Data Protection Statement

General Information

The KIRCHHOFF Automotive/KIRCHHOFF Group appreciates your interest in our company. We take the protection of your personal data seriously and hereby inform you about the type and scope of personal data that we collect when you visit our website. The following data protection declaration applies to the websites www.kirchhoff-automotive.com and www.kirchhoff-group.com, as well as their subdomains and the online presences on Facebook, LinkedIn, Xing, and YouTube.

The use of our website is usually possible without providing personal data. On our end, personal data (such as name, address, or e-mail addresses) is collected on a voluntary basis. This data will not be passed on to third parties without your consent.

We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of data from third parties is not possible.

All personal data will be collected, processed, and used in accordance with the applicable regulations for the protection of personal data.

 

Cookies and Server Log Files

The internet pages of KIRCHHOFF Automotive/the KIRCHHOFF Group use cookies. Cookies are text files which are filed and stored on a computer system via an internet browser.

The use of cookies enables the visited websites and servers to distinguish the individual browser of the visitor, separate from other visitors.

Through the use of cookies, KIRCHHOFF Automotive/the KIRCHHOFF Grroup can improve the user-friendliness of their website and provide services that would not be possible without cookies. For example, the user of a website that uses cookies does not have to re-enter their access data each time they visit the website, because this is handled by the website and the cookie stored on the user’s computer system.

By changing the setting of your respective Internet browser, the cookies‘ setting can be prevented for all Internet pages. Cookies that have already been set can be deleted again. This is possible in all common Internet browsers, but the function of the website is then partially restricted.

For technical reasons, server log files are also created. In these files, the hosting provider stores technical data (e.g. browser type and version, operating system used, time of request, IP address, etc.) that the browser automatically transmits to them. This data is not merged with other data so that no conclusion can be drawn about a person.

 

Analysis Tools and Advertising

The use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc (“Google”). The responsible entity is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. In the event that IP anonymisation is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google, and the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.

You can find more information about this at http://tools.google.com/dlpage/gaoptout?hl=de or at http://www.google.com/intl/de/analytics/privacyoverview.html (general information about Google Analytics and data protection). We would like to point out that on this website Google Analytics has been extended by the code “gat._anonymizeIp();” in order to ensure anonymous collection of IP addresses (IP masking).

Matomo (formerly Piwik)
This website uses the open source web analytics service Matomo, an InnoCraft company (InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand). Matomo uses “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website.

For this purpose, the information generated by the cookie about the use of this website is stored on our server. The IP address is anonymized before storage.

Matomo cookies remain on your terminal device until you delete them. The storage of Matomo cookies is voluntary and only takes place with your consent in accordance with Art. 6 para. 1 lit. a DSGVO.

The information generated by the cookie about the use of this website will not be passed on to third parties. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

 

Purpose of Data Collection and Transmission (if Applicable)

Personal data is only collected by us if you provide it to us voluntarily (for example, in the case of an inquiry or registration). Data is entered in the areas described below:

Contact forms
The contact form offers interested parties the opportunity to send enquiries directly to KIRCHHOFF Automotive. Due to legal regulations, the website also contains information (e.g. in the imprint) which enables a quick electronic contact to our company (e.g. via e-mail address). For invitations to trade fairs or other events, you enter your data in an online registration form. We use this data only for the purpose of visitor planning and, if necessary, ticket allocation. If a person contacts us by e-mail or via a contact form, the personal data transmitted by the person is automatically stored. Data transmitted during this contact will be stored for the purpose of processing or contacting the person concerned. In most cases, the e-mails sent are delivered to general mailboxes of departments, representatives, or assistants of senior staff. Unless required for the purpose of processing, this personal data is not passed on to third parties outside the group‘s companies.

Route calculation with Google Maps
We use “Google Maps” on our website. Google Maps is a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The responsible body is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. When using Google Maps, Google collects data on the use of the Maps functions by visitors on the websites. The data may be processed in the USA. You can find Google’s privacy policy here: https://policies.google.com/privacy?hl=de and the additional terms of use for Google Maps here: https://www.google.com/intl/de_de/help/terms_maps.html.

Application
For the processing of personal data in the application process, an additional privacy policy has been created, which can be viewed before submitting the data.

Online presence in social media
We have established online presences on social networks in order to communicate with interested parties and to inform them about us.

User data may be processed by the service provider outside the European Union. This may result in risks for the users, because, for example, the enforcement of the rights of the users could be made more difficult.

As a rule, the service provider processes user data for market research and advertising purposes. For example, the interests of users resulting from their usage behaviour can be used to place advertisements within and outside the platforms that could correspond to the interests of the users. Cookies are usually stored on the users’ computers for this purpose. Additionally, data can also be stored in usage profiles independently of the devices used (especially if the users are members of the respective platforms and are logged in to them).

We inform you of the following, regarding the processing of your personal data we carry out within the framework of the online presences provided by us. In its ruling of 5 June 2018, the ECJ confirmed the joint responsibility of the service providers and the site operator.

The social media site you visit offers you the opportunity to respond to our posts, comment on them, create a user post yourself and send us private messages with personal concerns. The data you provide in this context and which may be accessible to us (e.g. username, pictures, interests if applicable, contact data) will be used by us exclusively for the purpose of customer and interest communication. It is in our interest to provide you with a platform on which we can display up-to-date information, and which you can address your request(s) to us so we can respond to your request as quickly as possible.

We do not process any data other than the basic functions through the site. Please note that the service provider may use tracking tools and cookies independently of our use of the site.

For a detailed description of the respective processing and the possibilities of objection (opt-out), please refer to the following linked information of the providers.

Also, regarding requests for information and the assertion of user rights, these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. If you still need help, you can contact us.

  • Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Privacy Policy: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
  • Google/YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, responsible entity is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) – Privacy Policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated
  • LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) – Privacy Policy https://www.linkedin.com/legal/privacy-policy, Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-ou
  • Xing (New Work SE, Am Strandkai 1, 20457 Hamburg, Germany) – Privacy Policy/ Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung

If you access social media providers’ pages, we have no influence on what personal data is collected, stored or processed from you on this page. You can find more information on this in the privacy policy of the respective provider’s external website.”

 

Name and Address of the Controller

The responsible party regarding the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union, and other provisions for data protection is KIRCHHOFF Automotive AG. Contact details can be found in the imprint.

Name and address of the data protection officer
The data protection officer of the controller is:

External:
VIA Consult GmbH
Mrs. Dr. Hanni Koch
Martinstraße 25
57462 Olpe
+49 (2761) 83668 – 0
datenschutz@via-consult.de

Any data subject may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

 

Legal Basis of Processing

If we obtain consent for certain processing operations, this is based on Art. 6 I lit. a DS-GVO. If the processing of personal data is necessary for the performance of a contract, e.g. for the delivery of goods, or for pre-contractual measures, e.g. in the case of inquiries, the processing is based on Art. 6 I lit. b DS-GVO. If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c DS-GVO. If a processing of personal data is not based on any of the aforementioned legal grounds, we process data to protect a legitimate interest of our company pursuant to Art. 6 (I) (f) DSGVO (improvement of the performance of business activities). In this context, we always ensure that no protectable interest of the affected party, which outweighs our legitimate interest, conflicts with this.

Duration for which personal data is stored
The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the fulfilment of the contract or the initiation of the contract.

If you send applications to KIRCHHOFF Automotive, please note the additional data protection declaration for applications in the career section, in regards to information on the storage period.

If you send us an e-mail via the contact form, your e-mails will be received by the respective mailboxes and will be archived there for an unlimited period of time.

Your data, which is stored during the course of use on our online presences, is deleted – as far as it is possible for us – when the operation of the site is discontinued.

Data subject rights
You have the right at any time to obtain information about the data we have stored about you and the purpose for which we have stored it. You can revoke your consent to the storage or use of your personal data in writing at any time. In addition to the revocation, you have the right to demand the correction as well as the restriction of processing and blocking or deletion of your data. Furthermore, you have the right to object to processing for legitimate interest.

You have the right to contact the relevant supervisory authority (for NRW: The State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia in Düsseldorf) for complaints. Additionally, you have the right to receive the data you have submitted in a machine-readable format for transmission.

If you have any questions regarding the processing of your personal data, you can also contact us directly (responsible office: see imprint). For all questions and requests for information, applications, or complaints, you can also contact our external data protection officers directly.

 

Security

KIRCHHOFF Automotive/the KIRCHHOFF Group uses technical and organizational security measures in order to protect your provided data against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.

Our security measures are not only continuously improved in line with technological developments, but are also protected by an integrated information security management system (ISMS).

 

Whistleblowing

On our homepage under “Corporate Governance” > “Code of Conduct”, it is described and outlined how violations can be reported. The reports are made by phone or email. Anonymous reporting is also possible. However, the whistleblower can voluntarily provide their identity, in order to receive feedback. The report is sent directly to a KIRCHHOFF Automotive authorized representative (Global Compliance Expert, Compliance Delegate, Managing Director, responsible manager) or to an ombudsman (external lawyer).

Reports usually include the identity of person(s) concerned by the reported event, as well as data of the whistleblower for non-anonymous reports. Other personal data is only collected if necessary to fulfill the purpose and is therefore legally permissible.

The processing of the personal data of both the (non-anonymous) whistleblower and the person(s) concerned by the reported event, serves the purpose of preventing violations of the law and of investigating violations in the interests of the injured party.

The processing of personal data takes place to protect legitimate interests in accordance with Art. 6 Para. 1 f) GDPR. The sincere interest here is to maintain compliance: compliant processes at KIRCHHOFF Automotive and equal and fair opportunity to conduct investigations.

If the whistleblowing is confirmed, the responsible manager and/or the HR Manager are informed. Possibly, personal data will then also be sent to government authorities, e.g. Prosecutor or courts. In the event of a breach affecting the global organization, the personal data will be transmitted to the Global Compliance Expert in Germany or to the countries where KIRCHHOFF Automotive operates and where investigations can take place. In all other cases, no personal data is shared to a third-party country. Any recipients only have access to the information necessary for their respective task(s).

The duration of the storage of the personal data of the person(s) concerned by the whistleblowing depends on the specific circumstances: personal data will be deleted if there is no initial suspicion or if the whistleblowing is deemed unfounded as soon as the corresponding determination has been made. If the internal investigation has confirmed the notification, the personal data will be deleted at the time when all legal measures have been completed. The endorsements in the personnel file resulting from confirmatory examinations, are subject to the deletion periods applicable to personal files.

The storage duration of personal data for a (non-anonymous) whistleblower corresponds to the storage duration of the relevant process according to the previous paragraph.

In the event of deliberately incorrect or defamatory notices by whistleblowers, deletion periods apply accordingly with regard to the investigations into the misconduct of the whistleblower.

Natural persons from whom we process personal data, are affected in the sense of General data protection regulation (GDPR). The rights of the data subject apply (Art 15-21 GDPR).In the event of deliberately incorrect or defamatory notices by whistleblowers, deletion periods apply accordingly with regard to the investigations into the misconduct of the whistleblower.

Natural persons from whom we process personal data, are affected in the sense of General data protection regulation (GDPR). The rights of the data subject apply (Art 15-21 GDPR).