Privacy Policy
KATZ GMBH & Co. KG aims to enhance users’ trust in the Internet by clearly disclosing how it makes use of personal data. Please read on to find out what information we collect, why we collect it, and how we make use of it.
- Purpose and accountability
- General information on data processing and legal basis
- Security safeguards
- Forwarding of data to third parties and third-party providers
- Contacting us
- Collection of access data
- Cookies & reach measurement
- Google Analytics
- Google (re)marketing services
- Social media buttons and links
- Integration of third-party services and content
- User rights
- Deletion of data
- Right of recourse
- Amendments to this Privacy Policy
- Purpose and accountability
- This Privacy Policy describes how we process personal data collected on our websites and online platforms and through our associated webpages, functions and content (hereinafter referred to as the “Websites”) and describes the scope and purpose of these activities. This Privacy Policy applies to all situations, regardless of which domain, system, platform or device (e.g. desktop or mobile) the Websites are accessed on.
- The provider of the Websites, and the party responsible for data protection and privacy issues in regard to the Websites, is the company KATZ GMBH & Co. KG, Hauptstrasse 2, D-76599 Weisenbach, Germany; e-mail: office@thekatzgroup.com (hereinafter referred to as “we”, “us” and “our”). Please consult our legal notice for more information on the representatives of our company and who to contact: https://www.bierdeckel.de/en/imprint.
- You can contact our Data Protection Officer by sending an email to datenschutz(at)koehlerpaper.com.
- The following used term “User” comprises all customers and visitors to our Websites. We consider all the terms we use, such as User, to be gender-neutral.
- General information on data processing and legal basis
- All the personal User data we collect is processed in accordance with the relevant data protection regulations. That means we only process User data where this is permitted by law. This applies, in particular, if data processing is required or prescribed by law in order to furnish our contractual services (e.g. to process orders) and provide online services, or if the User has provided their consent, or if it is for the purposes of our legitimate interests (i.e. our interest in analysing, optimising and running our Websites in a secure and commercially viable manner within the meaning of Art. 6 (1) (f) of the General Data Protection Regulation (GDPR)), particularly in terms of measuring reach, creating profiles for advertising and marketing purposes, collecting access data, and using third-party services.
- In regard to the processing of personal data on the basis of the General Data Protection Regulation (GDPR), please note that the legal basis for the data subject giving consent is Art. 6 (1) (a) and Art. 7 GDPR, the legal basis for processing data in order to perform our contractual services and discharge our contractual obligations is Art. 6 (1) (b) GDPR, the legal basis for processing data in order to comply with our legal obligations is Art. 6 (1) (c) GDPR, and the legal basis for processing data for the purposes of our legitimate interests is Art. 6 (1) (f) GDPR.
- Security safeguards
- We apply state-of-the-art organisational, contractual and technical security measures to ensure compliance with the provisions of data protection legislation and thereby to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorised persons.
- These security measures include, in particular, the encrypted transmission of data between your browser and our server.
- Forwarding of data to third parties and third-party providers
- Data is only forwarded to third parties to the extent permitted by law. We only forward User data to third parties if this is necessary e.g. for billing purposes, or for other purposes if the User data is required to perform a contract to which the data subject is party.
- In cases where we employ subcontractors to furnish our services, we ensure appropriate legal safeguards are in place and take appropriate technical and organisational steps to ensure that personal data is protected in compliance with applicable statutory requirements.
- Insofar as content, tools or any other resources from other providers (hereinafter referred to as “third-party providers”) are employed within the scope of this Privacy Policy and said third-party providers have their registered headquarters in a third country, it should be assumed that data will be transferred to the country of domicile of the third-party provider.
- The term third country refers to countries in which the GDPR does not constitute directly applicable legislation, i.e. essentially countries outside the EU or the European Economic Area.
- Data shall be transferred to third countries if an adequate level of data protection is in place, if the User has provided their consent, or if this transfer is permitted by law in any other way.
- Contacting us
- If a user gets in touch with us (via contact form, email, trade fair contact, or similar) we process the user’s details in order to respond to and deal with the query or request.
- Users’ details may be stored in our customer relationship management (CRM) system or a comparable enquiry system and must then be retained for six years in line with statutory requirements regarding business correspondence or ten years if they have any legally mandated relevance for tax purposes.
- Collection of access data
- Log file information is collected by the provider solely for monitoring purposes.
- For security reasons – for example to help detect improper use or fraud – log file information is held directly for a period of 24 hours and then archived for 30 days before being deleted. Data that is to be retained as evidence shall be excluded from deletion until the relevant case has been finalised.
- Cookies & reach measurement
- Cookies are data packets that are transferred from our web server or third parties’ web servers to the User’s web browser and stored there for later retrieval. Cookies may comprise small files or any other kinds of information storage. This Privacy Policy explains to Users how we use cookies in a pseudonymised manner to measure reach.
- If the User does not wish cookies to be stored on their computer, we hereby request that they disable the relevant option in their browser settings. Stored cookies can be deleted in the browser settings at any time. Disabling cookies may prevent you from enjoying the full functionality of these Websites.
- You can block cookies that are used for tracking and online advertising by visiting the opt-out page of the network advertising initiative (http://optout.networkadvertising.org/) and also by managing your preferences on the U.S. website http://www.aboutads.info/choices or the European website http://www.youronlinechoices.com/uk/your-ad-choices/.
- Google Analytics
- For the purposes of our legitimate interests (i.e. our interest in analysing, optimising and running our Websites in a commercially viable manner within the meaning of Art. 6 (1) (f) of the General Data Protection Regulation (GDPR), we use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google uses cookies. The information generated by cookies concerning the use of the Websites by the User will generally be transmitted to and stored by Google on servers in the USA.
- Google is certified under the Privacy Shield framework which offers a guarantee of compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
- Google will use this information on our behalf for the purpose of evaluating use of our Websites by the User, compiling reports on activity on the Websites, and providing us with other services relating to the use of the Websites and use of the Internet. This process may involve creating pseudonymised usage profiles of Users from the processed data.
- We only use Google Analytics with IP anonymisation enabled. That means Google truncates the User’s IP address within Member States of the European Union and in other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and truncated there.
- The IP address transmitted by the User’s browser is not associated with any other data held by Google. Users can prevent cookies from being installed on their computer by adjusting their browser settings accordingly. Users can also prevent Google from collecting data generated by cookies concerning their use of the Websites and can prevent Google from processing this data by downloading and installing a browser plug-in from the following link: http://tools.google.com/dlpage/gaoptout?hl=en.
- For more information on how Google uses data and how to opt out, please refer to Google’s websites: https://www.google.com/intl/en/policies/privacy/partners (“How Google uses data when you use our partners’ sites or apps”), http://www.google.com/policies/technologies/ads (“How Google uses data in advertising”), http://www.google.com/settings/ads (“Control the information Google uses to show you ads”).
- Google (re)marketing services
- For the purposes of our legitimate interests (i.e. our interest in analysing, optimising and running our Websites in a commercially viable manner within the meaning of Art. 6 (1) (f) of the GDPR), we use the marketing and remarketing services (hereinafter referred to as “Google marketing services”) provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google”).
- Google is certified under the Privacy Shield framework which offers a guarantee of compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
- Google marketing services enable us to display ads for and on our website in a more targeted fashion, helping us to only show ads to Users that are potentially of interest to them. The method we use, known as remarketing, involves, for example, showing Users ads for products in which they have already shown an interest on other websites. For this purpose, our Websites – and other websites on which Google marketing services are active – contain a snippet of code, which is executed directly by Google. This integrates what are known as (re)marketing tags in the website (invisible image files or code, also known as web beacons). With the help of these tags, an individual cookie, i.e. a small file, is saved on the User’s device (comparable technologies may also be used instead). These cookies may be set from a few different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com and googleadservices.com. This file notes which sites the User visits, which content interests the User, and which offers he or she clicked, as well as technical information on the browser and operating system, referring websites, visit duration and other data on the use of the Websites. The User’s IP address is also recorded, though we wish to make it clear that, within the context of Google Analytics, the IP address is truncated within European Union Member States and in other countries that are party to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to the US-based Google server and truncated there. The IP address is not merged with User data within other Google offerings or services. The information referred to above may also be linked to comparable information from other sources. If the User subsequently visits other websites, they may be presented with ads tailored to them according to their interests.
- User data is processed in a pseudonymised manner within the context of Google marketing services, i.e. Google does not store and process details such as the name or email address of the User, but instead processes the relevant data within pseudonymised usage profiles based on cookies. This means that, from Google’s perspective, the ads are not managed for and displayed to a named or otherwise identifiable person, but rather for and to the cookie holder, regardless of who this cookie holder is. That is not, however, the case if a User has expressly granted Google permission to process their data in a non-pseudonymised manner. Information collected on Users by Google marketing services is transmitted to Google and stored on Google’s servers in the USA.
- One of the Google marketing services we use is the online advertising service “Google AdWords”. In the case of Google AdWords, each AdWords client receives a different “conversion cookie”. Thus, cookies cannot be tracked across the websites of AdWords clients. The information collected by the conversion cookies is used to provide aggregate conversion statistics for AdWord clients who have opted in to conversion tracking. AdWords clients are informed of the total number of users who clicked on the ad and were forwarded to a conversion tracking tag page. However, they do not receive any information that would enable them to identify users personally.
- Our Websites may contain third-party ads from the Google marketing service DoubleClick. DoubleClick uses cookies that enable Google and its partner websites to display ads based on User visits to this website and/or other websites on the Internet.
- We may also use the Google Tag Manager to incorporate and manage Google analysis and marketing services in our Websites.
- You can find more information on how Google uses data for marketing purposes at https://www.google.com/policies/technologies/ads. Google’s privacy policy is available at https://www.google.com/policies/privacy.
- If you wish to opt out of personalised advertising by Google marketing services, you can adjust your preferences and opt-out settings by visiting the following page: http://www.google.com/ads/preferences.
- Social media buttons and links
- The links and buttons provided for social networks and platforms (hereinafter referred to as “social media”) on our Websites only establish contact between social networks and Users if Users click on the links/buttons and the respective networks or their websites are loaded. This function operates on the same principle as a regular online link.
- The list below provides an overview of linked social media providers as well as links to their privacy policies, which contain further information on data processing and opt-out mechanisms, some of which have already been discussed here:
- facebook.com, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; privacy policy: https://www.facebook.com/policy.php; opt-out: https://www.facebook.com/settings.
- YouTube/Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/; opt-out: https://www.google.com/settings/ads/.
- Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. Privacy policy: http://twitter.com/privacy.
- XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Privacy policy: https://www.xing.com/privacy.
- LinkedIn Ireland, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland; privacy policy: https://www.linkedin.com/legal/privacy-policy.
- Integration of third-party services and content
- For the purposes of our legitimate interests (i.e. our interest in analysing, optimising and running our Websites in a commercially viable manner within the meaning of Art. 6 (1) (f) of the GDPR), we use third-party content and service delivery services on our Websites in order to incorporate content and services such as videos and fonts, for example (hereinafter jointly referred to as “content”). The third-party provider of this content always requires the User’s IP address in order to send the content to the browser of the respective User. In other words, the IP address is required to display this content. We endeavour only to use such content where the respective provider uses the IP address exclusively to deliver said content. Third-party providers may additionally use “pixel tags” (invisible image files, also known as web beacons) for statistical or marketing purposes. Pixel tags can be used to analyse information such as the number of visitors accessing the pages of this website. The pseudonymised information may additionally be stored on User devices in the form of cookies. This information includes technical information on the browser and operating system, referring websites, time spent on the website, and further details on how Users make use of our Websites, plus it can also be combined with comparable information from other sources.
- The list below provides an overview of third-party providers and their content as well as links to their privacy policies, which contain further information on data processing and opt-out mechanisms, some of which have already been discussed here:
- Maps from the “Google Maps” service provided by the third-party company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/; opt-out: https://www.google.com/settings/ads/.
- Videos on the “YouTube” platform provided by the third-party company Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/; opt-out: https://www.google.com/settings/ads/.
- Notes on Google, Inc.: Google is certified under the Privacy Shield framework which offers a guarantee of compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
- User rights
- Users have the right to obtain information free of charge on the personal data we have collected about them. In addition, Users have the right to correct any inaccurate data, restrict the processing of their personal data or delete it, and, where applicable, assert their right to data portability. Users also have the right to submit a complaint to the relevant supervisory authorities (the Baden-Württemberg Data Protection Commissioner, Königstrasse 10a, 70025 Stuttgart, Germany) if they suspect that data has been processed unlawfully.
- Equally, users are entitled to withdraw any consent they have previously given without stating a reason. Such a revocation of consent shall have future effect only.
- Deletion of data
- The data stored by us is deleted once it is no longer required for the designated purpose and provided that we have no statutory obligation to retain said data. In the event User data is not deleted because it is required for other purposes permitted by law, then its processing shall be restricted accordingly, i.e. the data shall be blocked and no longer processed for other purposes. This applies, for example to User data that must be retained due to commercial or tax requirements.
- According to statutory regulations, documents must be retained for six years as per § 257 (1) of the German Commercial Code (HGB) (accounting ledgers, inventories, opening balance sheets, annual financial statements, trade letters, accounting records, etc.) and for 10 years as per § 147 (1) of the German Fiscal Code (AO) (accounts and records, situation reports, accounting records, trade and business letters, other documents of relevance for taxation, etc.).
- Right of recourse
- Users can choose to opt out of the future processing of their personal data at any time in accordance with statutory provisions without giving reasons. This opt-out right applies in particular to the processing of data for the purposes of direct advertising.
- Amendments to this Privacy Policy
- We reserve the right to amend this Privacy Policy at any time to reflect changes in the legal situation or changes relating to the service or data processing. This only applies to declarations concerning data processing, however. If Users’ consent is required or if the Privacy Policy contains provisions for the contractual relationship with the Users, the changes shall only be made with the consent of the Users.
- Users are requested to check the Privacy Policy on a regular basis to keep up-to-date with its content.
Last updated: December 2018