Privacy policy
Christoph Kroschke Holding GmbH & Co. KG

Version: 30.07.2020

We take the protection of your personal data very seriously. We always treat your personal data as confidential and according to the data protection regulations of the European General Data Protection Regulation (GDPR) as well as the Federal Data Protection Act (BDSG).

To the extent that personal data (for instance name, address or email address) is collected on our site, this occurs in order to provide you with a working website along with our content and services. The processing of personal data generally occurs in line with Art. 6 GDPR on the basis of your consent, to implement a contract, to take steps prior to entering into a contract or to pursue legitimate interests.

The data collected will not be transferred to third parties as a rule. However, to handle specific offers, services and responsibilities we will engage external service providers to assist us, with whom contractual agreements will be concluded to guarantee the protection of your personal data and rights as a data subject.

 

1. Who is the controller for data processing and whom can I contact?

The controller is:

Christoph Kroschke Holding GmbH & Co. KG
Ladestraße 1
22926 Ahrensburg

Tel.: +49-4102-804-0

In case of questions regarding the collection, processing or use of your personal data, to obtain information, rectification, restriction or erasure of data as well as to withdraw consent or object against a particular data processing operation, please contact directly:

Christoph Kroschke Holding GmbH & Co. KG
Data Protection Officer
Alexander Bugl
Sedanstraße 7
93055 Regensburg

E-Mail: datenschutz[at]kroschke.de
Tel.: +49-941 / 630 49 789

 

2. What sources and data do we use?

We process personal data that we collect from you when you visit our website or when you place an order in our online shop if this is necessary in order to deliver or carry out the order goods/services.

Insofar as this is necessary for order handling, we also process personal data that we obtain legally from service providers for the management of services, or from other third parties (such as payment transactions providers like PayPal or credit card companies to select a permitted payment method in the online shop).

We process the following relevant personal data in individual areas:

 

2.1 Use of the websites

For visits to our website, we process usage data, meta data and communication data such as device information or the anonymised IP addresses of visitors and users of our website. We anonymise IP addresses by removing the last segment, making it impossible to identify you personally.

 

2.2 Online shop

For visits to our website, we process usage data, meta data and communication data such as device information or the anonymised IP addresses of visitors and users of our website. We anonymise IP addresses by removing the last segment, making it impossible to identify you personally.

 

2.3 Newsletter

For newsletter registration, we only require your email address. You can provide us with other information such as your name for more personalised communication.

 

3. Why do we process your data (purpose of processing) and on what legal basis?

We process your personal data in line with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG) as well as other legal regulations, for instance to initiate and implement a contract.

 

3.1 To fulfil contractual duties (Art. 6 § 1 b GDPR)

The processing of your personal data (Art. 4 § 2 GDPR) occurs to fulfil a contract with you or to review whether to establish a contract.
Enquiries made via our contact form on the website can be used to take steps prior to entering into a contract.

Your details from the request form, including the contact details you provide, will be stored in order to handle the enquiry and in case follow-up questions arise.
After processing your enquiry, we will delete the data unless we are required to store it for a longer period of time for reasons of providing evidence, ongoing customer support or relevant statutory retention obligations.

 

3.2 Based on legitimate interests (art. 6 § 1 f GDPR)

As far as necessary, we will continue to process your personal data after the fulfilment of the contract in order to pursue our own legitimate interests or the interests of third parties. The following processing will be carried out:

  • The use of specific payment methods in the online shop (direct debit, credit card) will be handled by a service provider. In the context of these services, the service provider may carry out a prior credit check for fraud prevention. The service is offered by the following providers:
    • First Data GmbH to handle direct debit payments and credit card payments
      For detailed information regarding the use of your data, please consult the information provided by the given provider.
  • In case of payment default, transfer of customer and payment data to the collection agencies engaged by the controller.
  • Mail advertising for information about new products or promotions (special prizes, etc.).
  • If you have consented to email advertising in the online shop, to send emails with information about new products or promotions.
  • Information regarding new developments in the consent process or significant changes to our shop or website.
  • Information concerning the security of your data with us.
  • Transmission of data within the company group to ensure handling of orders and services when placing an order.
  • Use of cookies when using the website. You can find more details in our Cookies Policy.
  • Server log files:
    Automatic data is collected and processed during every visit to the website accessible at www.kroschke.de. The following data is collected for the purpose of ensuring a proper connection to the website, generating visitor statistics about website use, improving the website and ensuring system security and stability:
    • Date and visit of the URL the visitor is at;
    • URL the visitor visited directly prior (referrer URL);
    • Browser used;
    • Operating system used;
    • IP address of the computer making the request.

The data will be anonymised by removing the last digits of the IP address.

Only in case of errors when loading the website, this data will be stored without anonymisation for 7 days and then automatically deleted.

 

3.3 Based on your consent (art. 6 § 1 f GDPR)

If you would like to receive the newsletter offered on the website, we need you to provide us with an email address and information that allows us to verify that you are the owner of the email address provided and that you consent to the receipt of the newsletter (double opt-in procedure). We exclusively use this data to send the requested information. This newsletter will be handled by a service provider for email marketing in connection with Art. 28 GDPR under a processing agreement.

You can withdraw your consent to the storage of data, your email address and its use to send the newsletter at any time with future effect, for instance by clicking on the “Unsubscribe” link in the newsletter. For reasons of traceability, we save opt-in data. For documentation, your email address, IP address, date, time, declaration of consent and information about received communication will be stored for 6 months.

 

4. Who will receive my data?

Within the company, your data will be received by the entities that require your data to fulfil contractual obligations regarding order processing and to provide services.

To handle certain processes for the provision of services, your data may need to be forwarded to registration authorities or service partners of Christoph Kroschke GmbH. To process payments in the online shop, it is necessary to transfer data to payment providers.

In case of non-payment for services and ordered goods, the transfer of personal data to collection agencies may be required in individual cases.

Other data recipients could be those entities for which you have given us your consent to the transfer of data.

In addition, your data will be transferred to subsidiaries within the Kroschke company group or to engaged service providers (“third parties”) insofar as we commission them to handle the provision of services under service agreements.

As a rule, data will not otherwise be transferred to external recipients outside the Kroschke company group.

The collection of personal data and its transfer to institutions and authorities which are entitled to obtain such information will only occur within the framework of the relevant laws, or insofar as we are obligated to do so by a court ruling. We have ensured that our employees and the service providers engaged by us are committed to maintain confidentiality and to comply with the provisions of data protection regulations.

 

5. Will my data be transferred to a third country or an international organisation?

Data transfer to third countries (countries outside the European Economic Area, EEA) may occur during the use of social plugins and analysis tools offered by Facebook, Google and other providers. More information can be found in Section 12 of this declaration.

 

6. How long will my data be stored?

We process and store your personal data as long as this is required for the fulfilment of our contractual and legal obligations.

As soon as the storage of data is no longer required to carry out further processing and as long as no statutory retention periods apply, this data will be erased.

To fulfil contractual obligations, we process and store your personal data that is required in order to manage the service process or purchase process, as well as to process complaints and warranties, for up to 24 months.

To fulfil retention obligations relating to tax law or commercial law, individual data and information may be retained for up to ten years.

You can find more information about the duration of data storage in other processes under Clause 3.

 

7. What data protection rights do I have?

Under the statutory regulations, you have the following rights:

a. Pursuant to Article 15 GDPR, to request access to information regarding your personal data that we process. In particular, you can request information about the purposes of processing, the categories of personal data concerned, the categories of recipient to whom the personal data has been or will be disclosed, the envisaged period for which the personal data will be stored, the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing, the right to lodge a complaint with a supervisory authority, and where the personal data is not collected from the data subject, any available information as to its source, as well as the existence of automated decision-making, including profiling and meaningful information about the details involved;

b. Pursuant to Art. 16 GDPR, to request rectification and/or completion for inaccurate or incomplete personal data we have stored concerning you;

c. Pursuant to Art. 17 GDPR, to request the erasure of personal data we have stored concerning you, unless this processing is required or exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;

d. Pursuant to Art. 18 GDPR, to obtain the restriction of processing concerning your personal data, insofar as you contest the accuracy of the personal data, the processing is unlawful but you oppose the erasure of the personal data and we no longer require the data, but you require it for the establishment, exercise or defence of legal claims, or if you have objected to processing pursuant to Article 21 GDPR;

e. Pursuant to Art. 20 GDPR, to receive your personal data which you have provided to us, in a structured, commonly used and machine-readable format or to request its transmission to another controller;

f. Pursuant to Art. 7 § 3 GDPR, to withdraw your consent at any time after granting it to us. As a consequence, we will not be allowed to continue with the data processing related to this consent in the future an

g. Pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority. In general, you can do this by contacting the supervisory authority for your habitual residence or place of work or our company headquarters.

 

8. Right to object:

8.1 Right to object depending on the individual case

Insofar as we justify the processing of your personal data by the pursuit of our legitimate interests according to Art. 6 (1) Sentence 1 (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR as long as there are grounds relating to your particular situation.

If you object, we will not continue to process your personal data, unless we can demonstrate legitimate grounds for the processing which override your interests, rights and freedoms, or if processing is necessary for the assertion, exercise or defence of legal claims.

 

8.2 Right to object against the processing of data for direct advertising

IIn specific cases, we will process your personal data in order to send direct advertising. You have the right to object to processing of personal data for this purpose at any time. You have a general right to object which we will enforce without requiring you to indicate a particular situation.

 

8.3 Recipient of objections

Objections can be sent informally to:

Christoph Kroschke GmbH
Ladestraße 1
22926 Ahrensburg

Fax.: +49-4102-804-111
Email: datenschutz[at]kroschke.de

 

9. Am I obliged to provide data?

IWhen ordering products or services as well as for general enquiries, you only need to provide personal data that is required in order to process the desired service or that we are legally obligated to collect in this context. Any other information you provide to us is voluntary. If you do not provide the minimum required data, we will generally be unable to conduct or process your order/service/information/enquiry.

 

10. To what extent is automated decision-making and scoring involved?

We do not use any profile-creating processes with automated decision-making ourselves. However, scoring may be conducted by payment providers in the course of payment transactions (see 3.2).

Profiles may also be created through web analysis tools and tracking by third-party providers when using our website. You can find more details in Clause 12 of this policy. You have the right to object against the use of cookies to generate profiles or to prevent the use of particular cookies in your browser settings.

 

11. Protection of children and youths

As a rule, our website is not oriented towards persons under the age of 18. For this reason, we do not request, collect or transfer the personal data of children and youths to third parties. Without the consent of their parents or legal guardians, children and youths should not transfer personal data to us.

 

12. Web analysis tools / Tracking / Social media

You can find information about our use of cookies and web analysis tools here.
We use the following social media services on our website:

 

12.1 Instagram

Our website may contain features and content from the Instagram service, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. These could include content such as images, videos or texts and buttons which users can use to like content, follow the authors or subscribe to our posts. If the users have accounts with the Instagram platform, Instagram can attribute the access of the above content and features to the user’s profile on that platform. Instagram’s privacy policy:
http://instagram.com/about/legal/privacy/

 

12.2 Facebook

Our website links to our Facebook page. We do not use any plugins or Like buttons on our website.

 

12.3 Twitter (“Tweet” button)

Our website may contain features and content from the Twitter service, offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA (“Twitter”). These could include content such as images, videos or texts and buttons which users can use to like content, follow the authors or subscribe to our posts. If the users have accounts with the Twitter platform, Twitter can attribute the access of the above content and features to the user’s profile on that platform. Twitter is certified under the Privacy Shield agreement and thereby guarantees that it will comply with European data protection law:(https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active)

Privacy policy: https://twitter.com/de/privacy, Opt-out: https://twitter.com/personalization

 

12.4 Xing

Our website may contain features and content from the XING service, offered by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany (“XING”). These could include content such as images, videos or texts and buttons which users can use to like content, follow the authors or subscribe to our posts. If the users have accounts with the Xing platform, Xing can attribute the access of the above content and features to the user’s profile on that platform. Xing’s privacy policy:
https://www.xing.com/app/share?op=data_protection

 

13. Data security

Technical and organisational measures are in place on this website to protect against the loss, destruction, modification or distribution of your data by unauthorised persons. When you visit our website, we use the common SSL method (Secure Socket Layer) in combination with the highest encryption level that is supported by your browser. Generally, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can identify whether a specific page of our website is transmitted in encrypted form by the locked key or lock symbol in the bottom status bar of your browser. Despite regular monitoring, complete protection against all risks is not possible. Nevertheless, our security measures are continually improved according to technological developments.