Data protection

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this data protection declaration. On this website, personal data is only collected and processed to the extent necessary. The following declaration gives you an overview of how we guarantee this protection and what kind of data is collected for what purpose.

Name and address of the controller

Controller in accordance with the General Data Protection Regulation (“GDPR”):

Kermi GmbH
Pankofen-Bahnhof 1
94447 Plattling

E-mail: info@kermi.de
Phone: +49 9931 501-0

Data protection officer

Statutory data protection officer:

Kermi GmbH
Data protection officer
Pankofen-Bahnhof 1
94447 Plattling

E-mail: datenschutz@kermi.de
Phone: +49 9931 501-4286
www.kermi.com

Every data subject can contact our data protection officer directly any time with any questions or suggestions regarding data protection.

 

1. Personal data

Various personal data is collected when you use this website. Personal data is data with which you can be personally identified. In your case, this could be your name, your email address or your telephone number, for example.

2. Children

Children (up to the age of 18) should not transmit any personal data to us without the consent of their parents or guardian. We encourage all parents and guardians to instruct their children in the safe and responsible use of personal data on the internet. In any case, we will not knowingly collect or in any way use personal data from children or disclose it to third parties.

3. Collection and processing of personal data

a) When you are visiting our website

When you visit our website, we process the data which your browser automatically transfers to us. This data includes your IP address, the time of the server request, the browser type and browser version, the operating system used, the referrer URL, and the host name of the accessing computer. We only process personal data concerning the use of our website to the extent necessary to allow the user to use of the service.

Such data is only collected and processed for internal, statistical purposes. The basis for data processing is processing data to fulfil a contract or pre-contractual measures. Further basis for data processing is our a legitimate interest in processing the data in order to ensure the stability and security of the website.

In some cases we also use cookies. Cookies are small text files that are stored on your computer and saved by your browser. Our Internet pages use cookies in several places. They make our website more user-friendly, effective, and secure. Most of the cookies we use are so-called “session cookies”. They are automatically deleted after your visit. Cookies do not cause any harm to your computer or contain viruses. We have a legitimate interest in storing cookies for technically error-free and optimised provision of the services our website provides.

How can I prevent cookies being saved?

If you wish to block cookies, you can change your browser settings accordingly. Here you will find the instructions for setting cookies in the most important browsers:

• Internet Explorer
• Chrome
• Safari
• Safari (mobile version)
• Firefox
• Blackberry
• Android 
• Opera

Blocking cookies means that no information about device or browsing behaviour is stored when visiting our website. Blocking cookies will affect the functionality of our website. It may mean that you cannot use all functions and services that we can offer you.

Other cookies that are stored (e.g. cookies for analysing your browsing behaviour) are treated separately in this data protection declaration.

b) When you register on our website

You can register on our website (e.g. specialist retailer log-in) to be able to use additional functions on the site. We only use this data entered for the purpose of using the respective offer or service you have registered for. Any mandatory information requested during registration must be entered completely. Otherwise, your registration will be rejected.

We will inform you of important changes, such as changes concerning the scope of our offer or if technical changes should become necessary via the email address you provided during registration.

The data entered during registration will be processed on the basis of your consent. You can withdraw your consent at any time. To do this, simply send an informal message by email to datenschutz@kermi.de. The lawfulness of any data processing already carried out remains unaffected by your consent being withdrawn.

The data collected during registration will be stored by us in the CRM in Germany as long as you are registered on our website and will be deleted afterwards. Legal retention periods remain unaffected.

c) When using a contact form / sending an email

If you send us an email or fill in the contact form, the data you have submitted voluntarily (e.g. title, first name, surname, telephone number, company name) will only be used for correspondence with you. Otherwise, we would explicitly point this out to you and request your consent.

Please refrain from transmitting confidential information by email, as communication this way does not use a secure data connection. The contacts are stored in the inboxes of the respective email addresses. The Arbonia Group email infrastructure is hosted in Switzerland and Germany.

Your personal data will be processed on the basis of your consent. You can withdraw this consent at any time. To do this, simply send an informal message by email to datenschutz@kermi.de. The lawfulness of any data processing transactions already carried out before consent is withdrawn remains unaffected by your consent being withdrawn.

The data entered by you in the contact form will be retained by us until you either request us to delete the data, withdraw your consent for storage, or if the purpose for the storage of the data no longer applies (e.g. after processing your request has been completed). Legal retention periods remain unaffected.

d) Processing customer and contract data

We collect, process and use personal data to the extent that it is necessary to establish, define the content of, or change a legal relationship, to manage customers and customer relationships, and to conduct the company’s sales and marketing activities.

We process such personal data to enable us to process transactions, execute sales activities, process deliveries, provide customer services, for invoicing, and to establish contact with customers in the context of contract execution, marketing, and in other ways to maintain customer relations. We may also use personal data to handle incidents and claims and to provide support requested by customers.

The personal data comes directly from the customer or has been collected by us in connection with their use of products and services. Personal data may also be obtained from public registers and other reliable external sources. Processing personal data is necessary for the provision of services under the purchase contracts to which the client company is a party. Furthermore, processing personal data is necessary for the legitimate interests pursued by us within the scope of the company’s business objectives.

Our customer data is saved in a CRM system (salesforce.com Germany GmbH, Erika-Mann-Strasse 31, DE-80636 Munich, Germany) that is hosted in Germany. After completion of the order or termination of the business relationship, the customer data collected will be deleted. Legal retention periods remain unaffected.

In general, we use the personal data exclusively for internal business purposes and do not transfer the data to external parties. Companies in the Arbonia Group may gain access to and process personal data to the extent necessary to fulfil the above-mentioned purposes. We only transfer personal data to third parties outside of the Arbonia Group of companies if this is necessary within the context of execution of the contract, for example to the company entrusted with the delivery of the goods or the bank entrusted with payment processing. The data will not be transmitted further or only after you have explicitly consented to the transmission. Any transmission of personal data will be carried out in accordance with the applicable data protection laws and when appropriate contractual, technical, and organisational measures are in place.

e) Data processing during the job application process

We collect and process the personal data of applicants for the purpose of handling the application process. If an employment contract is concluded with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with statutory provisions.

If no employment contract is concluded with the applicant, the application documents will automatically be deleted six months after the decision of rejection has been announced, provided that the controller has no other legitimate interests that prevent the deletion. Processing personal data for the above-mentioned purposes is carried out on the basis of consent, or on the basis of a legitimate interest of the data controller opposing the deletion.

We may cooperate with other companies in the Arbonia Group and other third-party data processing agents (e.g. IT service providers). Any transmission of personal data will be carried out in accordance with the applicable data protection laws and where appropriate contractual, technical, and organisational measures are in place.

Personal data is predominantly saved in Germany, Switzerland, and the Czech Republic.

Notes regarding rexx:

This website uses the services of the company rexx systems GmbH, headquarters: Süderstrasse 75–79, 20097 Hamburg, Germany (“rexx”). The Swiss subsidiary, rexx systems Schweiz AG, is based at Sparrenbergstrasse 5, 8103 Zurich. After input and transmission, your data may be transferred directly via an encrypted connection to the servers of rexx, which stores the encrypted data exclusively on the server in the data centre of Host Europe GmbH (located in Cologne). If this is the case, all data is encrypted based on the SSL procedure. If you log in after your registration with the user data provided, the SSL encryption procedure will also be used for this

The transmission of personal data will take place in accordance with the applicable data protection laws and when appropriate contractual, technical, and organisational measures are in place. Both the controller and the provider use technical and organisational security measures to protect your collected data against accidental or intentional manipulation, loss, destruction, or against access by unauthorised persons. Our security measures are continuously being improved in line with technological developments.

Notes regarding Matoma (formerly Piwik) web analysis:

Our website uses the functions of the web analysis service Piwik Webanalyse in the context of the application process. Piwik Webanalyse uses cookies that are stored on your computer and that allow your use of the website to be analysed. For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymised before it is stored. Piwik web analysis cookies will remain on your computer until you delete them.

The use of Piwik web analysis cookies is based on our legitimate interest. We have a legitimate interest in anonymous analysis of user behaviour in order to optimise both our website and our advertising.

The information generated by the cookie about the use of this website will not be passed on to third parties. As already mentioned in this data protection declaration, you can prevent cookies being stored on your computer with a corresponding setting in your browser software. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

If you do not agree to the storage and use of your data, you can prohibit the storage and use for the future by setting an opt-out cookie when using the job board by selecting the corresponding function. The deletion of your cookies will result in the Piwik web analysis opt-out cookie also being deleted. The opt-out cookie has to be re-activated prior to a new visit to our site.

f) Data processing for the delivery of newsletters and mailings

If you subscribe to one of the newsletters offered on the website, the data provided when registering for the newsletter or mailing will only be used for sending the newsletter, unless you agree to further use. You agree that we may also transfer this personal data to other Arbonia Group companies and that other Arbonia Group companies may also process this data for the same purpose and that we may send you newsletters about the entire range of services of Arbonia Group companies. We will not pass your personal data on to any third party outside of the Arbonia Group companies.

If you subscribe to an email newsletter that requires personal information, you will receive a confirmation email to the email address you have provided. The registration is only completed after the link included in this email is clicked. The data is processed exclusively on the basis of your consent. You can withdraw your consent to the storage of the data, the email address, as well as their use for sending the newsletter at any time via the unsubscribe option provided in the newsletter. The lawfulness of any data processing transactions already carried out remains unaffected by your consent being withdrawn.

Data provided by you when subscribing to a newsletter will be stored by us in our CRM system in Germany until you unsubscribe from the newsletter and will be deleted after you have unsubscribed from the newsletter. Data stored by us for another purpose or based on other consent (e.g. email addresses for another newsletter, or for additional functions on the web page) remain unaffected by this.

Newsletter – Performance measurement

The newsletter contains a so-called “web-beacon”, i.e. a pixel-sized file that is retrieved from our server when the newsletter is opened or from the server of our distribution service provider if we use one. These servers are in the EU. When this retrieval takes place, technical information is collected initially, such as information on the browser and your system, as well as your IP address and the time of retrieval.

This information is used for the technical improvement of the service based on technical data, target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened, and what links are clicked on. This information can be matched to individual newsletter recipients for technical reasons. It is, however, neither our intention, nor that of the distribution service provider, if used, to monitor individual users. In fact, we actually use the analyses to detect the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

Unfortunately, it is not possible to separately withdraw authorisation for performance measurement; in this case you have to unsubscribe from the whole newsletter subscription.

Newsletter – mailing

We use the Account Engagement tool of the service provider Salesforce (salesforce.com Germany GmbH, Erika-Mann-Strasse 31, DE-80636 Munich, Germany) to send our newsletter and for the associated processing of the above-mentioned data. We would also like to point out that we evaluate your user behaviour when sending the newsletter. We use Account Engagement for this. We use the analyses to detect the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users. You can read more about this in our Cookie data protection declaration.

4. Analysis of usage data and use of analysis tools

Our aim is to tailor the contents of our website as precisely as possible to your interests and in this way improve our offer for you. We use various web analysis services for this demand-oriented design and to continuously optimise our website. Declarations on these analysis tools – find out more in our Cookie data protection declaration. 

5. Passing on personal data and data processing by third parties

As a matter of principle, we treat your personal data as confidential and only pass it on if you have consented to this, if we are legally obliged or entitled to do so, or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship.

We also disclose your personal data to third parties to the extent that this is necessary or expedient in the context of the use of the website or for the possible provision of the services requested by you (also outside the website).

The legal regulations regarding passing on personal data to third parties are of course complied with. Where we use order processors to provide our services, we take appropriate legal precautions and technical and organisational measures to ensure that your data is protected in accordance with the relevant legal requirements.

If the level of data protection in a country where the data is processed does not comply with the applicable data protection regulations, we will contractually ensure that the protection of your personal data is equivalent to that in Switzerland or the EU/EEA at all times, for example by including the EU standard contractual clauses.

If data is exchanged within the Group, we ensure that your data is protected by means of appropriate contracts and in compliance with the applicable data protection regulations.

6. Services or third-party content on our website

We offer third-party services and/or content on our website. If you use such third-party services or if third-party content is displayed, then communication data is exchanged between you and the respective provider for technical reasons. We do not monitor the websites nor the data protection practices of the third parties who manage these websites. Accordingly, this data protection declaration does not apply to pages or services of third parties we provide a link to.

The respective service or content provider can also collect additional data and use it for their own other purposes. To the best of our knowledge, we have configured the services and content of providers who process data for their own purposes so that either the communication for other purposes than for presenting the services or content on our website is blocked or that personal data can only be collected if you have decided to use the respective service. However, as we have no control over the data that is collected and processed by third parties, we are not able to provide binding information on the scope and purpose of such processing of your data by the respective third party.

a) Website links

We provide links referring to pages of third parties to optimise the information you are provided with on our website. As they are websites of other providers, we do not have any influence on the contents that the provider is exclusively responsible for. Accordingly, this data protection declaration does not apply to third-party pages we have provided a link to.

b) Tools

Our website uses the functions of different tools to increase the functionality of our website.

Notes regarding Google Web Fonts

Our website uses the “Web Fonts” function provided by Google to ensure uniform display of fonts. When you access a page, your browser loads the required web fonts to your browser cache to display texts and fonts correctly. For this purpose, your browser connects to Google’s servers. This will inform Google that your IP address has been used to access our website.

The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This represents a legitimate interest. If your browser does not support Web Fonts, your computer uses a default font.

The provider of these functions is: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. More information about how Google handles user data is available in Google’s Privacy Policy.

Notes regarding Google Maps

Our website uses functions of the map service Google Maps. Your IP address needs to be stored for you to be able to use Google Maps functions. This information can be transmitted to a Google server in the USA, where it is stored. We do not have any influence on this data transmission process.

Google Maps is used in the interest of presenting of our online offers in an appealing way and making it easy to find the places mentioned by us on the website. This represents a legitimate interest.

The provider of these functions is: Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. We have concluded an order data processing agreement with Google. More information about how Google handles user data is available in Google’s Privacy Policy.

c) Social plug-ins

Our website uses functions of various social plug-ins (ׅ“buttons”) from social media platforms such as Facebook, Google+, LinkedIn, and X. Social media (e.g. Facebook, X, Instagram, Pinterest, Youtube, or LinkedIn) enable users of these social media platforms to create links on their social media profiles to then store them or share them with their social media contacts.

When you visit our website, the buttons for such social media platforms are disabled by default. No data is sent to the respective social networks without your intervention. To be able to use these buttons, you have to activate them by clicking on them. They will then remain activated until you deactivate them.

Once activated, a direct connection is made to the server of the respective social network. The content of the button is then transmitted directly from the social network to your browser and integrated into the website. After activating a button, the social network can retrieve data, whether you interact with the button or not. If you are logged into a social network, the network can associate your visit to the site with your user account.

If you are a user of a social network and do not want it to combine data from your visit to our website with your user data, you must log out of the respective social network before activating the buttons.

We do not have any influence on the scope of data collected by social networks via their buttons. The privacy policies of the social networks provide information about the purpose and extent of the data they collect, how that data is processed and used, the rights available to you, and the settings you can use to protect your privacy. For further information on the scope and purpose of such collection and processing of your data, please refer to the data protection information of the providers whose services and/or contents we hold responsible for the protection of your data in this context.

Notes regarding Facebook plug-ins (Like & Share button)

Our website uses functions of the social network Facebook. You can recognize the Facebook plug-ins by the Facebook logo or the “Like” button on our site. When you visit our website and log into Facebook, the plug-in establishes a direct connection between your browser and the Facebook server. This provides Facebook with the information that you have visited our site with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the contents of our pages on your Facebook profile. This allows Facebook to link the visit to our pages with your user account. You can prevent this by logging out of your Facebook account. We point out that we have no knowledge of the content of the transmitted data and its use by Facebook.

These functions are provided by: Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA. You will find further information on how Facebook handles user data in the Facebook Privacy Policy.

Notes regarding Instagram

Our website uses functions of the service Instagram. If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your account with your visit to our web page. We point out that we have no knowledge of the content of the transmitted data and its use by Instagram.

These functions are provided by: Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. You will find further information on how Instagram handles user data in the Instagram Privacy Policy.

Notes regarding Pinterest

Our website uses functions of the social network Pinterest. If you visit one of our websites equipped with a Pinterest plug-in and are logged into Pinterest, a connection to Pinterest’s servers is established. Protocol data (your IP address, the address of the visited websites, which also contain Pinterest functions, type and settings of the browser, date and time of the request, your use of Pinterest) can be transmitted to the Pinterest server in the USA by the plug-in. We point out that we have no knowledge of the content of the transmitted data and its use by Pinterest.

This plug-in is operated by Pinterest Inc., 808 Brannan Street, San Francisco, CA 94103-490, USA. More information about how Pinterest handles user data is available in Pinterest’s Privacy Policy.

7. Deletion of personal data

Providing we do not specify any particular retention periods in this data protection declaration, these general rules apply:

As a general rule, your data will be deleted as soon as it is no longer necessary for the intended purposes or if you withdraw your consent or object to its use for legitimate reasons. Beyond this point in time, data will only be stored if this is necessary according to legal regulations which we are subject to (e.g. tax and commercial law regulations) or if data is needed to establish, exercise, or defend against legal rights.

8. Data security

We take technical and organisational security precautions to protect your personal data against manipulation, loss, destruction, or against access by unauthorised persons and to ensure the protection of your rights and compliance with applicable data protection regulations.

The measures taken are designed to ensure the confidentiality and integrity of your data and to ensure the availability and resilience of our systems and services in processing your data on an ongoing basis. They are also designed to ensure the rapid restoration of the availability of your data and access to you in the event of a physical or technical incident.

Our data processing and our security measures are continuously being improved in line with technological developments.

We also take our own internal data protection very seriously. Our employees and the service companies we deploy are obliged to maintain confidentiality and to comply with the provisions of data protection law. They are also only granted access to personal data to the extent necessary.

9. Your rights

In the following, we set out what rights you have in relation to your personal data. Please note that data protection regulations and practices are subject to change. It is therefore advisable and necessary to keep abreast of changes in legal provisions and company practice.

Rights of information and rectification

You can obtain information about your data stored by us at any time without giving reasons at datenschutz@kermi.de. You also have the right to request the correction of your incorrect personal data and, if necessary, the completion of incomplete personal data in our systems.

Rights to restricting processing

You can request the restriction of the processing of personal data concerning you via datenschutz@kermi.de. Where processing personal data relating to you has been restricted, such data may only be processed – apart from being stored – with your consent or to establish, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest.

Right of deletion

You have the right to request via datenschutz@kermi.de that your personal data be deleted, e.g. if the data is no longer required for the purposes pursued. However, if we are obliged to retain your personal data for legal or contractual retention reasons, we can only restrict or block your personal data in these cases to the extent necessary.

Right to be informed

If you have asserted the right to rectification, erasure or restriction of processing against us, you have the right to be informed via datenschutz@kermi.de about the recipients to whom your personal data has been disclosed by us.

Right to data transfer

You have the right via datenschutz@kermi.de to receive your personal data, which we process automatically on the basis of your consent or for the performance of a contract, in a structured, common and machine-readable format, or to request the transfer of this data to a third party. If you request direct transfer of the data to another controller, this will only be done insofar as this is technically feasible.

Right to object

You have the option to object to the data collection and storage presented in the privacy policy. You can withdraw your consent to data collection and use at any time in future, without stating reasons, at datenschutz@kermi.de.

Right of appeal

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data concerning you infringes applicable data protection laws.

10. Amendment to the data protection declaration

This data protection declaration may be subject to amendments, for example due to amendments in the law or changes in processing. We therefore ask you to read this page regularly.

11. Contact

Your trust is important to us. So we would like to be available to answer your questions regarding processing your personal data at any time. If you have any questions that are not answered by this privacy statement, or if you would like more detailed information on any point, please contact us via email at datenschutz@kermi.de.

Date: September 2023