Privacy Policy
1. Data protection at a glance
General statements
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data are all data with which you can be personally identified. Detailed information on the topic of data protection can be found in our privacy policy listed below this text.
Data collection on this website
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator. You can find the operator’s contact information in the section “Information on the responsible body” in this privacy policy.
How do we collect your data?
Your data will be collected in part because you provide it to us. This may involve data that you enter into a contact form.
Other data are collected automatically or after your consent when you visit the website by our IT systems. Mainly this is technical data (for example web browser, operating system or time of page view). The collection of this data is automatic as soon as you enter this website.
What do we use your data for?
A part of the data is collected to ensure error-free provision of the website. Other data may be used to analyse your user behaviour.
What rights do you have regarding your data?
You always have the right to receive information, free of charge, about the origin, recipients and purpose of your stored personal data. You also have the right to request correction or deletion of these data. If you have given consent to data processing, you may revoke this consent at any time for the future. Moreover, you have the right to request restriction of processing of your personal data under certain circumstances. Further, you have a complaint right with a supervisory authority.
For this purpose as well as for further questions on the subject of personal data you may contact us at any time.
Analysis tools and third-party tools
When you visit this website your surfing behaviour may be statistically evaluated. This happens especially with cookies and so-called analysis programmes.
Detailed information about these programmes can be found in the following privacy policy.
2. Hosting
We host the contents of our website with the following provider:
External hosting
This website is hosted externally. The personal data that are collected on this website are stored on the servers of the host(s). These may include IP addresses, contact requests, meta- and communication data, contract data, contact data, names, website accesses and other data that are generated via a website.
External hosting is carried out for the purpose of contract fulfilment toward our potential and existing customers (Art. 6 (1)(b) GDPR) and in the interest of a secure, fast and efficient provision of our online offering by a professional provider (Art. 6 (1)(f) GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TTDSG, insofar as the consent includes the storage of cookies or the access to information on the user’s end device (e.g., device-fingerprinting) within the meaning of the TTDSG. The consent may be revoked at any time.
Our host(s) will process your data only to the extent that this is necessary to fulfill their performance obligations and will follow our instructions regarding these data.
We use the following host:
Google Data Center Saint-Ghislain
Rue des Roseaux
7331 Saint-Ghislain
Belgium
Order processing
We have concluded an order processing (API) contract for using the above service. This is a data protection contract required by law that ensures that this provider processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.
3. General notes and mandatory information
Data protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data will be collected. Personal data are data with which you can be personally identified. This privacy policy explains what data we collect and for what purpose we use it. It also explains how and for what purpose this occurs.
We point out that data transmission over the Internet (for example when communicating by email) may have security gaps. Complete protection of data from third-party access is not possible.
Information on the responsible body
The responsible body for data processing on this website is:
KOMOT is a brand of
Konrad Weinhuber Design GmbH
Lilienthalallee 7
80807 Munich
Germany
Phone: +49 (0) 89 15 98 98 58
E-mail: kontakt@komot-design.de
The responsible body is the physical or legal person which alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, email addresses etc.).
Storage duration
If a more specific storage period is not mentioned in this privacy policy, your personal data will remain with us until the purpose for data processing no longer applies. If you request deletion, revoke your consent to data processing or the purpose for data storage ceases to apply (e.g., after completion of your request), the data will be deleted unless we have legally permissible reasons for further storage (e.g., tax or commercial law retention periods); in that case deletion will occur when those reasons no longer apply.
General notes on the legal basis for data processing on this website
If you have given consent to data processing, we process your personal data on the basis of Art. 6 (1)(a) GDPR or Art. 9 (2)(a) GDPR if special categories of data per Art. 9 (1) GDPR are processed. In the case of consent to transfer personal data to a third country, data processing is also based on Art. 49 (1)(a) GDPR. If your data is required to fulfill a contract or for pre-contractual measures, we process your data on the basis of Art. 6 (1)(b) GDPR. Further, we process your data if processing is necessary to fulfill a legal obligation on the basis of Art. 6 (1)(c) GDPR or to protect a legitimate interest of ours or a third party on the basis of Art. 6 (1)(f) GDPR — unless your interests or fundamental rights and freedoms override our interest. The applicable legal basis is stated in the individual paragraphs of this privacy policy.
Data protection officer
We have appointed a data protection officer.
Konrad Weinhuber
Lilienthalallee 7
80807 Munich
Germany
Telefon: +49 (0)89 - 15 98 98 58
E-mail: kontakt@komot-design.de
Recipients of personal data
In the course of our business operations we work with various external bodies. Sometimes the transmission of personal data to these external bodies is required. We only pass on personal data when necessary to fulfill a contract, when we are legally obliged to do so (e.g., passing data to tax authorities), when we have a legitimate interest in transfer per Art. 6 (1)(f) GDPR, or another legal basis allows data transfer. When using processors, we only pass on personal data of our customers based on a valid processing contract. In the case of joint processing we conclude a contract of joint processing.
Revocation of your consent to data processing
Many data processing operations are only possible with your explicit consent. You may revoke your consent at any time. The lawfulness of the data processing carried out prior to revocation remains unaffected.
Right to object to data collection in special cases and to direct advertising (Art. 21 GDPR)
IF THE DATA PROCESSING IS BASED ON ART. 6 (1)(e) OR (f) GDPR, YOU HAVE THE RIGHT, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THOSE PROVISIONS. THE LEGAL BASIS FOR PROCESSING CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING PROTECTED GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 (1) GDPR). IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH MARKETING; THIS ALSO APPLIES TO PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE PROCESSED FOR THE PURPOSE OF DIRECT MARKETING (OBJECTION PURSUANT TO ART. 21 (2) GDPR).
Complaint right with the supervisory authority
In the event of a violation of the GDPR, data subjects have a right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged infringement, without prejudice to any other administrative or judicial remedy.
Right to data portability
You have the right to receive the personal data we process automatically on the basis of your consent or in fulfilment of a contract, in a commonly used, machine-readable format, and you have the right to transmit those data to another controller, provided the processing is based on Art. 6 (1)(a) GDPR or Art. 9 (2)(a) GDPR and the processing is carried out by automated means. When you request transmission directly to another controller, this will occur only if technically feasible.
Right of access, rectification and deletion
You have the right, under the applicable statutory provisions, at any time to request free information about your stored personal data, their origin and recipients and the purpose of data processing and, where applicable, a right to rectification or deletion of this data. For this purpose and for other questions about personal data you may contact us at any time.
Right to restriction of processing
You have the right to request restriction of processing of your personal data. You may contact us at any time to do so. The right to restriction of processing exists in the following cases:
- If you contest the accuracy of your personal data stored by us, we generally need time to verify this.
- If the processing is unlawful but you oppose deletion and request restriction instead.
- If we no longer need your personal data but you need them to establish, exercise or defend legal claims.
- If you have objected under Art. 21 (1) GDPR and it is not yet clear whether our legitimate grounds override yours.
If you have restricted processing, your personal data – other than storage – may only be processed with your consent, or for the establishment, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person or for reasons of important public interest of the EU or a member state.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content (for example orders or inquiries you send to us as the site operator) this site uses SSL or TLS encryption. You can tell that encryption is active because the browser’s address line changes from “http://” to “https://” and the lock-symbol appears in your browser line.
If SSL or TLS encryption is active, data you transmit to us cannot be read by third parties.
Encrypted payment transactions on this website
If there is an obligation to transmit your payment data (e.g., account number for direct debit) after conclusion of a paid contract, this data is required for payment processing.
Payment transactions via the common payment methods (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can identify an encrypted connection by the address line switching from “http://” to “https://” and by the lock-symbol in your browser line.
When encrypted communication is active your payment data submitted to us cannot be read by third parties.
Objection to advertising e-mails
The use of contact data published under the imprint obligation for the transmission of unsolicited advertising and informational material is hereby objected to. The site operators expressly reserve the right to take legal action in the event of unsolicited advertising, such as spam emails.
4. Data collection on this website
Cookies
Our websites use so-called “cookies”. Cookies are small data packages and do no damage to your end device. They are either temporarily stored for the duration of a session (so-called session cookies) or permanently stored (persistent cookies) on your end device. Session cookies are deleted automatically after your visit ends. Permanent cookies remain on your end device until you delete them yourself or automatic deletion occurs via your web browser.
Cookies may come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies may enable functionalities of third-party services within websites (for example cookies for payment services).
Cookies serve different functions. Many cookies are technically necessary because certain website functions would not work without them (for example shopping cart functionality or the display of videos). Other cookies may be used to evaluate user behaviour or for advertising purposes.
Cookies that are required for the electronic communication process, for the provision of certain features you have requested (e.g., shopping cart function) or for the optimisation of the website (e.g., cookies to measure web audience) are stored based on Art. 6 (1)(f) GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to provide his services in a technically error-free and optimised manner. If user consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of that consent (Art. 6 (1)(a) GDPR and § 25 (1) TTDSG); the consent may be revoked at any time.
You can set your browser so that you are informed about the setting of cookies, allow cookies only in individual cases, accept cookies for certain cases or generally exclude them and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated the functionality of this website may be restricted.
Which cookies and services are used on this website can be found in this privacy policy.
CookieFirst
Our website uses CookieFirst to obtain your consent to the storage of specific cookies on your end device or to the use of certain technologies and to document them in a data-protection compliant way. The provider of this technology is Digital Data Solutions B.V. (CookieFirst), Plantage Middenlaan 42A, 1018 DH Amsterdam, Netherlands (hereinafter “CookieFirst”).
When you enter our website a connection to the servers of CookieFirst is established in order to obtain your consents and other statements regarding cookie usage. CookieFirst then stores a cookie in your browser so that the given consents or their revocations can be assigned. In the process the IP address (anonymised), the user agent of browser and operating system as well as the URL from which the consent was given are processed and integrated in CookieFirst. The data collected in this way are stored until you ask us to delete them, you delete the CookieFirst-cookie yourself or the purpose for data storage ceases to apply. Mandatory statutory retention obligations remain unaffected.
CookieFirst transmits personal data to third-party providers. These include a CDN from Slovenia, IP geolocation from Romania and hosting by OHV in Germany and France. CookieFirst is headquartered in Amsterdam, Netherlands.
The use of CookieFirst is to obtain the legally required consents for the use of cookies. Legal basis is Art. 6 (1)(c) GDPR.
Server-log files
The provider of the pages automatically collects and stores information in so-called server log files which your browser transmits automatically to us. These are:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
A merging of this data with other data sources will not occur.
The collection of this data is based on Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of his website — for this purpose server-log files must be stored.
Contact form
If you send us enquiries via a contact form, your details from the enquiry form including the contact details you provide there will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. We will not pass these data on without your consent.
The processing of data from the enquiry form takes place on the basis of Art. 6 (1)(b) GDPR if your enquiry is related to the fulfilment of a contract or necessary for pre-contractual measures. In all other cases the processing is based on our legitimate interest in effective handling of enquiries addressed to us (Art. 6 (1)(f) GDPR) or on your consent (Art. 6 (1)(a) GDPR) if this was requested; the consent can be revoked at any time.
The data you enter in the contact form will remain with us until you ask us to delete them, revoke your consent to storage or the purpose for data storage ceases (e.g., after completed handling of your enquiry). Mandatory statutory provisions — especially retention periods — remain unaffected.
Enquiry by email, telephone or fax
If you contact us by email, telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of handling your request. We will not pass on these data without your consent.
The processing of data from the enquiry is based on Art. 6 (1)(b) GDPR if your enquiry is related to the fulfilment of a contract or necessary for pre-contractual measures. In all other cases processing is based on our legitimate interest in effective handling of enquiries addressed to us (Art. 6 (1)(f) GDPR) or on your consent (Art. 6 (1)(a) GDPR) if requested; the consent can be revoked at any time.
The data you send us will remain with us until you ask us to delete them, revoke your consent to storage or the purpose for data storage ceases (e.g., after final handling of your request). Mandatory statutory provisions — especially retention periods — remain unaffected.
5. Analysis tools and advertising
Google Tag Manager
We use Google Tag Manager. Provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistic-tools and other technologies on our website. Google Tag Manager itself does not create user-profiles, store cookies or carry out independent analyses. It simply manages and deploys the tools that are integrated via it. However, Google Tag Manager does record your IP address which may be transferred to the parent company of Google in the United States.
The use of Google Tag Manager is based on Art. 6 (1)(f) GDPR. We have a legitimate interest in quick and uncomplicated integration and management of various tools on our website. If consent was asked, processing is exclusively based on Art. 6 (1)(a) GDPR and § 25 (1) TTDSG; consent may be revoked at any time.
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA which aims to guarantee adherence to European data protection standards for data processing in the USA. Each company certified in DPF commits to these standards. More information can be found here:
https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active
Google Analytics
This website uses features of the web analysis service Google Analytics. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics allows the website operator to analyse the behaviour of website visitors. The operator receives various usage data, such as page views, dwell time, operating systems used, and origin of the user. These data are associated with the respective user device. No User-ID assignment occurs.
We may also record your mouse and scroll movements and clicks. Further modelling approaches and machine-learning technologies are employed in Google Analytics.
Google Analytics uses technologies that enable user recognition for the purpose of analysing user behaviour (e.g., cookies or device-fingerprinting). The information Google collects about the use of this website will generally be transmitted to a Google server in the USA and stored there.
The use of this service is based on your consent (Art. 6 (1)(a) GDPR and § 25 (1) TTDSG). The consent may be revoked at any time.
Data transfer to the USA is based on the EU Standard Contractual Clauses of the European Commission. Details here:
https://privacy.google.com/businesses/controllerterms/mccs/
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA which aims to guarantee adherence to European data protection standards for data processing in the USA. Each company certified in DPF commits to these standards. More information can be found here:
https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Browser Plugin
You can prevent data collection and processing by Google by installing the browser-plugin available at:
https://tools.google.com/dlpage/gaoptout?hl=de
More information on how Google handles user data can be found in Google’s privacy policy:
https://support.google.com/analytics/answer/6004245?hl=de
Order processing
We have concluded a processing contract with Google and implement the strict requirements of the German data protection authorities in using Google Analytics.
Google Analytics E-Commerce Measurement
This website uses the “E-commerce measurement” feature of Google Analytics. With this feature the website operator can analyse customer-behaviour on this website for improving online marketing campaigns. Information such as orders made, average order value, shipping costs, and time from product view to purchase are captured. These data can be combined by Google under a transaction ID which is assigned to the respective user or device.
Google Ads
We use Google Ads. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to display advertising in the Google search engine or on third-party websites when the user enters certain search terms (keyword targeting). Furthermore, targeted advertisements may be shown based on user data held by Google (e.g., location data and interests) (audience targeting). We as website operator can evaluate quantitatively e.g., which search terms led to display of our ads and how many clicks resulted.
The use of this service is based on your consent (Art. 6 (1)(a) GDPR and § 25 (1) TTDSG). The consent may be revoked at any time.
Data transfer to the USA is based on the EU Standard Contractual Clauses of the European Commission. Details here:
https://policies.google.com/privacy/frameworks und
https://privacy.google.com/businesses/controllerterms/mccs/
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA which aims to guarantee adherence to European data protection standards for data processing in the USA. Each company certified in DPF commits to these standards. More information can be found here:
https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active
Google Conversion-Tracking
This website uses Google Conversion Tracking. Provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
With Google Conversion Tracking Google and we can recognise whether the user carried out certain actions. For example we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased frequently. These data serve to create conversion statistics. We receive only the total number of users who clicked on our ads and which actions they performed. We receive no information that personally identifies the user. Google itself uses cookies or comparable recognition technologies for identification.
The use of this service is based on your consent (Art. 6 (1)(a) GDPR and § 25 (1) TTDSG). The consent may be revoked at any time.
Mehr Informationen zu Google Conversion-Tracking finden Sie in den Datenschutzbestimmungen von Google:
https://policies.google.com/privacy?hl=de
The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA which aims to guarantee adherence to European data protection standards for data processing in the USA. Each company certified in DPF commits to these standards. More information can be found here:
https://www.dataprivacyframework.gov/s/participant-search/participantdetail?contact=true&id=a2zt000000001L5AAI&status=Active
6. Newsletter
Newsletter data
If you would like to receive the newsletter offered on the website, we need your email address and information that allow us to verify you are the owner of the given email address and agree to receive the newsletter. Further data will only be collected on a voluntary basis. These data are used exclusively for sending the requested information and will not be passed to third parties.
The processing of data entered in the newsletter subscription form takes place exclusively on the basis of your consent (Art. 6 (1)(a) GDPR). You may revoke your consent to storage of the data, the email address and their use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The lawfulness of the processing carried out up to revocation remains unaffected.
The data stored by us for the purpose of sending the newsletter will be stored by us until you unsubscribe from the newsletter and subsequently deleted. We reserve the right to delete email addresses from our newsletter distribution list at our discretion and on the basis of our legitimate interest (Art. 6 (1)(f) GDPR).
Data stored for other purposes remain unaffected.
After your unsubscription your email address may be stored in a blacklist by us or the newsletter provider, if this is necessary to prevent future mailings. The data in the blacklist will only be used for this purpose and not merged with other data. This serves both your interest and our interest in compliance with legal requirements for sending newsletters (legitimate interest per Art. 6 (1)(f) GDPR). Storage in the blacklist is indefinite unless you object and your interests override our legitimate interest.
7. eCommerce and payment providers
Processing of customer and contract data
We collect, process and use personal customer and contract data to establish, structure and change our contractual relationships. Personal data about the use of this website (usage data) are only collected, processed and used if this is necessary to enable the user to use the service or for billing. The legal basis for this is Art. 6 (1)(b) GDPR.
The customer data will be deleted after the completion of the order or termination of the business relationship and expiry of any retention periods, unless there are legal reasons requiring further storage.
Data transmission on conclusion of contract for online-shops, dealers and shipping
If you order goods from us we transmit your personal data to the shipping company commissioned to deliver and to the payment service provider entrusted with payment processing. We only pass on the data that is required by the respective service provider to fulfil their task. The legal basis for this is Art. 6 (1)(b) GDPR. If you have consented (Art. 6 (1)(a) GDPR) we may pass your email address to the shipping company so that it can inform you by email about the status of your delivery; you may revoke consent at any time.
8. Our own services
Handling of applicant data
We offer you the possibility to apply to us (e.g., by email, by post or via an online application form). Below we inform you about the scope, purpose and use of your personal data collected in connection with the application process. We guarantee that collection, processing and use of your data will be in accordance with applicable data protection law and all other legal provisions and that your data will be treated confidentially.
Scope and purpose of data collection
If you submit an application, we process the personal data transferred by you (e.g., contact and communication data, application documents, notes made as part of interview processes etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis is § 26 BDSG (German Federal Data Protection Act) for initiating an employment relationship, Art. 6 (1)(b) GDPR (general contract initiation) and — if you have given consent — Art. 6 (1)(a) GDPR. Consent may be revoked at any time. Your personal data will be disclosed within our company only to persons involved in the application process. If the application is successful, the data submitted by you will be stored on the basis of § 26 BDSG and Art. 6 (1)(b) GDPR for the purpose of carrying out the employment relationship.
Storage duration of the data
If we cannot make you a job offer, you reject an offer or you withdraw your application, we reserve the right — based on our legitimate interest (Art. 6 (1)(f) GDPR) — to retain the data you submitted for up to 6 months from the end of the application process (offer rejection or withdrawal). Afterwards the data will be deleted and any physical application documents destroyed. The retention serves to prove our actions in case of legal disputes. If it becomes evident that the data will still be required after the 6-month period (for example due to pending legal dispute), deletion will occur when the purpose for further storage ceases.
A longer storage period may apply if you have given consent (Art. 6 (1)(a) GDPR) or if statutory retention obligations prevent deletion.