to automated decision-making, the data subject may always get in touch with any of the controller’s employees.
i) Right to withdraw consent to data processing
As stipulated by the European legislator/regulator, every data subject shall have the right to withdraw his/her consent at any time.
In order to make use of his/her right to withdraw his/her consent, the data subject may always get in touch with any of the controller’s employees.
Legal grounds for processing data
Art. 6 I lit. a GDPR serves as the legal basis for our company’s data processing activities which are subject to consent to a certain processing purpose. Where processing is necessary for performance of a contract to which the data subject is a contracting party, as is the case, for example, with processing activities required for the delivery of goods or the rendering of another service or consideration, processing is based on Art. 6 I lit. b GDPR. The same shall apply to processing activities required for the implementation of pre-contractual measures, for example in case of enquiries concerning our products or services. Where our company is subject to a statutory obligation that requires processing of personal data, as is the case when it comes to compliance with tax obligations, processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data might become necessary to safeguard vital interests of the data subject or another natural person. This would be the case, for example, if a visitor gets injured in our premises, whereupon his/her name, age, health insurance details or other vital information would have to be disclosed to a physician, hospital or another third party. In this case, processing would be based on Art. 6 I lit. d GDPR. Last but not least, processing activities can be based on Art. 6 I lit. f GDPR. This legal basis applies to processing activities that do not fall within the scope of the aforementioned legal bases, where processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject are not overriding. We are entitled to perform such processing activities, because they have been emphasised by the European legislator, who has argued that a legitimate interest can be assumed to exist where the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR).
9. Legitimate interests in data processing pursued by the controller or by a third party
Where personal data processing is based on Art. 6 I lit. f GDPR, our legitimate interest shall be the performance of our business activity in favour of our employees’ and shareholders’ well-being.
10. Period for which the personal data will be stored
The criterion for determining the storage period of personal data shall be the applicable statutory retention period. Upon expiry of this period, the data concerned will be erased as a matter of routine, provided that they are no longer necessary for contract fulfilment or initiation.
11. Statutory or contractual regulations concerning the provision of personal data
Necessity for contract conclusion; obligation of the data subject to provide personal data; possible consequences in case of failure to provide such data
We would like to inform you that the provision of personal data is, to a certain extent, required by law (e.g. tax regulations) or necessary due to contractual regulations (e.g. information about the contracting party). Amongst other things, a data subject might be required to disclose personal data which must subsequently be processed by us. The data subject must disclose personal data, for example, when he/she enters into a contract with our company. Failure to provide personal data would result in the fact that the contract cannot be entered into with the data subject. Prior to disclosing any personal data, the data subject must get in touch with one of our employees. Our employee will inform the data subject, on a case-by-case basis, as to whether the provision of personal data is required by law or by the respective contract or necessary for entering into the contract, as to whether there is any obligation to disclose personal data and about the possible consequences of not disclosing personal data.
12. Existence of automated decision-making
A responsible company, we abstain from automated decision-making or profiling.
This Privacy Policy was drawn up by the privacy policy generator of DGD Deutsche Gesellschaft für Datenschutz GmbH (German Association for Data Protection), which acts as a data protection officer, in cooperation with the data protection solicitors of WILDE BEUGER SOLMECKE | Solicitors.