By “Personal Data” we refer to any information relating to you as an identified or identifiable natural person. It may include your name, gender, e-mail address, and phone number. Anonymous information that does not contain any references to a specific person is not qualified as “Personal Data”.
1 Controller’s Name and Details
Controller (also referred to as “we”, “our” and “us”), in terms of General Data Protection Regulation (GDPR) and other data protection or data privacy laws in the Member States of the European Union, and regarding our corporate website (koenig-pa.de) and our Customer Portal (koenig-pa.de/customerportal), as well as any other websites and services on which this Policy is posted, is:
Im Talesgrund 9a
91207 Lauf a.d. Pegnitz, Germany
2 Contact of the Data Protection Officer
The contact details of Data Protection Officer of koenig-pa GmbH are:
koenig-pa Data Protection Officer
Im Talesgrund 9a
91207 Lauf a.d. Pegnitz, Germany
3 General Information
We process your Personal Data only when necessary for the performance of a contract with you. Processing is necessary for compliance with a legal obligation to which we are subject, or based on our legitimate interests, except where such interests are overridden by the interests or fundamental rights and freedoms for which require the protection of your personal data. Except as set forth in this Policy, your Personal Data will not be used for any other purpose without your consent.
The term “Services” refers to the act of providing you with the opportunity to use our corporate website (“Site”), Customer Portal, customer’s profile information (“Profile”), support services, and any of our other services related to our products.
3.1 Your Rights
You can choose how we use your Personal Data using our User Profile Settings. As we need to identity you before we follow your instructions on Personal Data use, you need to have a registered Profile to access the Profile Settings.
Through Profile Settings, you can:
- withdraw your consent given to us in accordance with Article 6(1)(a) of the GDPR;
- correct your Personal Data if you find it to be erroneous;
- access the Personal Data we store about you;
- delete your Profile and related Personal Data.
3.2 Information Security
We understand the importance of the security of your Personal Data, and we apply commercially reasonable efforts to store and maintain your Personal Data in a secure environment. We have implemented procedures designed to limit the dissemination of your Personal Data to only such designated staff, and to protect your information from destruction, misuse, unauthorized access, disclosure, and alternation.
3.3 Processing by Third Parties
We may share Personal Data with our partners or agents working on our behalf for the purposes described in this Policy. For example, we may hire companies to assist with protecting and securing our systems or services. Any vendor or agent that we retain must comply with our data privacy and security requirements and are not allowed to use Personal Data they receive from us for any other purpose. Those companies may be located outside of the European Economic Area.
We recognize that we have a special obligation to protect personal information obtained from children. We will not knowingly collect Personal Data from any child, or process such information, without parental consent. For the purpose of this Policy, a child means any individual who is under the age of 18 (or the minimum legal age to consent to the collection and processing of Personal Data where this is different under applicable law).
3.5 Data Retention
We will keep your Personal Data for as long as it remains necessary for the identified purpose or as required by law, which may extend beyond the termination of our relationship with you. All retained Personal Data will remain subject to the terms of this Policy.
4 Collection of Information
In relation to your use of our Services, we gather information either directly from you (when you provide information to us) or indirectly (for example, through our Site’s technology).
4.1 Information Collected Directly
As far as possible, we collect your Personal Data (name, addresses, email addresses, phone numbers, etc.) and other information on a voluntary basis. It is entirely your decision to provide the requested information. However, use of certain Services is possible only if you provide us with required information. For example, when creating a Profile on our customer Portal, you are asked to provide Personal Data including, but not limited to, your name, email address, company name and address, and telephone number.
4.2 Information Collected Indirectly
As you navigate our Site, we may also collect variety of information through the use of commonly-used web analytics tools, such as cookies and Web beacons (“Analytics Information”). This information may include, but not limited to, web browser information (such as browser type and browser language), your Internet Protocol (IP) address, demographics information, geo-location information, statistical and aggregated information. Statistical or aggregated information does not directly identify a specific person, but it may be derived from Personal Data.
We use Google Analytics to collect information about your use of our Site. This information may be transmitted to and stored to Third-Party Analytics Providers’ servers, which may be located outside of the European Economic Area. On our behalf, Third-Party Analytics Providers will use this information for the purpose of evaluating your use of our Site, compiling reports on website activity, and providing other services relating to website activity.
4.2.1 Google Analytics Cookies
We use the following Google Analytics cookies:
- _ga – to collect information and report website usage statistics; expires after 2 years;
- _gid – to distinguish users; it expires after 24 hours.
- _gat – to throttle request rate; it expires after 1 minute.
4.2.2 Google Maps
5 Use of Information
We need to process your Personal Data in order to fulfil the contract with you according to Article 6(1)(b) of the GDPR. We will use your Personal Data, unless otherwise prohibited by law, for the following purposes:
- to provide you with the Services you request;
- to communicate with you about your Profile information or transactions with us;
- to send you information about features on our Site or changes to our policies;
- to provide support including, but not limited to, product updates and fixes, product and services announcements, and other similar communications;
- to improve our Site and other services.
If we plan to use your Personal Data in the future for any other purposes not identified above or below, we will only do so after informing you and updating this Policy.
5.1 Communication Purposes
5.2 Site Improvement Purposes
We may use your Analytics Information in conjunction with an analytics service such as Google Analytics to monitor and analyze use of the Site, for the technical administration, and to increase the functionality and user-friendliness of the Site.
6 Sharing Information
We may provide access to some of your Personal Data to third parties to provide marketing-related and other research. Additionally, we may employ third parties to help us improve the Site. We share only anonymous data with these third parties unless your Personal Data is required for the requested services or research. These third parties may have limited access to databases, and they will be subject to contractual restrictions prohibiting them from using the information for any other purpose.
7 Important Exceptions
We may disclose your Personal Data to third parties without your consent if we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) our rights or property, other users of the Site, or anyone else (including the rights or property of anyone else) that could be harmed by such activities. We may disclose Personal Data when we believe in good faith that such disclosure is required by and in accordance with the law.
8 Your Rights
8.1 Right of Access
You can use the right to access your Personal Data through the “Data Export” tool available in the My Profile page of the Customer Portal. Once you have used the tool, you can download a copy of your Personal Data from the Customer Portal.
8.2 Right to Rectification
You control what personal and contact information we associate with your Profile. If they change, you can modify the data sending a request to us using “My Profile” page of the Customer Portal. We encourage you to inform us if any of the Personal Data we retain about you is inaccurate.
8.3 Right to Erasure
You have the right to delete your Profile and all the information associated with it using “My Profile” page of the Customer Portal. As a result of deleting your Profile, you will lose access to Customer Portal and most services available through it, including quote and product ordering, license acquiring, and technical support.
It will not be possible to restore your Profile once it has been deleted. To access products and services that were previously available, can create a new Profile and contact us for assistance.
8.3.1 Grace period
We allow you to restore your Profile during a grace period of 30 (thirty) days from the moment you request deletion of your Profile. This functionality allows you not to lose important information related to your quotes, orders, licenses and other options by mistake.
8.3.2 Information we retain
Upon expiry of the grace period, we will delete all Personal Data about you, except for the data that are required for our compliance with the requirements of applicable laws (for example, tax and accounting requirements).
8.4 Right to Object
Where processing of your Personal Data is based on legitimate interests according to Article 6(1)(f) of the GDPR, you can use your right to object at any time. If you object, we will delete your Profile and all the Personal Data associated with it, unless there are compelling and prevailing legitimate grounds for the processing or the data is necessary for the establishment, exercise or defense of legal claims.
9 Changing This Policy
We may change this Policy from time to time for various reasons, such as legal and regulatory changes, changes in industry practices and technological developments that need to be reflected. If we decide to change this Policy, we will post or provide appropriate notice. Any non-material change (such as clarifications) to this Policy will become effective on the date the change is posted, and any material changes will become effective 30 (thirty) days from their posting on koenig-pa.de/privacy-policy.