We are pleased about your visit to our website. Hereinafter, we wish to inform you about handling you data according to Article 13 of the EU General Data Protection Regulation (GDPR).
When you use this website, various personal data are collected.
The following information will explain which data we are processing and for what, i.e. for which purpose this is provided.
Responsible for data processing here presented is the entity designated in the legal information.
When you visit our pages, your browser will automatically transmit certain information to us. These ”use data” are temporarily stored on our web server and analysed for statistical purposes in so-called server log files. We use them on the basis of Article 6, paragraph 1, sentence 1 letter f of the GDPR so that we can improve the quality of our websites – especially for the stability and security of the connection.
Such a data record comprises:
IP address of the inquiring computer which is truncated such that any personal identification is no longer possible
Moreover, in terms of security purposes of our web server we strictly store, for the specific purpose, the complete (non-truncated) IP address transmitted by your browser for the duration of seven days. This is done on the basis of Article 6 paragraph 1 sentence 1 letter f of the GDPR and in the interest of being able to detect, limit and eliminate attacks on our websites. After expiration of that period of time, we will delete or anonymise the IP address.
In turn, in order to protect your data as comprehensively as possible against any undesirable access, we will take technical and organisational measures. Our websites use TLS encoding to ensure safe connections in the transmission of contents. You will recognise this, as a rule, when your browser shows, in the status bar, the closed lock symbol and if the address line begins with https://.
On our websites, we are using cookies which are required for using our websites. Cookies are small text files which are stored on your terminal equipment and can be read out.
Most of the cookies we use are so-called “session cookies”; they will be automatically deleted after the end of your visit. Other cookies (so-called “permanent cookies”) remain stored on your terminal equipment until you delete them yourself. These cookies enable us to recognise you or your browser when you return to our site for another visit. We do not use these required cookies for analysis or tracking purposes, i.e. they do not collect any information about you for advertising purposes, nor do they store which individual sites you visited.
In parts, cookies merely comprise information regarding specific settings and cannot be related to an individual person. They may also be necessary to enable user guidance, security and implementation of the website. We use all these required cookies on the basis of Article 6 paragraph 1 sentence 1 letter f GDPR.
You can set your browser such that it will inform you about the placement of cookies. The use of cookies will thus become transparent for you. Moreover, you may delete cookies at any time via the corresponding adjustment of your browser and prevent any setting of new cookies. Please note that our websites can then possibly not be shown correctly and that some functions are technically no longer available.
Provider
Purpose
Storage duration
Reasonable data protection level
OneTrust
Provision of our content management
systems
1 year
Processing only within
EU/EEA
Borlabs
Stores the settings of visitors who had been selected in the cookie box by Borlabs Cookie.
1 year
Processing only within
EU/EEA
In order to tailor our website to our users’ needs, we create pseudonymous usage profiles using web analysis tools provided by third-party vendors. To this end, we use cross-device tracking technologies so that you can be shown targeted advertising on other internet sites based on your visit to our website, and to help us ascertain the effectiveness of our marketing activities.
As part of our web analyses, the following vendors act as processors for us within the definition of Art. 28 GDPR:
The data processing performed here may take place outside of the EU or the EEA (for details, see ‘Issue and withdrawal of consent’). This arrangement enables us to commission the third-party vendors to display advertising based on our webpages as visited by you.
When you visit our website, third-party vendors will, on our behalf, collect certain identifying characteristics for your browser or device (such as a “browser fingerprint”), analyse your IP address, store or evaluate identifying characteristics on your device (e.g. permanent cookies), or gain access to individual tracking pixels.
If a third-party vendor creates a defined characteristic specifically for your laptop, desktop PC, smartphone, or tablet, for example, this allows our third-party vendors to match these individual characteristics to one another. This enables our third-party vendors to strategically manage our advertising campaigns, even across a number of devices.
In addition, the information may also be used by the third-party providers under their own responsibility for their own purposes (e.g. for profiling or linking to your own user accounts) as soon as you use a service of the third-party provider with your login data. We ourselves have no influence on the individual purposes and scope of this data processing (further information on this can be found on the websites of the individual providers; for Google Analytics, see https://business.safety.google/privacy/). If you log in to the third-party provider with your own user data, the respective recognition features of different browsers and end devices can be linked with each other.
With regard to Google LLC, an adequate level of data protection is ensured by the corresponding participation in the EU-U.S. Data Privacy Framework ("DPF") in accordance with Art. 45 para. 1 GDPR.
With regard to the other third-party providers used, no adequate level of data protection can be assumed due to processing in the USA (and possibly other third countries) due to lack of participation in the DPF. There is a risk that authorities may access the data for security and monitoring purposes without you being informed or being able to take legal action. Please bear this in mind if you decide to give your consent to our use for web analysis.
Your data will then be processed on the basis of your consent, provided that you have given it via our banner. The transfer to a third country then takes place on the basis of Art. 49 para. 1 lit. a GDPR.
You can revoke your consent at any time. To do so, please follow this link and make the appropriate settings via our banner.
You have the opportunity to contact us via our contact form. In order to use our contact form, we will need from you, first of all, the data marked as mandatory fields. Moreover, you may decide on your own whether you want to provide us with additional information. Such information will be voluntary and are not absolutely mandatory for establishing our contact.
Processing of the data entered in the contact form is based on Article 6 paragraph 1, sentence 1, letter b of the GDPR in so far as it concerns a concrete query about an assignment or an order transaction, as well as on the basis of Article 6, paragraph 1, sentence 1, letter f of the GDPR for all other, generally positioned queries.
Your data are only processed for answering your enquiry. We will delete your data if they are no longer required and if deletion is not barred by any statutory rentention periods.
As far as your transmitted data are processed on the basis of Article 6, paragraph 1, sentence 1, letter f of the GDPR, you may object to the processing at any time. Moreover, you may revoke, at any time, your consent to processing the voluntary information. In this respect, please use the email address indicated in Legal information.
On our websites, we embed videos which are not stored on our servers. So that the accessing of our websites with embedded videos does not automatically result in contents by the third-party provider being reloaded, we will only show, in a first step, locally saved preview images of the videos. The third-party provider will thus not obtain any information.
Only by clicking on the preview image, you will give us your consent, and contents by the third-party provider will be reloaded. The third-party provider will thereby receive not only the information that you accessed our site, but also the use data technically required within this scope. In addition, the third-party provider will then be able to implement tracking technologies, i.e. directly assign your surfing habits to your personal profile when you are logged in by your account with the provider. We have no influence on any further data processing there.
Embedding is provided on the basis of your consent if you had given it by clicking on the preview image or via our banner. Please note that embedding many videos will result in your data being processed outside of the EU or the EEA. in some countries, there will be the risk that the authorities access the data for security and monitoring purposes without you being informed or without you being able to lodge an appeal. As far as we use providers in unsafe third countries and you consent, the transmission to an unsafe third country will be effected on the basis of Article 49, paragraph 1, letter of the GDPR.
Provider
Maximum storage duration
Reasonable data protection level
Revocation of consent
YouTube / Google (USA)
No reasonable data protection level. The transmission is effected on the basis of Article 49, paragraph 1, letter a of the GDPR.
If you clicked on a preview image, the contents of the third-party provider are immediately reloaded. If you do not wish such reloading on other pages/sites, please do no longer click on the preview images.
Matterport (USA)
No reasonable data protection level. The transmission is effected on the basis of Article 49, paragraph 1, letter a of the GDPR.
If you clicked on a preview image, the contents of the third-party provider are immediately reloaded. If you do not wish such reloading on other pages/sites, please do no longer click on the preview images.
Vimeo (USA)
No reasonable data protection level. The transmission is effected on the basis of Article 49, paragraph 1, letter a of the GDPR.
If you clicked on a preview image, the contents of the third-party provider are immediately reloaded. If you do not wish such reloading on other pages/sites, please do no longer click on the preview images.
Further information on the use of data by Google can be found at https://business.safety.google/privacy/
On our websites, we embed map services which are not stored on our servers. So that accessing our websites with embedded map services does not automatically result in contents by third-party providers being reloaded, we only show, in a first step, locally saved preview images of the maps. The third-party provider will thus not obtain any information.
Only by clicking on the preview image, you will give us your consent, and contents by the third-party provider will be reloaded. The third-party provider will thereby receive not only the information that you accessed our site, but also the use data technically required within this scope. We have no influence on any further data processing by the third party provider. By clicking on the preview image, you give us your consent to reload contents by the third-party provider.
Embedding is provided on the basis of your consent if you had given it beforehand by clicking on the preview image or via our banner.
Please note that embedding of some map services will result in your data being processed outside the EU or the EEA. in some countries, there will be the risk that the authorities access the data for security and monitoring purposes without you being informed or without you being able to lodge an appeal. As far as we use providers in unsafe third countries and you consent to it, the transmission to an unsafe third country will be effected on the basis of Article 49, paragraph 1, letter of the GDPR.
Provider
Maximum storage duration
Reasonable data protection level
Revocation of consent
Google LLC
(USA)
No reasonable data protection level. The transmission is effected on the basis of Article 49, paragraph 1, letter a of the GDPR.
If you clicked on a preview image, the contents of the third-party provider are immediately reloaded. If you do not wish such reloading on other pages/sites, please do no longer click on the preview images.
OpenStreetMap
Processing within the UK;
Adequacy decision pursuant to Art. 45 (1) GDPR
If you clicked on a preview image, the contents of the third-party provider are immediately reloaded. If you do not wish such reloading on other pages/sites, please do no longer click on the preview images.
Mapbox (USA)
Participation in the EU-U.S. Data Privacy Framework ("DPF") pursuant to Art. 45 (1) GDPR
If you clicked on a preview image, the contents of the third-party provider are immediately reloaded. If you do not wish such reloading on other pages/sites, please do no longer click on the preview images.
Further information on the use of data by Google can be found at https://business.safety.google/privacy/
In order to protect our websites from automated queries, we use a so-called captcha by the provider Google Ireland Limited – a company affiliated with Google LLC. (U.S.A.) – (in short: Google). Within the scope of the captcha function, user input made and possibly also mouse movements will be used to determine whether entries made come from humans or from an automated programme (a so-called bot).
Since the function is provided by a third-party provider, indication of the captcha brings about that contents by the third-party provider are reloaded. The third-party provider will thereby receive not only the information that you accessed our site, but also the use data technically required within this scope. We have principally no influence on any further data processing by the third party provider.
In this respect, data processing can also be effected outside the EU or the EEA by Google LLC (USA) and is effected overall on the basis of your consent if you had provided it via our banner. Transmission to a third country will then be on the basis of Article 49, paragraph 1, letter a GDPR.
If you would like to subscribe to the newsletter we offer on the website, we need from you an email address along with information that will enable us to verify that you are the owner of the entered email address and are in agreement with the receipt of the newsletter. We use these data exclusively to send the requested information and do not transfer them to any third parties other than our service provider (see below).
The newsletter will only be mailed if you had given us your explicit consent. Following completed subscription on our websites, you will receive a confirmation email to your indicated email (so-called double opt-in). You may revoke your consent at any time. You will receive an uncomplicated possibility for revocation e.g. via the link to unsubscribe provided in each newsletter.
For mailing the newsletters, we are using as provider the Sendinblue GmbH, Köpenicker Strasse 126, 10179 Berlin, which enable us the analysis of the behaviour of recipients of our newsletter. In this respect, it can be evaluated, among other things, how many recipients opened the newsletter and how many time which link in the newsletter had been clicked on. Furthermore, by means of the so-called conversion tracking can be analysed if – after clicking on the link in the newsletter – there had been any predefined action (e.g. purchase of a product on our website). Please find further information regarding data analysis by the provider: https://de.sendinblue.com/datenschutz-uebersicht/ . If you do not want any analysis by Sendinblue, you have to unsubscribe the newsletter (see above) .
Within the scope of the newsletter subscription, we store further data – over and above those already indicated – if they are required for us to prove that you subscribed to our newsletter. This may comprise storage of the complete IP address at the time of subscription or confirmation of the newsletter, as well as a copy of the confirmation mail sent by us. Corresponding data processing is effected on the basis of Article 6, paragraph 1, sentence 1, letter f of the GDPR in the interest of being able to give an account of the legitimacy of the newsletter mailing.
For the uniform presentation of our websites, we use external fonts (so-called web fonts) made available by the providers indicated below. When a page is accessed, your browser loads the required fonts automatically into its storage to correctly display texts and fonts.
The third-party provider will thereby receive not only the information that you accessed our site, but also the use data technically required within this scope. We have no influence on any further data processing by the third party provider.
Data processing is effected on the basis of your consent if you had given it beforehand via our banner.
Please note that the use of third-party contents and functions may result in your data being processed outside the EU or the EEA. In some countries, there will be the risk that the authorities access the data for security and monitoring purposes without you being informed or without you being able to lodge an appeal. As far as we use providers in unsafe third countries and you consent to it, the transmission to an unsafe third country will be effected on the basis of Article 49, paragraph 1, letter a of the GDPR.
Provider
Technical function or content
Maximum storage period, if necessary
Transmission into third-party states according to information by the provider and securing a reasonable data protection level
Google LLC (USA)
JQuery (Java Script Library)
No reasonable data protection level The transmission is effected on the basis of Article 49, paragraph 1, letter a of the GDPR.
OpenStreetMap
FontAwesome (Web Fonts)
No reasonable data protection level The transmission is effected on the basis of Article 49, paragraph 1, letter a of the GDPR.
Mapbox (USA)
Google Fonts
No reasonable data protection level The transmission is effected on the basis of Article 49, paragraph 1, letter a of the GDPR.
Within the scope of order processing pursuant to Article 28 of the GDPR, we further transmit your data to service providers supporting us in the operation of our websites and the connected processes (e.g. Hosting service providers). Our service providers are strictly bound to us, by our instructions and correspondingly liable by our contract.
In the following, we will name the processors we collaborate with, unless we had already provided them in the above text of the Privacy Statement. Should data be transmitted to the outside of the EU or EEA within this scope, we will provide information on the reasonable data protection level.
Processor
Purpose
Reasonable data protection level
V-LAB ONE GmbH & Co. KG (Germany)
Support
Processing only within the EU/EEA
Webflow Inc (USA)
Webhosting
Participation in the EU-U.S. Data Privacy Framework ("DPF") pursuant to Art. 45 (1) GDPR
DigitalOcean LLC (USA)
Web hosting for the dealer search
Participation in the EU-U.S. Data Privacy Framework ("DPF") pursuant to Art. 45 (1) GDPR
Regarding the processing of your personal data, the GDPR will grant you certain rights as the data subject:
Right of access (Article 15 GDPR)
You have the right to obtain free of charge information about your personal data that have been stored, their origin and recipients, and the purpose of data processing as well as the information listed in detail in Article 15 of the GDPR.
Right to rectification (Article 16 GDPR)
You have the right to demand that personal data concerning you are erased without undue delay if one of the reasons applies which are listed in detail in Article 17 GDPR, e.g. if the data are no longer used for the predetermined purposes.
Right to erasure (Art. 17 GDPR)
You have the right to demand that personal data concerning you are erased without undue delay if one of the reasons applies which are listed in detail in Article 17 GDPR, e.g. if the data are no longer used for the predetermined purposes.
Right to restriction of processing (Article 18 GDPR)
You have the right to demand restriction of processing if any of the prerequisites listed in Article 18 GDPR is given, .e.g. If you entered an objection to the processing and this is currently examined by the persons responsible.
Right to data portability (Article 20 GDPR)
In certain cases listed in detail in Article 20 GDPR, you have the right to demand that you obtain the personal data concerning you in a structured, commonly used and machine-readable format, or demand the transmission of these data to a third party, e.g. if you created a user account yourself on our website.
Right of withdrawal (Art 7 GDPR)
If processing of data is effected on the basis of your consent, you are entitled – according to Article 7, paragraph 3 of the GDPR – to withdraw your consent regarding the use of your personal data at any time. Please note that the withdrawal is effective only for the future. Any processing done before the withdrawal will not be affected thereby.
Right to object (Article 21 GDPR)
If data are collected on the basis of Article 6, paragraph 1, sentence 1, letter f of the GDPR (data processing for the protection of legitimate interests) or on the basis of Article 6, paragraph 1, sentence 1, letter e of the GDPR (data processing for the protection of public interest or in the exercise of official authority), you are entitled – for reasons resulting from your special situation – to object to the processing at any time. We will then no longer process the personal data, unless there are demonstrably compelling legitimate grounds for processing which override your interests, rights and freedoms, or if processing serves the establishment, exercise or defence of legal claims.
Right to lodge a complaint with a supervisory authority (Article 77 GDPR)
Pursuant to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of the data relating to you infringes data protection regulations. The right to lodge a complaint may be asserted in particular with the supervisory authority of your habitual residence or our domicile (Die Landesbeauftragte für den Datenschutz [The State Officer for Data Protection] Niedersachsen [Lower Saxony], Prinzenstraße 5, 30159 Hannover, phone: +49 (0) 511 -120-4500, fax: +49(0)511-120-4599, email: poststelle@lfd.niedersachsen.de).
Assertion of your rights
Unless otherwise described above, please contact the entity designated in the Legal Information.
Our data protection officer will be happy to provide you with information on the subject of data protection using the following contact details:
Kesseböhmer Holding KG
Daniel Güntner
Mindener Straße 208
49152 Bad Essen
E-mail: datenschutz@kesseboehmer.de
If you contact our data protection officer, please also indicate the responsible body named in the imprint.