We are very delighted that you have shown interest in our enterprise and our website. Data protection is a particularly high priority for the management of the In a nutshell – kurzgesagt GmbH (“KGS”). The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to KGS. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process.
The legal standards require comprehensive transparency regarding the processing of personal data. Only if the processing is comprehensible to you as the data subject, you are sufficiently informed about the meaning, purpose and scope of the data processing. Below we therefore inform you in detail about the way your data is handled when using this website and your rights regarding your personal data.
Should you have any further questions regarding data protection, please do not hesitate to contact us by e-mail at firstname.lastname@example.org.
- 1. Name and Address of the controller
Controller for the purposes of the GDPR (in particular pursuant to Art. 4 (7) GDPR), other data protection laws applicable in member states of the European Union and other provisions related to data protection is:
In a nutshell – kurzgesagt GmbH
Managing Director Philipp Dettmer
Landwehrstraße 39 – rear building
- 2. Data Protection Officer (DPO)
You can contact the Data Protection Officer (DPO) of KGS at:
LS Sport GmbH
- 3. General information on data processing
The use of the websites of KGS is generally possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary (e.g. contact form, newsletter subscription). If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.
Please note that links and features on our website may take you to other websites which are not operated by us but by third parties (e.g. shop, blog, patreons). Such links are either clearly marked by us or are recognizable by an obvious change in the address line of your web browser. We are not responsible or liable for compliance with the respective data protection regulations and safe handling of your personal data on these websites operated by third parties.
- 4. Processing during the use of the website
The website of KGS collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. The following information is recorded and stored until it is automatically deleted:
- – the browser types and versions used,
- – the operating system used by the accessing system,
- – the website from which an accessing system reaches our website (so-called referrers),
- – the sub-websites,
- – the date and time of access to the Internet site,
- – an Internet protocol address (IP address),
- – the Internet service provider of the accessing system, and
- – any other similar data and information that may be used in the event of attacks on our information technology systems.
When using these general data and information, KGS does not draw any conclusions about the data subject. The mentioned data will be processed by us for the following purposes:
- – deliver the content of our website correctly,
- – optimize the content of our website as well as its advertisement,
- – ensure the long-term viability of our information technology systems and website technology,
- – provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack, and
- – guarantee the smooth running of our shop system,
The legal basis for data processing is mainly Art. 6 (1) (1) (f) GDPR. Our legitimate interest follows from the aforementioned purposes of data collection. Furthermore, Art. 6 (1) (1) (b) GDPR forms the statutory basis for our shop system, as in that case processing is also necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. Therefore, KGS analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject. We do not combine this personal data with other data sources. Disclosure only takes place if it is necessary for the operation of our website, e.g. by storing it with our host provider. A transfer to a third country or to an international organization is not intended.
- 5. Processing by using individual services via our website
Various services are available on our website, where we collect personal data from you if you decide to use them.
- a. Contact form / Contact us by e-mail
If you use the contact form on our website or send us an e-mail, we will process the personal data you provide us. This information is transmitted by your browser or e-mail client and processed in our IT systems. The processing of this personal data is necessary to answer your request. In addition, your IP address and the date and time of the contact request will be stored.
The processing of your personal data serves to answer your request and to prevent abuse of the contact form and to guarantee the security of our IT systems. These processing operations are lawful because the reply to your request and the protection of our IT systems represent legitimate interests within the meaning of Art. 6 (1) (1) (f) GDPR. If a contract is concluded after you have contacted us, the processing is also legal pursuant to Art. 6 (1) (1) (b) GDPR.
The personal data will be processed as long as necessary to respond to your request. Should your request lead to a later conclusion of the contract, processing will take place as long as this is necessary to carry out pre-contractual measures or to fulfil the contract. We do not merge your personal data with other data sources. Your personal data will not be disclosed to third parties. A transfer to a third country or to an international organization is not intended. You are not obliged to provide your personal data, but it is not possible to use the contact form or send an e-mail without providing it.
- b. Newsletter
If you have explicitly given your consent according to Art. 6 (1) (1) (a) GDPR, we will use your e-mail address to send you our newsletter on a regular basis. The input mask used for this purpose determines what personal data are transmitted, as well as when the newsletter is subscribed.
KGS informs its customers and business partners regularly by means of a newsletter about enterprise offers. The enterprise’s newsletter may only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject properly subscribes for the newsletter mailing. A confirmation e-mail will be sent to the e-mail address registered by a data subject for the first time for newsletter mailing, for legal reasons, in the so called double opt-in procedure. This confirmation e-mail is used to prove whether the owner of the e-mail address as the data subject is authorized to receive the newsletter.
During the registration for the newsletter, we also store the IP address of the computer system assigned by the internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.
The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. There will be no transfer of personal data collected by the newsletter service to third parties. The subscription to our newsletter may be terminated or unsubscribed by the data subject at any time. The consent to the storage of personal data, which the data subject has given for the newsletter mailing, may be revoked at any time free of charge. For the purpose of revocation of consent, a corresponding link is found at the bottom of each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on our website, or to communicate this to us in a different way, e.g. by e-mail or mail.
- c. Participation in sweepstakes, competitions or surveys
If you participate in one of our sweepstakes, competitions or surveys (together hereinafter referred to as “Competitions”), we collect and process the personal data that you provide to us as part of your participation and that are necessary for the implementation and completion of the Competitions (regularly your first and last name and your address, where applicable also your date of birth and your e-mail address). The collected personal data of the participants will be used exclusively for the implementation and completion of the Competitions, including any draw/winner selection, notification of the winner and prize shipment. Your personal data may be shared with our authorized distributor in order to ship the prize (regularly to DFTBA Records LLC, 5845 Sandpiper Dr Missoula, MT 59808, USA). The legal basis for this data processing is Art. 6 (1) (1) (b) GDPR.
We only collect and process personal data that is not necessary for the implementation and completion of the Competition if you have given us your express consent to do so. In this case, the legal basis is Art. 6 (1) (1) (a) GDPR.
No later than six (6) months after the end of the competition, all collected data will be deleted in full, unless a longer storage period is required for contractual or statutory reasons. The winners’ data will be stored in accordance with Article 6 (1) (1) (c) GDPR due to retention and documentation obligations under civil, tax and commercial law (from the German Civil Code (BGB), German Commercial Code (HGB), German Criminal Code (StGB) or German Fiscal Code (AO)) in accordance with Section 147 (1) of the German Fiscal Code (AO) for accounting records for 10 years and in accordance with Section 257 (1) of the German Commercial Code (HGB) for business records for 6 years.
- d. Applications and the application procedures
We collect and process the personal data of applicants for the purpose of the processing of the application procedure. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits corresponding application documents by e-mail or by means of a web form on the website to us. If we conclude an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant by us, the application documents will be automatically erased six (6) months after notification of the refusal decision, provided that the applicant has not given consent for a longer storage of the application documents and no other legitimate interests of us are opposed to the erasure. These processing operations are lawful because the reply to your application represent legitimate interests within the meaning of Art. 6 (1) (1) (f) GDPR. Our legitimate interest for the storage of your application for a period of six (6) months is to give us the possibility to defend ourselves against any claims arising from legal provisions (e.g. under the General Equal Treatment Act (AGG)). If a contract is concluded after you have contacted us, the processing is also legal pursuant to Art. 6 (1) (1) (b) GDPR in conjunction with section 26 (2) of the German Federal Data Protection Act.
If you give your express consent, we store your application data above six (6) months (up to two (2) years) after the application process has been concluded for the purpose of adding it to our Talent Pool in order to identify any other vacancies that may be of interest to you. This includes, for example, also applications for apprenticeships or internships. The legal basis for the further storage in our Talent Pool is article 6 (1) (1) (a) of the GDPR in conjunction with section 26 (2) of the German Federal Data Protection Act.
- e. The kurzgesagt shop
Kurzgesagt online-shop is operated by DFTBA (DFTBA Europe B.V., Maaskade 159a, 3071 NR Rotterdam, Netherlands) as an authorized distributor of kurzgesagt. Seller and contractual partner for all purchase contracts concluded via this online shop is DFTBA. Additionally, the shop is hosted on Shopify Inc. They provide us and DFTBA with the online e-commerce platform that allows us to sell our products and services to you. DFTBA acts as its own data controller according to Art. 4 (1) (7) GDPR. In this regard, we refer to the data policy of the kurzgesagt Online-Shop at https://shop-eu.kurzgesagt.org/pages/privacy.
When you create an account on the kurzgesagt online-shop, we receive your e-mail address and information about your order. As an account holder of the kurzgesagt online-shop, you will receive periodic recommendations of kurzgesagt products from us via e-mail. You will receive these product recommendations from us regardless of whether you have also subscribed to a newsletter. In doing so, we use the e-mail address you provided during the purchase process or during your registration process to promote kurzgesagt goods and/or services that are similar to those you have purchased, based on an order you have already placed.
The processing of your personal data for this purpose is based on our legitimate interest in making direct advertising to existing customers which showed by creating an account that they are interested in a permanent business-relationship with us (Art. 6 (1) (f) GDPR). You may object to this product recommendation at any time by notifying our Data Protection Officer LS Sport GmbH via E-mail: email@example.com.
We will process your personal data for this purpose as long as you hold the account or until you object to receiving product recommendations. In addition, we store personal data only for the assertion of or defense against legal claims or as long as legal obligations to store exist.
You may also place orders via the kurzgesagt online-shop without creating an account (shop as a ‘guest’). In this case, we only use your e-mail address for product recommendations etc., if you provided your consent in the course of the order. The processing of your personal data for this purpose is based on your consent (Art. 6 (1) (a) GDPR). You may withdraw your consent at any time by notifying our Data Protection Officer LS Sport GmbH via E-mail: firstname.lastname@example.org. Your withdrawal does not affect the lawfulness of our processing for the time of your existing consent.
- 6. Data transmission
Your personal data will not be transmitted to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:
- 1. you have given your explicit consent pursuant to Art. 6 (1) (1) (a) GDPR,
- 2. the disclosure pursuant to Art. 6 (1) (1) (f) GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection not disclosing your data,
- 3. in the event that a legal obligation exists for the transfer pursuant to Art. 6 (1) (1) (c) GDPR,
- 4. this is legally permissible and required by Art. 6 (1) (1) (b) GDPR for the processing of contractual relationships with you, or
- 5. this is done to a service provider acting on our behalf and on our exclusive instructions, whom we have carefully selected (Art. 28 (1) GDPR) and with whom we have concluded a corresponding contract for order processing (Art. 28 (3) GDPR), which obliges our contractor, among other things, to implement appropriate safety measures and grants us comprehensive control powers.
Transmission to the service providers referred to in point (e) for the purpose of order processing shall take place in the following areas: technical provision and programming of the website, user communication, provision of software as a service.
- 7. Cookies
Many of the Cookies mentioned are technically necessary, as certain website functions would not work without them (e.g. the display of videos). We use these necessary Cookies in accordance with Art. 6 (1) (1) (b) GDPR in order to make our website technically available to you in an appropriate manner. Additionally, necessary Cookies are processed on the legal basis of Art. 6 (1) lit. f DSGVO. We, as the website operator, have a legitimate interest in storing Cookies for the technically error-free and optimized provision of its services.
You can configure your browser so that no Cookies are stored on your computer or a message always appears before a new Cookie is created. The complete deactivation of Cookies can lead to the fact that you cannot use all functions of our website. The following links provide information on this option for the most frequently used browsers:
- – Microsoft Internet-Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
- – Mozilla Firefox: https://support.mozilla.org/de/kb/Cookies-blockieren
- – Google Chrome: https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=de
- – Safari: https://support.apple.com/kb/ph21411?locale=de_DE
a. Cookie consent with Usercentrics
The settings you have made can also be changed by you afterwards or the consents can be completely revoked (see in the following). The purpose of integrating the Usercentrics Consent Management is to allow the users of our websites to decide on the aforementioned matters and, in the course of further use of our websites, to offer the option of changing settings already made.
In the context of using Usercentrics Conset Management, the following personal data will be processed by Usercentrics GmbH:
- – Your consent(s) or revocation of your consent(s)
- – Your IP address
- – Information about your browser
- – Information about your terminal device
- – Time of your visit to the website
The legal basis for the use of Usercentrics Consent Management is Art. 6 (1) (1) (c) GDPR, as this obtains the legally required consents for the use of certain technologies.
b. Cookies that are processed when you give us your consent via Usercentrics Consent Management
You can find an overview of the Cookies we use, information about them and setting options HERE in our Usercentrics Consent Management tool.
There you can also see whether it is a first-party Cookie (played by our server) or third-party Cookie (played by the server of a third party or processor). Further information on data processing by third parties (third-party cookies) can be found in the privacy policies of the respective providers, which are linked in the information in the Usercentrics Consent Management tool.
- 8. Web-Analytics
- a. Google Analytics
If you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. The data controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).
Scope of processing
The anonymisation of IP addresses is activated by default. Due to IP anonymisation, your IP address will be shortened by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your website visit, your user behaviour is recorded in the form of “events”. Events can be:
- – Page views
- – First visit to website
- – start of session
- – Your “click path”, interaction with the website
- – Scrolls (whenever a user scrolls to the bottom of the page (90%))
- – Clicks on external links
- – Internal search queries
- – Interaction with videos
- – file downloads
- – ads senn / clicked on
- – language setting
It also records:
- – Your approximate location (region)
- – Your IP address (in abbreviated form)
- – Technical information about your browser and the terminal devices you use (e.g. language setting, screen resolution)
- – your internet service provider
- – the referrer URL (via which website/advertising medium you came to this website)
- – Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor according to Art. 28 DSGVO)
- – Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
- – Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
Purposes of the processing
On behalf of KGS, Google will use this information for the purpose of evaluating your anonymous use of the website and compiling reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website.
Recipients of the data are/could be
It cannot be entirely ruled out that US authorities may access the data stored by Google.
Third country transfer
Where data is processed outside the EU/EEA and there is no level of data protection equivalent to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not have any legal remedies against access by authorities.
The data sent by us and linked to cookies are automatically deleted after 14 months. Data for which the storage period has been reached is automatically deleted once a month.
The legal basis for this data processing is your consent in accordance with Art. 6 (1) (1) (a) GDPR.
You can revoke your consent at any time with effect for the future by calling up the cookie settings HERE and changing your selection there.
The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.
- b. Google Web Fonts
When visiting our website, so-called web fonts are downloaded for the uniform display of fonts. This content is provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). When accessing our website, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. To do this, the browser you are using must connect to Google’s servers. This gives Google knowledge that our website has been accessed via your IP address.
Google Web Fonts are used for the purpose of uniform and appealing presentation of our website. Data transmission to the USA is no longer based on the former EU-US Data Protection Shield which is why we ask you for your explicit consent to transfer your personal data to the USA or we make use of the Standard Contractual Clauses (SCC) in place with our US partners or store data on servers located within the EU. If your browser does not support web fonts or you deactivate this function, no data transfer takes place.
For more information about Google Web Fonts, visit https://developers.google.com/fonts/.
- c. Google reCAPTCHA
On our website we are using Google reCAPTCHA (“reCAPTCHA”). This content is provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). reCAPTCHA is a free service that protects our website from spam and abuse. It uses advanced risk analysis techniques to tell humans and bots apart. With the new API, a significant number of our valid human users will pass the reCAPTCHA challenge without having to solve a CAPTCHA.
reCAPTCHA is used to prevent abuse of the contact form and to guarantee the security of our IT systems of our website. Data transmission to the USA is no longer based on the former EU-US Data Protection Shield which is why we ask you for your explicit consent to transfer your personal data to the USA or we make use of the Standard Contractual Clauses (SCC) in place with our US partners or store data on servers located within the EU. If your browser does not support Google reCAPTCHA or you deactivate this function, no data transfer takes place.
For more information about Google reCAPTCHA, visit https://developers.google.com/recaptcha/.
- d. Newsletter-Tracking
The newsletter of KGS contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, KGS may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.
Such personal data collected in the tracking pixels contained in the newsletters are stored and analyzed by us in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. The legal basis is Art. 6 (1) (1) (a) GDPR. These personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, these personal data will be deleted by us. KGS automatically regards a withdrawal from the receipt of the newsletter as a revocation.
- e. Facebook Retargeting
We also use cookie-based tracking tools by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland on our websites that allow us to provide you with a more personalized and interactive web experience by advertising on your social media channels (in particular, so-called “Facebook Retargeting”) if you give us your express consent to do so.
In order to be able to use the tools of the aforementioned provider, we integrate a so-called tracking pixel into our website. Such tracking pixels are transparent, pixel-sized images with tracking function, which in turn load a small library of tracking functions. These functions allow us to track your activities on our website, such as the URLs and domains you have visited, the devices you have used, and most importantly, advertising conversions. Advertising conversions, or conversion rate, is a metric that allows us to measure the success of our advertising activities. For example, the conversion rate describes the percentage of visitors to our websites who show interest in our products after interacting with our advertising. The advertising conversion rates are based on the cookies set by the aforementioned provider and enable us to compare our website visitors with the corresponding user accounts on the social media platforms by the aforementioned provider.
The legal basis for this data processing is your consent in accordance with Art. 6 (1) (1) (a) GDPR. You can revoke your consent at any time with effect for the future by calling up the cookie settings HERE and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.
More information about the tool we use can be found under https://developers.facebook.com/docs/meta-pixel/get-started#base-code. Additional information on data processing by Facebook/Meta can be found https://www.facebook.com/policy.php.
- 9. Integration of social media
On the basis of Art. 6 (1) (1) (f) GDPR based on our legitimate interest in providing up-to-date information and interaction with our target groups we operate our own social network channels on YouTube, Twitter, Facebook, Instagram, Patreon, Reddit, Bēhance, Discord and LinkedIn.
On the basis of Art. 6 (1) (1) (a) GDPR we may also use the social networks YouTube, Twitter, Facebook, Instagram, Patreon, Reddit, Bēhance, Discord and Linkedin on our website in order to make our website better known and to interact with our target groups. Responsibility for the data protection-compliant operation of these services is guaranteed by the respective provider. We integrate these services exclusively via a link so that visitors to our website have the best possible control over their personal data.
These social networks are operated exclusively by third parties, some of whom have their register office outside the E.U. or the EEA – there may therefore be no adequate level of data protection in accordance with the GDPR. If we act as joint controller with the respective social network, we will conclude a corresponding agreement with the respective social network in accordance with Art. 26 GDPR.
The browser plug-ins and links on our website are identified by logos or other references. To ensure data protection on our website, we only use these plugins in connection with the so-called “Shariff” solution. This application prevents the plugins integrated on our website from transmitting data to the respective provider when you first enter the page. Only when you activate the respective plugin by clicking the associated button, a direct connection to the provider’s server is established (consent). As soon as you activate the plugin, the respective provider receives the information that you have visited our site with your IP address. Activating the plugin constitutes consent within the meaning of Art. 6 (1) (1) (a) GDPR. You can revoke this consent at any time with effect for the future. If you are logged in to the social network via your personal user account or during your visit to our website, your visit to our website will be assigned to your account. By interacting with browser plug-ins or links, e.g. by pressing a “like” button or leaving a comment, this information is transmitted to the respective social network and stored there. The allocation of the data to your account can therefore be prevented on the one hand by logging out of your account (of the respective social network) before visiting our website. On the other hand, you can also completely prevent the loading of the respective plug-ins with an add-on for your browser, e.g. with the script blocker “NoScript” (http://noscript.net/).
The purpose and scope of data collection through social networks as well as the further processing and use of your data and your rights and setting options for the protection of your privacy can be found in the respective data protection information of the operators:
Provider: Google LLC, Amphitheater Parkway, Mountain View, CA 94043, USA
Provider: Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA
Provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Provider: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Provider: Patreon Inc., 230 9th Street, San Francisco, CA 94103, USA
Provider: Reddit, Inc., 548 Market St. #16093, San Francisco, CA 94104, USA
Provider: Behance HQ, 532 Broadway (at Spring St), New York City, NY 10012, USA
Provider: Discord Inc., 444 De Haro Street #200, San Francisco, CA 94107, USA
Provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
- 10. Use of user-generated content (“UGC”)
Most of the aforementioned social networks used by us allow users to post their own content. If you give us your express consent to do so, we will process your user-generated content, possibly in connection with your name or username on the respective social network, by sharing or posting it on our social network channels or using it to promote our products, especially on our social network channels. The legal basis for this data processing is Art. 6 (1) (1) (a) GDPR. You can revoke this consent at any time with effect for the future.
We will delete or restrict the processing of your personal data connected with your user-generated content as soon as the data is no longer necessary to the purposes for which they were processed and/or we have no further legitimate interest in continuing the processing. Please note, however, that we cannot carry out deletion within the respective social network; see the privacy policies of the respective providers listed above.
- 11. Rights of affected persons
- 1. Right of access, Art. 15 GDPR
You shall request confirmation, whether KGS is processing your personal data. KGS shall require proof of identity in accordance with its security procedures, before disclosing information. We shall provide you with the following information without undue delay, at the latest within one month:
- – the purposes of the processing,
- – the categories of personal data concerned,
- – the recipients or categories of recipient to whom the personal data have been or will be disclosed,
- – the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period,
- – the right of rectification or erasure of personal data or restriction of processing of personal data or to object to such processing,
- – the right to lodge a complaint with a supervisory authority,
- – where the personal data are not collected from the data subject, any available information as to their source,
- – the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you,
- – where personal data are transferred to a third country or to an international organization: information of the appropriate safeguards relating to the transfer.
At any time, you shall request information under the contact details mentioned (by e-mail or regular mail) free of charge. There are no other costs than the postage or usual transmission costs. We provide you with a copy of all data processed by us in a common electronic format (e.g. PDF, DOC, RTF, etc.). The processing of inquiries can be refused if they are offensive/annoying, endanger the personal rights of others, are extremely impracticable or otherwise if the provision of information is not provided for under the respective legal system. If we refuse to provide you with information, you will be informed of the reasons for this refusal.
- 2. Right to rectification, Art. 16 GDPR
You shall have the right to obtain without undue delay the rectification of inaccurate personal data. Furthermore, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement (by e-mail or regular mail).
If you contest the accuracy of the personal data, we are obliged to restrict the processing of the respective data (“restriction”). The restriction continues until we have determined whether the respective data is correct or incorrect.
- 3. Right to restriction of processing, Art. 18 GDPR
You shall have the right to obtain restriction of processing where one of the following applies:
- – the accuracy of the personal data is contested (see sec. 10 (b)),
- – the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead,
- – the KGSno longer needs the personal data for the purposes of the processing, but they are required for the establishment, exercise or defense of legal claims,
- – you objected to processing pursuant to sec. 10 (d) (Article 21(1) GDPR) pending the verification which legitimate grounds override.
For the duration of the restriction, personal data may only be processed with your consent, with the exception of storage. Consent may be refused. For the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest, the data can be processed without consent. We will inform you before the restriction of processing is lifted.
- 4. Right to erasure (“right to be forgotten”), Art. 17 GDPR
You shall have the right to obtain the erasure of personal data without undue delay where the personal data are no longer necessary in relation to the purposes for which they were processed. The same applies, where you withdraw consent, and where there is no other legal ground for the processing. You also can object to the processing. The personal data have to be erased if they have been unlawfully processed or for compliance with a legal obligation in European Union or Member State law.
You shall have a right to access (see sec. 10 (a)). You can request the erasure by e-mail or regular mail from us under the contact details mentioned in sec. 1. There are no further costs than the usual postage or transmission costs.
If KGS has published personal data, it will also inform third parties about the request for erasure.
The right to erasure shall not apply to the extent that processing is necessary for exercising the right of freedom of expression and information, or for reasons of public interest in the area of public health. There is also no obligation to erasure for compliance with a legal obligation which requires processing by Union or Member State law or for the performance of a task carried out in the public interest. Also, there shall be no erasure for the establishment, exercise or defense of legal claims. As well as for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, if it is likely to render impossible or seriously impair the achievement of the objectives of that processing.
- 5. Right to data portability, Art. 20 GDPR
You shall have the right to receive the personal data, which you have provided to KGS, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller, e.g. by a direct download. We shall not interfere with data transmission. You can request data transmission by e-mail or regular mail. There are no further costs than the usual postage or transmission costs. We shall process your application without undue delay, at the latest within one month after receipt of the application. In case of rejection, you shall receive a reason.
- 6. Right to object, Art. 21 GDPR
You shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data. KGS shall no longer process the personal data unless there is a real threat of serious harm. Where you object to processing for direct marketing purposes (e-mail advertising), the personal data shall no longer be processed for such purposes. You can object by e-mail or regular mail. There are no further costs than the usual postage or transmission costs. We shall process your application without undue delay, at the latest within one month after receipt of the application. In case of rejection, you shall receive a reason.
- 7. Right to lodge a complaint with a supervisory board, Art. 77 GDPR
You shall have the right to lodge a complaint with a supervisory authority, if you consider that the processing of personal data infringes the provisions of GDPR. In case of KGS:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Phone: +49 (0) 981 180093-0
- 12. Routine erasure and blocking of personal data
We process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to. The criteria used to determine the period of storage of personal data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
- 13. Profiling / Automatic decision-making
As a responsible company, we do not use profiling or automatic decision-making.
- 14. Data Security
We use the most common SSL (Secure Socket Layer) method in connection with the highest level of encryption supported by your browser. Usually this is a 256 bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. Whether a single page of our website is transmitted in encrypted form is indicated by the closed display of the key or lock symbol in the lower status bar of your browser.
As the controller, KGS has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.
- 15. Changes of Terms and Conditions
Version: May 2022