Privacy Policy

Privacy notice website

This privacy notice informs you about the processing of personal data within our website. The privacy notice applies regardless of the domains, platforms and devices used (e.g. desktop, mobile, etc.).

We inform you about the processing of your personal data and the rights to which you are entitled under the the European General Data Protection Regulation (GDPR). Personal data as defined by the GDPR is any information relating to an identified or identifiable natural person (‘data subject’), e.g., name, address, e-mail, order data, vehicle data.

In our privacy notice, we use various other terms as defined by the GDPR. These include terms such as processing, restriction of processing, profiling, pseudonymisation, controller, processor, recipient, third party, consent, supervisory authority and international organisation. You can find the corresponding definitions for these terms in Article 4 of the GDPR.

Who is responsible for data processing and whom can I contact?

The entity responsible for the processing of personal data is:

Wimedko GmbH

Manfred-von-Richthofen-Str. 15

12101 Berlin

Telefon: 030 257 90 990

E-Mail: info@ksb-berlin.de

What sources and data do we use?

We process personal data that we receive from you while using our website and, if applicable, in the course of our business relationship.

In the case of purely informational use of our website, i.e. if you do not register or otherwise submit information to us, we only collect the personal data that your browser transmits to our server. When you access our website, we collect the following access data, which is technically necessary for us to present our website to you and to ensure stability and security. The access data includes the IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (i.e. name of the specific website accessed), access status/HTTP status code, amount of data transferred in each case, referrer URL (previously visited page), operating system and its interface, language and version as well as type of browser software, notification of successful retrieval.

Furthermore, we receive your personal data if you contact us via contact form or e-mail. Personal data here are, for example, name, address, e-mail, telephone number and, if applicable, the data that you send us as a message (hereinafter referred to as “contact data”).

3. What do we process your data for (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the European Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) for the following purposes and on the basis of the following legal grounds:

Purposes	Legal basis
If you have given us consent to process personal data for certain purposes, in particular for contacting you (e.g. via our contact form or by e-mail for processing and handling the enquiry, Implementation of direct marketing measures), this processing is lawful on the basis of your permission. Consent may be withdrawn at any time. Please note that the withdrawal is only effective for the future. Processing that took place before the withdrawal is therefore not affected. The withdrawal can be sent to the above contact details.	Consent, Art. 6 para 1 sentence 1 lit. a GDPR
When contacting us (via contact form or e-mail), your data will be processed for the purpose of handling the contact request and its processing.	Performance of a contract or execution of pre-contractual measures upon request of the person, Art. 6 para 1 lit b GDPR,
When you visit our website for the first time, you will be asked whether you also wish to accept non-essential cookies. If you consent to the use of non-essential cookies, this will allow us to analyze the use of our website. Furthermore, we may carry out various marketing activities based on your interactions with the website, other marketing channels and other third parties, such as social networks. To find out more about the cookies we use, including in particular how to manage and delete cookies, see the section on cookies below.	Consent, Art. 6 para. 1 sentence 1 lit. a GDPR
When you contact us (via contact form or e-mail) in connection with your application, we process your data in order to check your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process. Your application data will be screened by the HR department after receipt of your application. Suitable applications will then be forwarded internally to the department responsible for the respective open position. There a decision will be made on the further procedure. In principle, only those persons in the company have access to your data who require this for the proper conduct of our application procedure.	Establishment of an employment relationship, § 26 BDSG and after completion of the application procedure in case of rejection to protect legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR (defense against claims), if applicable, if consent has been given, Art. 6 para. 1 sentence 1 lit. a GDPR
We process your access data (see data specified under item 2 above) to safeguard our legitimate interests or those of third parties. In particular, we pursue the following legitimate interests: Ensuring IT security, in particular the security of the Website; we also store the IP address in the event that someone leaves behind illegal content using the comment function (insults, prohibited propaganda, etc.) and we must be able to determine the author’s identity for our own legal protection. Advertising or market and opinion research, unless you have objected to the use of your data; Assertion of legal claims and defense in case of legal disputes.	As part of the balancing of interests for the safeguarding of legitimate interests, Art. 6 para. 1 sentence 1 lit. f GDPR

4. Who can access my data?

Within the organization, departments that need to know your data to fulfill our contractual and regulatory obligations can access your data.

In addition, processors (Art. 28 GDPR) engaged by us may also obtain access to data for the above-mentioned purposes. These are companies in the categories IT services, Hosting-service provider, printing services, sales and marketing. If we use processors to provide our services, we will take appropriate legal precautions as well as the relevant technical and organizational measures to protect personal data in accordance with applicable law.

Any transfer of data to third parties will be made only within the scope of legal requirements. We will disclose your data to third parties only if this is required, for example, under Art. 6 para. 1 sentence 1 lit. b GDPR for contractual purposes or based on legitimate interests pursuant to Art. 6 para 1 sentence 1 lit. f GDPR in the economic and effective operation of our business or if you have consented to the transfer of data. In the case of purely informational use of the website, we do not pass on any data to third parties.

5. How long will my data be retained?

For security reasons (e.g. to clarify acts of abuse or fraud), log file information is stored for a maximum of 30 days and then deleted (see point 2 above). Data whose further storage is necessary for evidentiary purposes is exempt from deletion until the final clarification of the respective incident.

As far as necessary, we process and store your personal data for the duration of our business relationship, which also includes, for example, the initiation of a contract via contact form or by e-mail.

Applicant data will be deleted after 6 months in the event of a rejection. If you have agreed to further storage of your personal data, we will transfer your data to our applicant pool. There, the data will be deleted if you revoke your consent or after 5 years at the latest. Should we fill the advertised position with you, your data will be stored in our personnel management system.

In addition, we are subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are six and ten years respectively.

Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are usually 3 years, but in certain cases can be up to thirty years, whereby the regular limitation period is three years.

If you exercise your rights as a data subject, we will store the information provided to you in this regard until the expiry of the statutory limitation period pursuant to Section 31 para 2 no 1 OWiG, Section 41 para 1 BDSG, Article 83 para 5 lit b GDPR for 3 years. This period may be extended if the statutory limitation period is extended due to interruptions of the limitation period (e.g. in the context of inquiries by the supervisory authorities).

6. Are data transferred to a third country or to an international organization?

The data provided will be processed within the European Union and in the USA. For countries without an adequacy decision by the Commission according to Article 45 GDPR, as is the case with the USA, we generally agree on EU standard contractual clauses with the recipients of your data or obtain your consent for the data transfer.

Note: The protection of personal data in the USA does not correspond to the level of data protection required by the EU. In particular, there are no enforceable rights to protect your data against access by government authorities. Therefore, there is a risk that these government agencies can access the personal data without the data transmitter or the recipient being able to effectively prevent this.

7. What are my data subject rights?

In accordance with Art. 15 GDPR, you have the right of access as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data. In this case, we will provide you with the stored personal data. You also have the right to the information specified in detail in Art. 15 para 1 GDPR. However, the aforementioned right is not unlimited; the limitations of the right can be found in particular in Art. 15 para 4 GDPR.

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and to completion of incomplete personal data in accordance with Art. 16 GDPR.

You have the right to obtain the erasure of personal data concerning you without undue delay acc. Art. 17 GDPR. The right to erasure (“right to be forgotten”) is not unrestricted. In particular, erasure cannot be demanded, if we need to process your personal data further in order to perform our contract, to fulfil a legal obligation or to assert, exercise or defend legal claims. The requirements and restrictions of the right to deletion are set out in detail in Art. 17 GDPR.

You have the right, in accordance with Art. 18 GDPR, to request that the processing of your personal data be restricted if one of the conditions of Art. 18 para 1 GDPR is met. In this case, we may continue to store this data, but may process it only under strict conditions. The conditions and restrictions of the right to restrict processing are set out in detail in Art. 18 GDPR.

Pursuant to Art. 20 GDPR, you have a right to data portability. You may request to receive the personal data provided by you, which we process in an automated process on the basis of the contract existing between us or your consent, in a structured, common and machine-readable format. In addition, you may request us to transmit this data directly to another responsible party, insofar as this is technically feasible. The requirements and restrictions of the aforementioned rights in detail can be found in Art. 20 para 3 and 4 GDPR.

You can withdraw your consent to the processing of your personal data at any time. Please note that the withdrawal only takes effect for the future and does not affect the legality of the processing carried out based on the consent up to the withdrawal.

Information about your right to object according to Art. 21 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 para 1 lit e GDPR (data processing in the public interest) and Art. 6 para 1 lit f GDPR (data processing based on balancing of interests); this also includes profiling under these provisions within the meaning of Art. 4 No. 4 GDPR.

If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves the purposes of asserting, exercising or defending legal claims.

In individual cases, we process your personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling insofar as it is associated with such direct marketing. If you object to the processing for direct marketing purposes, we will no longer process your personal data for such purposes.

Objections do not require a particular form and no costs are incurred, other than the transmission costs according to the basic tariffs. If possible, any objection should be addressed to the above-mentioned address or email.

The above notifications and measures requested by you will be made available to you free of charge in accordance with Art. 12 para 5 GDPR.

You have a right to complain to a data protection supervisory authority if you are of the opinion that the processing of your personal data violates the GDPR, without prejudice to any other administrative or judicial remedy.

8. To what extent do you apply automated individual decision-making, including profiling?

In the context of accessing our website or in the context of contacting us by form or e-mail, we do not use any fully automated decision-making pursuant to Article 22 GDPR. Should we use these procedures in individual cases, we will inform you about this separately if this is required by law. We do not process your data automatically with the aim of evaluating certain personal aspects (profiling).

9. is there an obligation for me to provide data?

You must provide the personal data that is required for the use of our website for technical or IT security reasons. If you do not provide this data, you will not be able to use our website.

When contacting us by form or e-mail, you only need to provide the personal data that is required to process your request. Otherwise we will not be able to process your request.

10. Cookies

We use cookies on our website. Cookies are small text files, usually consisting of letters and numbers, which are stored on the user’s computer when visiting certain Internet pages.

Some of these cookies are essential for our website to function, while other cookies help us improve our website by giving us insight into how you use the website.

By default, we only use necessary cookies. Necessary cookies enable the core functionalities of our website. The website cannot be displayed correctly without these cookies or individual areas may not function properly. Necessary cookies can only be prevented by appropriate settings in your browser.

We only use cookies that are not necessary for the website to function (“non-essential cookies”) if you have given your consent via our cookie banner. You can return to our privacy information at any time and withdraw your consent or make changes.

Alternatively, you can prohibit the storage of cookies individually via the settings of your browser (the help page of the browser will tell you how to set the cookie handling). You can find help on cookie management in the most common browsers at the following addresses:

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-loeschen-daten-von-websites-entfernen
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Google Chrome: https://support.google.com/accounts/answer/61416?hl=de
Opera: http://www.opera.com/de/help
Safari: https://support.apple.com/kb/PH17191?locale=de_DE&viewlocale=de_DE.

11 Processing of personal data in the context of the use of external online services

11.1 Google Analytics

We use the web analytics service Google Analytics from Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) hereinafter “Google”.

The web analytics service Google Analytics uses cookies. The information generated by the cookies about the use of our website is usually transmitted to a Google server in the USA and stored there. There are privacy risks associated with the processing of your data in the USA, see above. By giving your consent via our cookie banner, you consent to the processing of your data in the USA, despite potential access by US authorities, Art. 49 para. 1 p. 1 lit. a GDPR.

Google processes the data for us to evaluate the use of our website by the website visitors, to create reports about the activities within our website and to provide further services connected with the use of our website. In doing so, pseudonymous usage profiles of the website visitors are created from the processed data.

During your visit to the website, the following information is collected, among other things:

Pages viewed,
Achievement of contact targets, such as contact requests or newsletter sign-ups,
Your use of our website, for example clicks and time spent on one of our pages,
Your approximate location (country),
Your IP address (in shortened form, so that no clear assignment is possible),
Technical information such as browser type, internet provider used, terminal device and screen resolution,
Via which website or advertising medium you came to us.

Google Analytics stores cookies in your browser for a period of two years since your last visit. These cookies contain a randomly generated user ID that can be used to recognise you on future visits to the website.

The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other, non-personal data remain stored in aggregated form for an unlimited period of time. The IP address transmitted by your browser will not be merged with other data from Google.

We use Google Analytics with IP anonymization enabled. This means that the IP address of the user is shortened by Google within the European Union or European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.

You can prevent the storage of cookies either by rejecting them in our cookie banner or by setting your browser accordingly; users can also prevent the collection of the data generated by the cookie and the transmission to Google as well as the processing of this data by Google by downloading and installing a browser opt-out plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

You can permanently object to cross-device remarketing/targeting by deactivating personalized advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/.

Further information on data processing by Google, setting and objection options can be found on the Google website at https://policies.google.com/technologies/partner-sites.

11.2 Google Maps

On this website we use the offer of Google Maps of Google LLC , 1600 Amphitheatre Parkway Mountain View, CA 94043, United States. The legal basis for the use of Google Maps is your consent Art. 6 para. 1 p. 1 lit. a) and Art. 49 para. 1 p. 1 lit. a GDPR.

This allows us to show you interactive maps directly in the website and enables you to use the map function comfortably.

Google Maps is integrated in such a way that data about you as a user is only transmitted to Google when you have activated Google Maps by clicking on it. We have no influence on the data transmission to Google that then takes place.

By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website as well as the date and time of your visit to the website in question and your IP address. This takes place regardless of whether you are logged in to Google. If you are logged in, however, your data will be assigned to your account. If you do not wish to be associated with your Google profile, you must log out before activating a map.

If you are logged in to Google, Google may store your data as usage profiles and use it for the purposes of providing the services, maintaining and improving the services, measuring performance, developing new services and providing personalized services, including content and advertisements. This data processing is then governed by the usage agreement concluded between you and Google as part of your Google account.

The processing of data within the scope of this service also takes place in the USA. The information generated by the cookies about the use of our website is usually transmitted to a Google server in the USA and stored there. There are corresponding risks associated with the processing of your data in the USA. By giving your consent via our cookie banner, you consent to the processing of your data in the USA, despite potential access by US authorities, Art. 49 para. 1 p. 1 lit. a GDPR.

For more information on the purpose and scope of data collection and processing by the plug-in provider, please refer to the Google privacy notice. There you will also find further information on your rights in this regard and setting options for protecting your privacy: https://policies.google.com/technologies/partner-sites and an opt-out from personalized advertising is possible at https://www.google.com/settings/ads/.

11.3 Google Fonts

Google Fonts are external fonts of Google Ireland Limited (registration number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland, https://www.google.com/fonts. The integration of Google Fonts takes place by retrieving the fonts from a Google server (usually in the EU, but possibly also in the USA). Google thereby receives the information that our website was accessed from your IP address and thus your device.

There are privacy risks associated with the possible processing of your data by Google in the USA. By giving your consent via our cookie banner, you agree to the processing of your data (here your IP address) in the USA.

The use of Google WebFonts is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 The Federal Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia (TTDSG), insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

Translated with www.DeepL.com/Translator (free version)

Google’s privacy information can be found at https://policies.google.com/privacy and an opt-out is available at https://adssettings.google.com/authenticated.

12. Our social media pages

You can find us on social networks and platforms, so that we can also communicate with you there and inform you about our services.

We point out that your data may be processed outside the European Union / European Economic Area and that the data is usually processed for market research and advertising purposes. Profiles can be created from the usage behaviour and resulting interests of the users. These profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably correspond to the interests of the users. For this purpose, cookies may be stored on the computers of the users, in which the usage behaviour and the interests of the users are stored. Other data may also be stored in these usage profiles, especially if the users are members of the respective platforms and are logged in to them.

We only link to our company profiles on the respective social networks on our website. However, please note that when you click on a link to the social networks, data is transmitted to their servers. If you are logged in to the respective social network at this time with your username and password, the information that you have visited our company profile on the respective social network from our website will be transmitted there and the respective provider can store this information in your user account.

In principle, we have no influence on the data processing of the social networks. However, we receive statistics from them about the use and visits of our company profile in their social network (e.g. information about the number of views, interactions such as likes and comments as well as summarized demographic and other information or statistics). For more information about the data processed by the social networks, please see the respective privacy notices linked below.

Insofar as we receive your personal data in the context of our social media profiles (e.g. in the context of a communication), you are entitled to the rights mentioned in this privacy notice. You can address your requests regarding data processing within the scope of our company profiles to us via the contact data mentioned above.

If you also wish to exercise rights against the provider of the social network, the easiest way to do so is to contact the respective network directly. The network knows both the details of the technical operation of the platform and the associated data processing as well as the specific purposes of the data processing. The contact details can be found in the privacy notice linked below. We will also be happy to support you in exercising your rights, insofar as this is possible for us.

The processing of your personal data is generally based on your consent in accordance with Art. 6 para 1 sentence 1 lit. a GDPR. The legal basis is also Art. 6 para 1 lit. b GDPR if we receive and process your data as part of a contract-related inquiry. The legal basis for the linking and operation of our company profiles in the social networks, including the receipt of statistics on the use of our company profiles, is Art. 6 para 1 lit. f GDPR based on our legitimate interest in our corporate communication in the respective social networks.

For information on the respective processing and the objection options, we refer to the privacy notice of the networks linked below:

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), We operate our Facebook page on the basis of a shared personal data processing agreement with Facebook – Privacy Information: https://www.facebook.com/about/privacy/ , Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com.