Dataprotection information

LEONHARD KURZ Stiftung & Co. KG

PRIVACY POLICY ON PERSONAL DATA PROCESSING

The following section contains information on the processing of your personal data and your rights according to the general data protection regulation (GDPR). Which data are processed in detail and how they are used depends to a large extent on the services requested or agreed upon in each case.

This privacy policy is applicable for the processing of personal data by the KURZ GROUP, that is the LEONHARD KURZ Stiftung & Co. KG, Schwabacher Str. 482, D-90763 Fuerth/Germany, https://www.leonhard-kurz.com/imprint/ and its subsidiaries (https://www.leonhard-kurz.com/company/locationsworldwide/).

DATA PROTECTION OFFICER:

To contact our data protection officer send a mail to: DSB@kurz.de

PURPOSE OF PROCESSING AND LEGAL BASIS:

We process your data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. In the event that you have given us your consent, we will use your data for the purposes stated in the declaration of consent (Art. 6 (1) (a) GDPR). We use your data to the extent necessary for execution of contracts and pre-contractual measures to provide our services and sale of products (Art. 6 (1) (b) GDPR). For the fulfilment of legal obligations under the law of the European Union or the law of a Member State (Art. 6 (1) (c) GDPR). We also use your data to the extent necessary if we or a third party have a justified interest in the processing (Art. 6 (1) (f) GDPR).

We pursue the following purposes and interests:

Contract processing with third parties -, for our business interests as business interests of third parties such as your employer

Customer service within the scope of contract processing - to process contracts with you and with third parties
Internal forwarding of data to group companies- for central process optimization and optimization of services

Registration of office visitors- for security reasons for our legitimate interest in protecting our offices and our confidential information from unauthorised access
Managing event registrations and attendance - to plan and conduct events or webinars for which you have registered or are attending, including sending you related communications to fulfil our contract with you;
Provision of our IT services products - when using our products, we collect data in order to provide the services in accordance with the contract and to optimise our products

Quality controls - for product assurance and process improvement
Controlling processes through statistical evaluations for cost control and process optimization
Enforcement of legal claims and defense in legal disputes

Protection and investigation of criminal offences such as fraud and money laundering prevention

Guarantee of IT security – to protect our infrastructure and business interests

Archiving of data – to comply with legal requirements

Customer satisfaction surveys and opinion research to improve our products and services

Advertising for our products and services by mail, telephone and email within the scope of direct marketing campaigns

If we process your data on the basis of a legitimate interest, you have the right to object to the processing of your data for personal reasons. If we use your data for direct marketing, you have a general right of objection.

 

CATEGORIES OF DATA WE PROCESS AND SOURCES OF DATA

Data we collect about you may be e.g. name, company, position, telephone number, mobile number, fax number, email address, industry, business interests, payment details, date of birth, account usernames, passwords, IP-addresses, pictures, videos and gender. For example, we may ask you to provide some or all of this personal data when you subscribe to our marketing communications, purchase products or services, and/or submit enquiries to us.

We may also collect data from other sources like third parties and publicly accessible sources in various constellations.

Those may be group companies, partners, vendors, suppliers, company websites, social media profiles, business information suppliers, event hosts and sponsors.

SHARING WITH THIRD PARTIES

Within our company, those departments receive your data that need it to fulfil our contractual and legal obligations. Also processors used by us (Art. 28 GDPR) may receive data for these purposes. Other forwarding to third parties will only take place if this is necessary for the execution of the contract, if there is a justified interest or a legal or official obligation or if you have given your consent. The following categories of recipients may receive your data:

  • IT service provider for maintenance work, website, archiving, e-mail dispatch
  • Authorities within the scope of their responsibilities and courts of law
  • Insurances
  • Chartered accountants, legal advisors, credit institutions, tax advisors
  • Marketing agencies and market research institutes
  • Logistics service providers and data destruction companies
  • Group companies for the central administration of processes
  • Event management service providers and printers
  • Credit bureaus and debt collection agencies

DATA TRANSFER OUTSIDE EEA

A data transfer to third countries (countries outside the European Economic Area - EEA) occurs in the use of IT service providers and as the case may be within the group – (https://www.leonhard-kurz.com/company/locationsworldwide/).

Information on appropriate or suitable guarantees for the transfer, you can obtain by contacting our data protection officer.

RETENTION PERIOD

If necessary, we process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract. It should be noted that our business relationship is a continuing obligation which is designed for years.
In addition, we are subject to various legal storage and documentation obligations (e.g. from the German Commercial Code (HGB), the German Tax Code (AO), the German Banking Act (KWG) and the Money Laundering Act (GwG) and other applicable legislation). The periods for storage or documentation are usually up to ten years. In addition, we may have a legitimate interest in storage, such as the limitation periods, which can be up to thirty years.
If your data is no longer required for the purposes mentioned or if its storage is inadmissible for other legal reasons, we will delete it.
If we have processed data on the basis of your consent, we will delete this data after revoking your consent and insofar as no other storage obligations exist.

OBLIGATION TO PROVIDE PERSONAL DATA

In order to maintain a business relationship with us, only the data necessary for its implementation or to the collection of which we are legally obliged are required. As a rule, it is not possible for us to process a contract without this data.

PROFILING OR AUTOMATED DECISION MAKING TAKE PLACE

We partly process your data automatically with the aim of evaluating certain personal aspects (profiling) in order to optimise and personalise our marketing measures. Our offers are thus optimally adapted to your needs.

YOUR LEGAL RIGHTS

If you are located in a European Union Member State and certain other countries, you have the following additional rights:

Right to access - You have the right to obtain information about the data stored about you.

Rectification - You have the right to request the correction of inaccurate and incomplete data concerning you.

Erasure - You have the right to demand the deletion of the data stored about you if the legal requirements are met.

Restriction of processing - You have the right to demand the restriction of future data processing under the legal conditions.

Data portability - You have the right to receive data that we have received from you in a common format or to forward it to third parties.

Objection - You have the right to object to any processing based on a legitimate interest for personal reasons. In the case of direct advertising, you have an unlimited right of objection.

Revocation - If you have given us your consent, you can revoke it at any time with effect for the future.

Complaint - You have the right to submit a complaint to a data protection supervisory authority.