Data protection statement

1. General

KIRCHHOFF Automotive / KIRCHHOFF Group are pleased about your interest in our company. We take the protection of your personal data seriously and hereby inform you about the type and scope of the personal data that we collect when you visit our Internet pages. The following data protection declaration applies to the websites www.kirchhoff-automotive.com and www.kirchhoff-group.com as well as their sub-domains and the online presences on Facebook, LinkedIn, Xing, and Youtube.

The use of our website is generally possible without providing personal data. As far as personal data (e.g. name, address or e-mail addresses) is collected on our website, this is always done on a voluntary basis, as far as possible. This data will not be passed on to third parties without your express consent.

We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.

The use by third parties of contact data published within the framework of the imprint obligation for the purpose of sending advertising and information material not expressly requested is hereby expressly prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example through spam mails.

All personal data will be collected, processed and used in accordance with the applicable regulations for the protection of personal data.

 

2. Name and address of the person responsible for processing

The person responsible within the meaning of the basic data protection regulation, other data protection laws applicable in the member states of the European Union and other regulations of a data protection nature is KIRCHHOFF Automotive GmbH. Contact data etc. can be found in the imprint.

 

3. Name and address of the data protection officer

The Data Protection Officer of the controller is

External:

VIA Consult GmbH, Mr. Kunde
Martinstrasse 25
57462 Olpe

+49 (2761) 83668 – 0
datenschutz@via-consult.de

Every person concerned can contact our data protection officer directly at any time with all questions and suggestions regarding data protection.

 

4. Cookies and server log files

The internet pages of KIRCHHOFF Automotive / the KIRCHHOFF Group use cookies. Cookies are text files which are placed and stored on a computer system via an Internet browser.

By using cookies, it is possible for the Internet pages and servers visited to distinguish the individual browser of the person concerned from others.

By using cookies, KIRCHHOFF Automotive / the KIRCHHOFF Group can increase the user-friendliness of this website and provide services which would not be possible without cookies. The user of a website which uses cookies does not, for example, have to enter his access data again each time he visits the website, as this is done by the website and the cookie stored on the user’s computer system.

By changing the settings of the relevant Internet browser, the setting of cookies can be prevented for all Internet pages. Cookies already set can be deleted. This is possible in all common internet browsers, but the function of the website is then partially restricted.

For technical reasons, so-called server log files are also created. In these files, the hosting provider stores technical data (e.g. browser type and version, operating system used, time of the request, IP address, etc.), which the browser automatically transmits to it. This data is not merged with other data, so that a personal reference is not possible.

 

5. Purpose of the data collection and, if applicable, transmission of the data

Personal data is only collected by us if you provide it voluntarily, for example in the context of an inquiry or registration. Data is entered in the areas described below:

 

Contact forms

The contact form offers interested parties the possibility to send inquiries directly to KIRCHHOFF Automotive. Due to legal regulations, the website also contains information (e.g. in the imprint) that enables quick electronic contact to our company (e.g. via e-mail address). In the context of an invitation to trade fairs or other events, please enter your data in an online registration form. We use this data only for the purpose of visitor planning and, if applicable, for the allocation of admission tickets. If a person contacts you by e-mail or via a contact form, the personal data transmitted by the person will be stored automatically. Data transmitted during this contact will be stored for the purpose of processing or contacting the person concerned. In most cases, the e-mails sent are delivered to general mailboxes of the departments or to representatives or assistants of the executive employees. Unless necessary for the processing purpose, this personal data is not passed on to third parties outside the Group companies.

Route calculation with Google Maps

We use “Google Maps” on our website. Google Maps is a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The responsible body is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. When using Google Maps, Google collects data on the use of the Maps functions by visitors to the websites. The data may be processed in the USA. You can find Google’s privacy policy here: https://policies.google.com/privacy?hl=de and the additional terms of use for Google Maps here: https://www.google.com/intl/de_de/help/terms_maps.html

Application

For the processing of personal data in the context of the application process, an additional privacy policy has been drawn up, which can be viewed before submitting the data.

 

6. The Use of Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). The responsible party is Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there. However, in the event that IP anonymisation is activated on this website, your IP address will be shortened by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area before this happens.

Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities and to provide further services to the website operator in connection with the use of the website and the internet. The IP address transmitted by your browser within the framework of Google Analytics is not combined with other data from Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout..

You can find more information about this at http://tools.google.com/dlpage/gaoptout?hl=de or http://www.google.com/intl/de/analytics/privacyoverview.html (general information about Google Analytics and data protection). We would like to point out that on this website Google Analytics has been extended by the code “gat._anonymizeIp();” in order to guarantee an anonymized collection of IP addresses (so-called IP-Masking).

 

7. Online Presence on Social Media

We provide online presences within social networks in order to be able to communicate with the interested parties and users active there and to inform them about us.

User data may be processed by the service provider outside the European Union. This can result in risks for the users, because the enforcement of the users’ rights could be made more difficult.

As a rule, the service provider processes user data for market research and advertising purposes. For example, user interests resulting from user behaviour may be used, for example, to place advertisements within and outside the platforms that could correspond to the interests of the users. For this purpose, cookies are usually stored on the users’ computers. In addition, data can also be stored in the user profiles regardless of the devices used (especially if the users are members of the respective platforms and are logged in to them).

In the following we inform you about the processing of your personal data by us within the scope of the online presences we provide. In its judgement of 5 June 2018, the European Court of Justice confirmed the joint responsibility of the service providers and the site operator.

The social media site you visit offers you the opportunity to react to our contributions, to comment on them, to create a user post yourself and to send us private messages with personal concerns. The data you provide in this context and which may be accessible to us (e.g. user name, pictures, interests, contact data) will be used by us exclusively for the purpose of customer and interest communication. It is in our interest to offer you a platform on which we display current information and with the help of which you can address your request to us and we can respond to your request as quickly as possible.

We do not carry out any further data processing in addition to the basic functions using the site. Please note that the service provider may use tracking tools and cookies, regardless of how we use the site.

For a detailed presentation of the respective processing and the possibilities of objection (opt-out), we refer to the following linked information of the providers.

Also in the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. Only the providers have access to the data of the users and can directly take appropriate measures and provide information. Should you nevertheless require assistance, you can contact us.

 

8. Legal basis of the processing

If we obtain consent for certain processing operations, this is based on Art. 6 I lit. a GDPR. If the processing of personal data is necessary for the performance of a contract, e.g. for the delivery of goods, or for pre-contractual measures, e.g. in the case of enquiries, the processing is based on Art. 6 I lit. b GDPR. If our company is subject to a legal obligation which makes it necessary to process personal data, for example to fulfil tax obligations, processing is based on Art. 6 I lit. c GDPR. Insofar as the processing of personal data is not based on any of the above-mentioned legal bases, we process data in order to safeguard a legitimate interest of our company (improvement of the performance of business activities). In doing so, we always ensure that no legitimate interest of the person concerned which outweighs our legitimate interest stands in the way of this.

 

9. The duration for which the personal data are stored

If you send applications to KIRCHHOFF Automotive, please note the additional data protection declaration for applications in the career section for information on the storage period.

If you send us an e-mail using the contact form, your e-mails will be received by the relevant mailboxes and archived there for an unlimited period.

Your data, which is stored in the course of using our online presence, will be deleted – as far as we are able – when the operation of the site is discontinued.

 

10. Right of information and revocation, right of complaint and right to data transfer, restriction of processing, correction and deletion

You have the right to receive information about your data stored by us and the purpose of storage at any time. You can revoke your consent to the storage or use of your personal data in writing at any time. In addition to the revocation, you have the right to demand the correction as well as the restriction of the processing and blocking or deletion of your data.

You have the right to address complaints to the appropriate supervisory authority (for NRW: The State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia in Düsseldorf). You also have the right to receive the data you have submitted in a machine-readable format for transmission.

If you have questions regarding the processing of your personal data, you can also contact us directly (responsible office: see imprint). For all questions and requests for information, applications or complaints, you can also contact our external data protection officers directly.

 

11. Security

KIRCHHOFF Automotive / the KIRCHHOFF Group uses technical and organizational security measures to protect the data you have made available from accidental or intentional manipulation, loss, destruction or access by unauthorized persons.

Our security measures are not only continuously improved in line with technological developments, but are also protected by an integrated information security management system (ISMS).

 

12. Whistleblowing

On our homepage under “Corporate Governance” > “Code of Conduct”, it is described and outlined how violations can be reported. The reports are made by phone or email. Anonymous reporting is also possible. However, the whistleblower can voluntarily provide their identity, in order to receive feedback. The report is sent directly to a KIRCHHOFF Automotive authorized representative (Global Compliance Expert, Compliance Delegate, Managing Director, responsible manager) or to an ombudsman (external lawyer).

Reports usually include the identity of person(s) concerned by the reported event, as well as data of the whistleblower for non-anonymous reports. Other personal data is only collected if necessary to fulfill the purpose and is therefore legally permissible.

The processing of the personal data of both the (non-anonymous) whistleblower and the person(s) concerned by the reported event, serves the purpose of preventing violations of the law and of investigating violations in the interests of the injured party.

The processing of personal data takes place to protect legitimate interests in accordance with Art. 6 Para. 1 f) GDPR. The sincere interest here is to maintain compliance: compliant processes at KIRCHHOFF Automotive and equal and fair opportunity to conduct investigations.

If the whistleblowing is confirmed, the responsible manager and/or the HR Manager are informed. Possibly, personal data will then also be sent to government authorities, e.g. Prosecutor or courts. In the event of a breach affecting the global organization, the personal data will be transmitted to the Global Compliance Expert in Germany or to the countries where KIRCHHOFF Automotive operates and where investigations can take place. In all other cases, no personal data is shared to a third-party country. Any recipients only have access to the information necessary for their respective task(s).

The duration of the storage of the personal data of the person(s) concerned by the whistleblowing depends on the specific circumstances: personal data will be deleted if there is no initial suspicion or if the whistleblowing is deemed unfounded as soon as the corresponding determination has been made. If the internal investigation has confirmed the notification, the personal data will be deleted at the time when all legal measures have been completed. The endorsements in the personnel file resulting from confirmatory examinations, are subject to the deletion periods applicable to personal files.

The storage duration of personal data for a (non-anonymous) whistleblower corresponds to the storage duration of the relevant process according to the previous paragraph.

In the event of deliberately incorrect or defamatory notices by whistleblowers, deletion periods apply accordingly with regard to the investigations into the misconduct of the whistleblower.

Natural persons from whom we process personal data, are affected in the sense of General data protection regulation (GDPR). The rights of the data subject apply (Art 15-21 GDPR).