Data protection declaration
Christoph Kroschke Holding GmbH & Co. KG
As of 22.05.2018
We take the protection of your personal data very seriously. We always treat your personal data in confidence and according to the prescriptions of the General Data Protection Regulation (GDPR) and supplementary German Federal Data Protection Law (Bundesdatenschutzgesetz; BDSG).
If personal data are collected on our site (e.g. name, address or email), this takes place in order to provide functional web pages, content and services. The processing of personal data takes place in accordance with Art. 6 GDPR on the basis of consent, to fulfil a contract, to take steps prior to the agreement of a contract or to fulfil legitimate interests.
In principle, the data collected are not transferred to third parties. To provide certain offers and services, we do, however, make use of the help offered by external service providers, with whom contractual regulations are entered into in order to guarantee the protection of your personal data and your rights as a data subject.
1. What is the entity responsible for data processing and whom can I contact in this regard?
The responsible entity is:
Christoph Kroschke Holding GmbH & Co. KG
You can reach our data protection officer at:
Christoph Kroschke Holding GmbH & Co. KG
Data Protection Officer
2. What sources and data do we use?
We process personal data that we collect from you when you visit our website or which have been received from you in the course of your request and are necessary for its handling.
We process the following personal data in individual areas:
2.1 Use of the websites
When you visit our websites, we process usage data, metadata and communications data such as. device information or anonymised IP addresses of visitors and users of our online presence. We anonymise the IP addresses by removing the final segment so that it can no longer be connected to an individual person.
3. Why do we process your data (purpose of the processing) and based on what legal foundation?
We process your personal data in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Law (Bundesdatenschutzgesetz; BDSG) and further legal prescriptions e.g. for initiation and fulfilment of contracts.
3.1 To fulfil contractual duties (Art. 6 § 1 b GDPR)
The processing of your personal data (Art. 4 § 2 GDPR) takes place in order to fulfil a contract with you or to check the basis for contract initiation.
Queries made using our contact form on this site can be used to carry out pre-contractual measures.
Your information from the contact form, including the contact data you enter there, will be stored by us for the purpose of processing the request and in case subsequent questions arise.
After processing your request, the data will be deleted by us, as long as they no longer need to be retained for reasons of providing proof, continuing to offer customer support or are subject to other relevant legal retention limits.
3.2 In the course of balancing interests (art. 6 § 1 f GDPR)
As far as required, we process your data in order to safeguard the justified interests of ourselves and third parties. The following processing is carried out:
- Mail advertising to give information about the company
- Information about new services, products or significant changes to the web presence
- Information in the interest of your data security with us
- Transferral of the data within the group of companies to guarantee the execution of orders and services or requests within the framework of order placement or contractual initiation
- Evaluation of information on use of the websites:
If you visit one of our websites, it may be the case that we store information on your device (e.g. laptop, tablet, smartphone) in the form of a cookie. Cookies are small text files that are sent from a web server to your browser and are stored on your computer. In the cookie, information is stored that has been created in relation to the specific terminal device used. This does not mean, however, that we receive direct knowledge of your identity in storing it.
This information serves to ensure that we can recognise you when you visit our website again and make navigation easier for you. Cookies allow us, for example, to adjust a website to your interests or save your password so that you don’t have to reenter it on every visit.
If you do not want us to recognise your device automatically, you can set your browser so that you are informed about the storage of cookies and only allow them in individual cases, can exclude them in particular cases or in general and can activate the automatic deletion of cookies when closing the browser. When cookies are deactivated, the functionality of this website can be restricted.
b. Server log files
On every visit to the websites available at www.dad.de, data are automatically collected and processed. The following data are recorded to ensure a frictionless connection to the website, create user statistics about the use of this website, improve the website and ensure system security and stability:
- Date and visit of the URL the visitor is at;
- URL the visitor visited directly prior (referrer URL);
- Browser used;
- Operating system used;
- IP address of the computer making the request.
The data are anonymised by removing the last letters of the IP address.
Only if errors occur in viewing the page are these data stored in a non-anonymised form for 7 days and then automatically deleted.
4. Who receives my data?
Within the company, the departments that need your data to answer queries or fulfil contractual duties receive it.
In addition, your data are transferred within the Kroschke Group to subsidiaries or contracted service providers (“third parties”) to the extent that they are involved in the handling of queries relating to the establishment of contact.
In principle, further data transfer to external recipients outside the Kroschke Group does not take place.
The collection of personal data and its transfer to state institutions and authorities that have a right to it only takes place within the framework of the relevant laws or if we are required to do so by a legal decision. Our employees and the service providers we contract are bound to confidentiality and compliance with our data protection regulations.
5. Are my data sent to a third country or an international organisation?
Data transfer to third countries (states outside the European Economic Area, EEA) can take place through the use of tracking tools such as Google Analytics or those offered by other providers. You can find further information in section 12 of this declaration.
6. How long are my data stored for?
We process and store your personal data for as long as it is required for the fulfilment of our contractual and legal duties.
As soon as the storage of the data is no longer required for the execution of further processes and no legal limits of retention are in place, these data are deleted.
You can find further information on the duration of storage in other processes under point 3.
7. What data protection rights do I have?
You have the following rights under the laws in force:
a. as per Art. 15 GDPR, the right to demand information on the personal data we process. In particular, you are able to receive information about the purposes of the processing; the categories of personal data concerned; the categories of recipient to whom the personal data have been or will be disclosed; the envisaged period of storage; the existence of the right to rectification, erasure or restriction of processing of personal data or to object to such processing; the existence of the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; and the existence of automated decision-making, including profiling, and meaningful information about its details;
b. as per Art. 16 GDPR, the right to rectification of incorrect data or to complete incomplete personal data stored by us;
c. as per Art. 17 GDPR, the right to demand erasure of your personal data stored by us, as long as the processing is not required to exercise the right to free expression and information, to comply with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
d. as per Art. 18 GDPR, the right to demand restriction of processing of your personal data if you contest their accuracy, if processing is unlawful, if you do not wish them to be deleted, or we no longer have need of them but you require them for the establishment, exercise or defence of legal claims, or you have objected as per Art. 21 GDPR to their processing;
e. as per Art. 20 GDPR, you have the right to receive the personal data that you have provided us in a structured, current and machine-readable format or to demand their transfer to another controller;
f. as per Art. 7 § 3 GDPR, the right to withdraw consent once given at any time; this has the result that we will no longer carry out data processing in the future that was legally justified on the basis of this consent; and
g. as per Art. 77 GDPR, the right to object to a regulatory authority. As a rule, you have recourse to the regulatory authority in your ordinary place of abode or work, or your company headquarters.
8. Right to object:
8.1 Right to object on grounds relating to the particular situation
If your data are processed based on legitimate interests as per Art. 6 § 1 f GDPR, you have the right as per Art. 21 GDPR to object to the processing of your personal data as long as you give reasons relating to your particular situation.
If you object, we will no longer process your personal data as long as we are unable to demonstrate compelling grounds for the processing which override your interests, rights and freedoms or if the processing is necessary for the establishment, exercise or defence of legal claims.
8.2 Right to object to processing for direct advertising purposes
In certain cases, we process your personal data to carry out direct advertising. You have the right at any time to object to the processing of your personal data for such purposes. You have a general right to object in this case that will be implemented by us without the need to name a particular situation.
8.3 Recipient of objections
The objection can be directed in any form to:
Christoph Kroschke Holding GmbH & Co. KG
9. Am I obliged to provide data?
In the course of general requests, you only have to provide those data we need to provide the desired service or regarding whose collection we are subject to legal obligations. You provide all further information to us on a voluntary basis. Without provision of the minimum required data, we will as a rule not be able to carry out or process your order / service / request for information / query.
10. To what extent are automated decisions and scoring carried out?
We use no profiling processes with automated decision-making when operating this website.
11. Child and youth protection
In principle, our offer is not intended for persons under the age of 18. Thus, we neither request, collect nor transfer to third parties any personal data from children and young people. Without the approval of parents or guardians, children should not transmit any personal data to us.
12. Web analysis tools / tracking
12.1 Google Analytics
Google is certified under the Privacy Shield agreement and thus offers a guarantee that it will comply with European data protection law:
Google will use this information on our behalf in order to evaluate the use of our online offering by the user, to create reports about activity within this online offering and to provide other services to us connected with the use of this online offering and internet usage. Thereby, pseudonymous user profiles can be created from the data processed.
Google Analytics is configured in such a way that the data recorded are deleted after 14 months.
We only use Google Analytics with IP anonymisation active. That means that the user IP address is truncated by Google within member states of the European Union or in other states subject to the agreements of the EEA. Only in exceptional cases is the entire IP address transferred to a Google server in the USA and truncated there.
The IP address sent from your browser is not collated with other Google data. Users can prevent the storage of cookies by entering suitable settings in their browser; users can also prevent the collection and processing by Google of the data created by the cookie and that related to their use of the online offering by downloading and installing the browser plugin available at the following link:
Further information on Google’s data usage, settings and opportunities to object can be found on Google’s website: https://www.google.com/intl/de/policies/privacy/partners (“How Google uses information from sites or apps that use our services”), http://www.google.com/policies/technologies/ads (Data usage for advertising purposes), http://www.google.de/settings/ads (“Control the information Google uses to show you ads”).
12.2 Google (re-)marketing services
On the basis of our legitimate interests (i.e. our interest in the analysis, optimisation and efficient operation of our online offering in the sense of Art. 6 § 1 f GDPR) we use the marketing and remarketing services (in short “Google Marketing Services”) provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
Google is certified under the Privacy Shield agreement and thus offers a guarantee that it will comply with European data protection law
The Google Marketing Services allow us to display ads for and on our website and only to present to users those ads that potentially accord with their interests. If a user is shown e.g. ads for products they have shown an interest in on other websites, this is referred to as “remarketing”. For this purpose, when our and others’ websites on which Google Marketing Services are active are accessed, a length of code is executed directly by Google and (re)marketing tags (invisible graphics or code also known as “Web Beacons”) are inserted into the website. With their aid, an individual cookie, i.e. a small file, is stored on the user’s device (instead of cookies, similar other technology can also be used). The cookies can be placed by various domains, among them google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file marks which websites the user visits, what content they are interested in and which offers they have clicked on, further technical information on the browser and operating system, referring websites, visit time and other information on the use of the online offering. At the same time, the user’s IP address is captured, a process whereby we can declare within the framework of Google Analytics that the IP address is truncated within member states of the European Union or other states subject to the contractual obligations of the European Economic Area and will only in exceptional cases be sent whole to a Google server in the USA and truncated there. The IP address is not connected with the user’s data within other services provided by Google. The abovementioned information can be connected by Google with such information from other sources. If the user then visits other websites, the ads tailored to their interests can then be shown to them.
The user’s data are pseudonymously processed within the framework of Google Marketing Services. That is, Google does not store and process e.g. the names or email addresses of the users but processes the relevant cookie-related data within a pseudonymous user profile. That is, out of sight of Google, the ads are not managed and shown for a concretely identified person but for the cookie owner, independent of who this cookie owner is. This is not the case if a user has expressly allowed Google to process the data without pseudonymising them. The information collected by Google Marketing Services about the user is transmitted to Google and stored on Google’s servers in the USA.
The Google Marketing Services we use include the online advertising program “Google AdWords”. With Google AdWords, every AdWords customer receives a different “Conversion Cookie”. Using this, cookies cannot be traced over the websites of AdWords customers. The information collected using the cookie serves to create conversion statistics for AdWords customers who have opted for conversion tracking. The AdWords customers find out the total number of users that have clicked on their ad and been redirected to a site containing a conversion tracking tag. They receive no information, however, with which the user can be personally identified.
In addition, we may use the “Google Tag manager” to insert and manage Google analysis and marketing services in our website.
You can find further information on data usage for marketing purposes by Google at the overview page: https://www.google.com/policies/technologies/ads, Google’s data protection declaration is to be found at https://www.google.com/policies/privacy.
If you wish to object to interest-related advertising by Google Marketing Services, you can use the settings and opt-out opportunities provided by Google: http://www.google.com/ads/preferences.
13. Data security
The website is protected through technical and organisational measures against loss and destruction of data, and against access to, alteration and dissemination of your data by unauthorised persons. Within website visits, we use the widespread SSL process (Secure Socket Layer) in connection with the highest level of encryption that your browser supports. As a rule, this is 256 bit encryption. If your browser does not support 256 bit encryption, we will instead have recourse to 128-bit v3 technology. You can recognise whether a site within our internet presence is encrypted by the key or lock symbol being shown in the lower status bar of your browser. Despite regular checks, complete protection against all dangers is not possible. At the same time, our security measures are constantly being improved to match technological developments.