Thank you for visiting our website and for your interest in our company and our services. With the following data protection declaration we explain which personal data we collect about you when you visit our web pages.
www.keraphlex.de / www.keraphlex.com
www.neutrea.de / www.neutrea.eu
www.fleet-street-barbers.de / www.fleet-street-barbers.com
and how they are used. You will also find information below on which data is collected as a result of a business relationship and in the case of an application. At the same time, this compilation serves to inform you about the processing of your data in accordance with Art. 13 of the General Data Protection Regulation (DSGVO).
We take the protection of personal data very seriously and always process it in accordance with the applicable data protection regulations, in particular the EU Data Protection Regulation DSGVO. With this data protection declaration, we would like to fully inform you about the type, scope and purpose of the personal data we process and your rights as a data subject.
Responsible party in terms of data protection laws - in particular the EU General Data Protection Regulation (DSGVO):
Industrial park Mersch
45721 Haltern am See
Managing Director: Günter Irmen
Telephone – +49 2364 – 50238-0
Fax – +49 2364 – 50238-29
Data Protection Officer
Frankfurter Daten GmbH & Co. KG
You have the right
Data subject rights
Right of objection
- to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
- in accordance with Art. 16 DSGVO, to demand the immediate correction of inaccurate or incomplete personal data stored by us;
- in accordance with Article 17 of the Regulation, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation based on public interest considerations, or for the establishment, exercise or defence of legal claims;
- in accordance with Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;
- pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
- revoke your consent at any time in accordance with Art. 7 (3) DSGVO. This has the consequence that we may no longer continue the data processing based on this consent in the future; and
- complain to a data protection supervisory authority about our processing of your personal data in accordance with Art. 77 DSGVO.
You can lodge a complaint with the supervisory authority responsible for you at any time.
Please refer to the following link to find the supervisory authority responsible for you, as the responsibility depends on the federal state of your residence:
Purposes of data processing by the controller and third parties
- you have given us your express consent to do so,
- this is necessary for the performance of a contract with you,
- this is necessary to fulfil a legal obligation,
- or this is necessary to protect legitimate interests, but only if we must and can assume that there is no predominantly legitimate interest on your part in not disclosing your data.
Deletion or blocking of data
In accordance with the legal requirements, we adhere to the principles of data avoidance and economy. Your personal data will therefore only be stored by us for as long as is necessary for the aforementioned purposes or as long as the periods stipulated by the legislator have to be observed. After expiry of these periods or after fulfilment of the purpose, the data will be routinely blocked or deleted in accordance with the statutory provisions.
Collection and storage of personal data
When calling up one of the above-mentioned websites
When calling up the above-mentioned websites (as well as all sub-pages), information of a general nature is automatically sent to the server of this website by your browser (e.g. Microsoft Internet Explorer, Google Chrome, Mozilla Firefox, Opera, Apple Safari etc.). This information is only technically necessary to display the content correctly. When using the Internet, this information is automatically and compulsorily collected.
Every time content on the website is accessed, data is temporarily stored that may allow identification. This information is temporarily stored in a so-called log file. This involves the following information:
- Date and time of access
- IP address
- Host name of the accessing computer
- External pages from which our website was accessed
- External pages accessed via our website
- Pages visited on our website
- Message as to whether the call was successful
- Amount of data transferred
- Information on browser type and version used
- Operating system
The temporary storage of data is necessary for the course of a website visit in order to enable the delivery of content. Further storage in log files takes place in order to ensure the functionality of the website and the security of the information technology systems. Our legitimate interest in data processing also lies in these purposes.
On what legal basis is this data processed? The data is processed on the basis of Art. 6 para. 1 lit. f DSGVO.
Are there other recipients of the personal data besides the responsible party? The websites are stored at Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany. The hoster receives the above-mentioned data as an order data processor.
How long is the data stored? The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the respective session has ended. The log files are kept directly and exclusively accessible to administrators for a maximum of 24 hours. After that, they are only indirectly available via the reconstruction of backup tapes and are finally deleted after a maximum of 4 weeks.
The processing of your personal data is derived from our legitimate interest in the aforementioned data collection purposes. We do not use your data to draw conclusions about your person. The only recipients of the data are the responsible office in our company or any commissioned data processors. Anonymous information of this kind may be statistically analysed by us in order to optimise our Internet presence and the technology behind it.
To protect your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS.
As a rule, this involves 256-bit encryption. For your security, the web server forces the SSL variant to be called up. The SSL certificate is of course renewed regularly when it expires. You can see whether a page is transmitted in encrypted form by the display of a key or lock symbol in the top or bottom bar of your browser. Furthermore, technical and organisational security measures are used to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. These security measures are continuously improved or adapted in line with technical progress.
Integration of social media (Facebook etc.)
We use links to the Facebook, YouTube, Instagram, LinkedIn and Xing networks on our website. This is a linking of the logo graphics to the corresponding network. Apart from a possible storage of the referrer URL, no data is stored on our website. We are not responsible for data processing and possible data transfer in the corresponding networks.
– Type of data: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
– Data subjects: Users (e.g. website visitors, users of online services).
– Legal basis: legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).
For more information, see:
Data processing when visiting our social media profiles
We are represented with a company page on the above-mentioned social media platforms.
Through this, we would like to offer you further opportunities for information about our company and for exchange. If you visit a profile on a social media platform or interact with it, personal data may be processed. Personal data also includes information associated with a social media profile used, as well as messages and statements made using the profile. In addition, during your visit to a social media profile, certain information is often automatically collected which may also constitute personal data.
When you visit our Facebook or Instagram page, through which we present our company and individual products from our range, certain information about you is processed. The sole controller of this processing of personal data is Facebook Ireland Ltd (Ireland/EU – „Facebook“). You can obtain further information about the processing of personal data by Facebook at: https://www.facebook.com/privacy/explanation.
Facebook offers you the possibility to object to certain data processing. Information on this as well as opt-out options can be found at: https://www.facebook.com/settings?tab=ads.
Facebook provides us with anonymised statistics and insights for our Facebook and Instagram page, which we use to gain knowledge about the types of actions users take on our page (so-called „page insights“). The basis for the creation of page insights is certain information about people who have visited our site. This processing of personal data is carried out by Facebook and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our site and to improve our site based on these insights. The legal basis for this processing is Art. 6 para. 1 p. 1 lit. f DSGVO.
We cannot assign the information obtained via Page Insights to individual Facebook profiles that interact with our Facebook page. We have entered into a joint controller agreement with Facebook, which sets out the distribution of data protection obligations between us and Facebook. Details of the processing of personal data to create Page Insights and the agreement entered into between us and Facebook can be found at: https://www.facebook.com/legal/terms/information_about_page_insights_data.
In accordance with the Facebook data protection regulations, user data is also processed in the USA or other third countries. Facebook only transfers user data to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 DSGVO or on the basis of appropriate guarantees in accordance with Art. 46 DSGVO.
When you visit, follow or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymised statistics and insights. This provides us with insights into the types of actions that people take on our page (so-called page insights). For this purpose, LinkedIn processes in particular data that you have already provided to LinkedIn via the information in your profile (e.g. data on your professional position, country, industry, seniority, company size and employment status). In addition, LinkedIn will process information about how you interact with our LinkedIn company page, e.g. whether you are a follower of our LinkedIn company page. With Page Insights, LinkedIn does not provide us with any personal data about you. We only have access to the aggregated Page Insights. It is also not possible for us to draw conclusions about individual members via the information provided. This processing of personal data as part of the Page Insights is carried out by LinkedIn and us as joint controllers. The processing serves our legitimate interest to evaluate the types of actions taken on our LinkedIn company page and to improve our company page based on these insights. The legal basis for this processing is Art. 6 (1) p. 1 lit. f DSGVO.
We have entered into a joint controller agreement with LinkedIn, which sets out the distribution of data protection obligations between us and LinkedIn. The agreement is available at: https://legal.linkedin.com/pages-joint-controller-addendum.
Google Ireland Limited, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA is the sole controller of personal data when you visit our YouTube channel. We use our YouTube channel to inform you about our offers and functions on our website. The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO.
You have the option of making settings in your Google account that restrict or stop the processing of your data. You can find out more about this at: https://myaccount.google.com/intro?hl=de and under the heading „Manage, check and update data“ at: https://policies.google.com/privacy?hl=de&gl=de.
We operate a business profile for self-promotion on the social media network XING. According to the ruling of the European Court of Justice (ECJ) of 05.06.2018, Ref. C-210/16, the operator of social media sites is at least jointly responsible for data processing within the meaning of Art. 26 DSGVO. We assume an analogous applicability of this decision to XING. So far, we are not aware that XING offers an agreement that meets the requirements of Art. 26. After enquiring, we received a response from Xing’s data protection officer (on 03.09.2020): In our current view, there is no case of joint responsibility, which is why we do not conclude any data processing agreements pursuant to Art. 26 DSGVO.
- Type of data: email address, name, contact details, data published by the user.
- Purpose: To establish contact on the company profile, networking business partners.
- Legal basis: Contract fulfilment Art. 6 lit. b DSGVO, legitimate interest Art. 6 lit. f, consent Art. 6 lit. a
- Data transfer to third parties: not known except for XING
- Data transfer abroad: does not take place
- Storage period: all data will be deleted when you unsubscribe.
We would like to point out that the data protection declaration of XING SE, Dammtorstraße 30, DE-20354 Hamburg, Germany, Tel.: +49 40 419 131-0 , Fax: +49 40 419 131-11, E-Mail: info(at)xing.com, (hereinafter: XING) is applicable for any further processing on our XING company website. Further information on the processing of personal data by XING can be found here: privacy.xing.com/en/datenschutzerklaerung
Processing of data you provide to us via our social media pages
We process information that you have provided to us via our company page on the respective social media platform. Such information may be, for example, the username used, contact details or a message to us. We regularly process this personal data only if we have previously expressly requested you to provide us with this data. These processing operations are carried out by us as the sole data controller. We process this data on the basis of our legitimate interest in contacting persons making enquiries. The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO.
Google Web Fonts
We use the „Web Fonts“ service provided by Google (Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) on this website to make the typeface uniform and visually appealing.
The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. The legitimate interest follows from the listed purposes for data collection.
You can find more information about data processing by Google as well as setting options in Google’s data protection information at https://www.google.com/intl/de/policies/privacy/.
Google LLC is certified for the us-European data protection agreement „Privacy Shield“. This ensures compliance with the level of data protection applicable in the EU. You can find more information at: https://www.privacyshield.gov/EU-US-Framework
Cookies are text files that are stored on the end device of the internet user. They are used to control the internet connection during your visit to our website. At the same time, we receive information via these cookies that enables us to optimise our website to the needs of the visitor.
Cookies are partly only stored by your browser for the duration of your stay on the website, but partly also for a longer period of time. All cookies on our website contain purely technical information, not personal data. You can also view our website without cookies. However, most browsers accept cookies automatically. You can prevent cookies from being saved by specifying this in your browser settings. If you do not accept cookies, this may lead to functional restrictions of our offers.
Cookies generally do not cause any damage, they do not transmit viruses, do not read out hard disk contents or e-mail addresses. Cookies are used to optimise the user experience and thus make visiting this website more pleasant. Two types of cookies are used, session cookies and temporary cookies. Session cookies are used to recognise which pages of this website you have already visited. These are automatically deleted when you leave the site. Temporary cookies are stored on your terminal device for a specific, defined period of time. When you visit this website again at a later time, your browser (if you have also used it before) transmits the information stored in the cookie back to this website. This enables information to be displayed that is individual and adapted to you, in particular which entries and settings have been made so that you do not have to enter them again.
Contact requests / contact options
If you contact us via the contact form or e-mail, the data you provide will be used to process your enquiry. The data provided is necessary for processing and answering your enquiry.
The purpose of the contact form is to process customer enquiries, user complaints and to improve our service. Your data will be deleted if your enquiry has been conclusively answered and the deletion does not conflict with any statutory retention obligations, e.g. in the case of any subsequent contract processing.
The legal basis for this processing is Art. Art. 6 para. 1 lit. b DSGVO.
If you send us an e-mail, your e-mail address (if applicable, with the name you have chosen as sender information), the subject you have chosen and the content of your message will be processed. The data processing is necessary in order to be able to answer your enquiry appropriately or to be able to initiate measures requested by you or to fulfil other legal obligations towards you which are the subject of the enquiry. Only the data required for the above purposes will be processed.
The legal basis for the processing of the data is our legitimate interest in responding to your request in accordance with Art. 6 (1) f DSGVO.
If your e-mail is sent in order to enter into a contractual relationship with us or so that pre-contractual measures can be carried out by us, the legal basis for the processing is also Art. 6 (1) b DSGVO.
The personal data will be deleted after your enquiry has been dealt with, provided that there are no legal obligations to retain data.
If you send us a letter or send us a fax, the personal data you provide and the facts of the case will be processed. The data processing is necessary in order to be able to answer your enquiry appropriately or to initiate measures requested by you or to fulfil other legal obligations towards you which are the subject of the enquiry. Only the data required for the above purposes will be processed.
The legal basis for the processing of the data is our legitimate interest in responding to your enquiry in accordance with Art. 6 (1) f DSGVO.
If the contact is made by post or fax in order to enter into a contractual relationship with us or so that pre-contractual measures can be carried out by us, the legal basis for the processing is also Art. 6 (1) b DSGVO.
The personal data will be deleted after your enquiry has been dealt with, provided that there are no statutory retention obligations to the contrary.
COLLECTION OF CUSTOMER DATA WITHIN THE FRAMEWORK OF OUR BUSINESS RELATIONSHIP
We process the following personal data if a contractual relationship exists between you and us or you have otherwise provided the data to us:
- Company data (name, address)
- Personal data (name, address)
- Communication data (telephone number, fax, e-mail address, website)
- Contract master data (contractual relationship, contractual interest)
- Billing and payment data
- Storage period: according to the legal obligation to keep records
If we provide chargeable services for you, we request data, such as payment details, in order to be able to execute your order. We store this data in our systems until the statutory retention periods have expired.
Information on the purpose of processing and legal basis: We collect this data for the purpose of fulfilling the contract, expanding the business relationship and/or providing appropriate advice and information on our company’s products by post, telephone or e-mail. The data is necessary and required for this purpose. The legal basis results from the DSGVO Art. 6 para. 1, lit. a (consent), lit. b (contract fulfilment) and lit. f (legitimate interest). Data is not passed on (except to our commissioned data processors).
HANDLING OF APPLICATION DOCUMENTS
Application documents are stored in accordance with the statutory retention period. Personal application data is generally deleted 3 to 6 months after the application process has been completed. This does not apply if legal regulations or the voluntary consent of the person concerned prevent deletion. Please note that the transmission of your application documents in a normal e-mail is not encrypted and therefore insecure. However, you can send your e-mail attachment as an encrypted PDF. Alternatively, you can send your application by post – this is the most secure method (registered mail etc.). We process the personal data that you have provided in the course of your application.
INFORMATION ON THE PURPOSE OF THE PROCESSING AND THE LEGAL BASIS
We process the data you have sent us in connection with your application in order to assess your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application procedure.
The legal basis for the processing of your personal data in this application procedure is primarily Section 26 BDSG. According to this, the processing of data required in connection with the decision on the establishment of an employment relationship is permissible. Should the data be required for legal prosecution after the application procedure has been completed, data processing may be carried out on the basis of the requirements of Art. 6 DSGVO, in particular to safeguard legitimate interests pursuant to Art. 6 (1) DSGVO. Our interest then consists of asserting or defending claims. Should there be a need for longer-term storage (e.g. for further vacant positions or positions that become vacant), this will be done on the basis of your consent in writing (pursuant to Art. 6 para. 1 lit. a DSGVO).
ADAPTATION OF THE DATA PROTECTION GUIDELINES
Due to the further development of our website or the implementation of new technologies or similar, it may become necessary to amend this data protection notice. We reserve the right to change the data protection notice at any time with effect for the future. We recommend that you read the current data protection information again from time to time.
QUESTIONS ABOUT DATA PROTECTION
If you have any questions about data protection, please contact our data protection officer: email@example.com.