Privacy Policy

We, Kieback&Peter GmbH & Co. KG (hereinafter Kieback&Peter), are delighted that you are interested in our company. Our Privacy Policy is intended to provide information for visitors to our website, applicants, interested parties and external partners as well as other groups of persons whose personal data we process.

We aim to structure our Privacy Policy in such a way that it is quick and easy for everyone to see what data we process and for what purposes.

If you have any questions about our Privacy Policy, please send an email to datenschutz[at]kieback-peter.de.

General Information

The controller in accordance with Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR) is:

Kieback&Peter GmbH & Co. KG
Tempelhofer Weg 50
12347 Berlin, Germany

Email: info[at]kieback-peter.de

(See our imprint).

You can contact our data protection officer Mr. Marco Tessendorf at datenschutz[at]kieback-peter.de or by sending a letter to “Data protection” at our postal address.

You have the following rights with regard to your personal data:

  • Right of access: Art. 15 GDPR
  • Right to rectification: Art. 16 GDPR
  • Right to erasure: Art. 17 GDPR
  • Right to restriction of processing: Art. 18 GDPR
  • Right to data portability: Art. 20 GDPR

If data is processed on the basis of Art. 6 para. 1(e) or (f) GDPR, you have the right to object at any time to the processing of your personal data for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this Privacy Policy.

If you file an objection, we will no longer process your personal data in question unless we can prove compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defense of legal claims (objection pursuant to Art. 21 para. 1 GDPR).

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising; this also applies to profiling, insofar as it is associated with such direct marketing. If you object, your personal data will no longer be used for direct marketing purposes (objection pursuant to Art. 21 para. 2 GDPR).

Objections are free of charge and can be made without a required form. If possible they should be sent via email to: datenschutz[at]kieback-peter.de. Objections can also be sent via post to “Data protection” at our postal address.

You have the right to lodge a complaint with a supervisory authority regarding the processing of your personal data by us.

The authority responsible for you is the Berlin Commissioner for Data Protection and Freedom of Information at the following address:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219
10969 Berlin, Germany

Phone: +49 30 13889-0

Email: mailbox[at]datenschutz-berlin.de

1. Information security and data protection management

The protection of personal data is a matter of importance to us. In addition to a data protection management system, Kieback&Peter also has an information security management system in place in which data protection standards are firmly established.

Kieback&Peter’s information security management system is audited and certified on a regular basis pursuant to DIN ISO 27001.

Procedures and regulations are in place stipulating that every employee is acquainted with issues surrounding data protection. This includes every employee being given instruction in the applicable regulations upon commencement of work. By signing the employment contract, every employee undertakes to handle all personal data with utmost confidentiality. Data protection training is provided regularly. In addition, information on the subject of data protection is available at a central location. A data protection officer has been appointed (see “Our data protection officer”).

Your data is stored on servers in an external data center. Special precautions are taken to carefully protect these servers against loss, destruction, falsification, unauthorized access or unauthorized disclosure.

 

2. SSL or TLS encryption

For security reasons and to protect the transmission of confidential content (e.g. inquiries via our contact form), this website uses SSL or TLS encryption. You can recognize an encrypted connection by the abbreviation “https://” and by the padlock symbol in the address line of the browser. If SSL or TLS encryption is activated, the data that you send to us cannot be read by third parties.

This Privacy Policy was last updated in March 2019.

It may be necessary to amend this Privacy Policy due to the further development of our website or due to changes in legal or official requirements.

Processing of Your Data

Contact form and inquiries by email, telephone or fax

(a) Description of data processing

You can contact us via the contact form on our website and via the email addresses, telephone and fax numbers provided there. If you contact us in this way, all resulting personal data will be stored and processed by us for the purpose of processing your request. If you use the contact form, we will record the data you enter (your email address, your zip code, potentially your first and last name, your company). In addition, we will record your IP address and the time at which the form was sent. Your details may be stored in our Customer Relationship Management system (“CRM system”). The data will not be passed on to third parties in this case. The data will be used exclusively for processing the inquiry.

 

b) Legal basis for data processing

The legal basis for the processing of contact data is Art. 6 para. 1(f) GDPR (general inquiries). If it is necessary to make contact in order to implement pre-contractual measures as a result of your inquiry, the legal basis is Art. 6 para. 1(b) GDPR.

 

c) Purpose of data processing

The personal data that we collect will be processed solely for the purpose of effective handling of the inquiries directed to us. This also constitutes our legitimate interest in the processing of the data pursuant to Art. 6 para. 1(f) GDPR.

 

(d) Duration of storage

We will retain the data that you send to us via contact inquiries until you request that we delete it, you object to its storage or the purpose for the data storage no longer applies. The purpose for the data storage no longer applies if it can be inferred from the circumstances that the underlying concern has been conclusively resolved.

 

(e) Option to object

People who have submitted inquiries can request at any time that the personal data they submitted to us when contacting us be deleted. They can do this by sending an email to datenschutz[at]kieback-peter.de.

1. Access data and log files

(a) Description of data processing

If you use our website solely for informational purposes, i.e. if you do not register or otherwise provide us with information, our system automatically collects data and information that your browser transmits to our server (known as access data):

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Volume of data transferred in each case
  • Web page from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

The data is stored temporarily in our system’s log files. This data will not be stored together with other personal data.

 

b) Legal basis for data processing

The legal basis for the temporary storage of data and log files is Art. 6 para. 1(f) GDPR.

 

c) Purpose of data processing

The temporary storage of data by the system is necessary for provision of our website. To this end, the user’s IP address, in particular, must also be stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. We also use the data to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this case. These purposes also constitute our legitimate interest in processing the data pursuant to Art. 6 para. 1(f) GDPR.

 

d) Duration of storage

The data is deleted as soon as it is no longer required to achieve the purpose of its collection. For data collected for the provision of the website, this is the case when the respective session has ended. Where data is stored in log files, this is the case after 30 days at the latest.

 

(e) Option to object

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the Internet site. Consequently, there is no option for the website user to object to this.

 

2. Use of cookies

(a) Description of data processing

In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which the company that sets the cookie (in this case us) receives certain information. Cookies cannot execute programs or transmit viruses to your computer.

This website uses the following types of cookies, the scope and functionality of which are explained below:

  • Transient cookies
  • Persistent cookies

Transient cookies are automatically deleted when you close your browser. This includes session cookies in particular. They store a ‘session ID’ with which various requests from your browser can be assigned to the common session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. You can delete the cookies in your browser’s security settings at any time.

 

b) Legal basis for data processing

The legal basis for the processing of personal data using cookies is Art. 6 para. 1(f) GDPR.

 

c) Purpose of data processing

The purpose of using cookies is to simplify the use of websites for users. In principle, our website can be used without the use of cookies. However, some functions cannot be provided without the use of cookies.

 

d) Duration of storage, options to object

Cookies are stored on the user’s computer and transmitted from this computer to our site. Therefore, you as a user also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing your browser settings. Cookies that have already been saved can be deleted at any time. This can also be done automatically.

 

3. Hosting service providers and external maintenance and servicing of the website

In some cases, we use external service providers to support the operation of our website. These providers have been carefully selected and commissioned by us, are bound by our instructions and are audited regularly. The cooperation is based on order processing contracts pursuant to Art. 28 GDPR.

These external service providers, who provide us with technical support (e.g. web hosters, programmers), usually have the possibility to at least access personal data. Such access is not intended. However, it is impossible to rule out that in individual cases certain personal data may be disclosed to these service providers during the course of their work. In terms of data protection, these are known as recipients (Art. 4 No. 9 GDPR).

We use the following external service providers:

  • UpCloud Ltd. Company, Eteläranta 12, 6. krs, FI-00130 Helsinki, Finland, email: hello[at]upcloud.com, website: www.upcloud.com; Privacy Policy: https://upcloud.com/privacy-policy/; purpose: hosting 
  • networkteam GmbH, Kleiner Kuhberg 42, 24103 Kiel, email: info[at]networkteam.com, website: www.networkteam.com; purpose: maintenance of our website.

 

4. Google products

a) Web analysis using Google Analytics

This website uses Google Analytics, a web analysis service from Google. Google Analytics uses cookies, which are text files that are stored on your computer and enable us to analyze the browsing activity of users of our website. The information generated by the cookie regarding the use of the website is generally transmitted to a Google server in the USA and stored there.

We use Google Analytics to analyze the use of our website and thus enable us to improve it on a regular basis. The statistics obtained enable us to improve our services and make them more interesting for you as a user.

This website uses Google Analytics with the extension that anonymizes IP addresses. This means that a truncated version of your IP address is sent to Google. This ensures it cannot be used to identify you personally. If the data collected about you has a personal reference, it is thus immediately excluded.

The legal basis for the use of Google Analytics is Art. 6 para. 1(f) GDPR. In the event that personal data is sent to the United States, Google is subject to the EU-US Privacy Shield.

You can prevent cookies from being stored on your computer by configuring the appropriate settings in your browser. However, we would like to point out that you may not be able to use all of the functions of this website to their full extent if you do so.

You can also prevent the data generated by the cookie pertaining to your usage of the website (including your IP address) from being recorded and processed by Google by downloading and installing this browser plugin. You can also click this opt-out link to stop Google Analytics from continuing to track you on our website.

 

b) Advertising using Google Ads (Google AdWords)

This website uses the services of Google Ads Conversion to draw attention to our services using advertising material (Google Ads) on external websites. We can determine how successful our advertising measures are in relation to the advertising campaign figures. Our purpose for doing so is to present you with advertising that is of interest to you, make our website more interesting for you and obtain a fair calculation of advertising costs.

These advertising materials are delivered by Google via “ad servers”. We use ad server cookies for this purpose. These can be used to measure performance metrics, such as the display of ads or clicks by users. If you navigate to our website via a Google advertisement, Google Ads stores a cookie on your end device. These cookies generally lose their validity after 30 days and are not intended to identify you personally. For this cookie, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (flag indicating that the user no longer wishes to see ads) are usually stored as analysis values.

These cookies enable Google to recognize your browser. If a user visits certain pages on the website of an Ads customer and the cookie stored on their computer has not yet expired, Google and the customer can see that the user clicked on the ad and was redirected to this page. Each Ads customer is assigned a different cookie. Therefore, cookies cannot be traced via the websites of Ads customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We receive only statistical evaluations from Google. On the basis of these evaluations, we can identify which of the advertising measures used are most effective. We do not receive any further data from the use of the advertising media. In particular we cannot identify users on the basis of this information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no control over the extent and further use of the data collected by Google through the use of this tool. This information is therefore based on the level of our knowledge: Through the integration of Ads Conversion, Google is informed that you have accessed the relevant part of our website or have clicked on an advertisement from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.

You can prevent the setting of cookies by our website as described above at any time by making the corresponding setting in your browser, and thus permanently object to the setting of cookies. Making this setting in your browser would also prevent Google from setting a conversion cookie on your device. In addition, a cookie that has already been set by Google Ads can be deleted at any time via the browser or other programs.

You can also object to interest-related advertising by Google. To do so, you will need to click on the following link from each of the browsers that you use and make the required settings.

Click here for more information and to review Google’s current Privacy Policy.

The legal basis for the use of Google Ads is Art. 6 para. 1(f) GDPR. In the event that personal data is sent to the United States, Google is subject to the EU-US Privacy Shield.

 

c) Google Maps

This website uses the services of Google Maps. This allows us to display an interactive map directly on the website, making it easier for you to find a branch near you.

When you visit our website, Google receives the information that you have accessed the corresponding subpage of our website. The access data specified in this Privacy Policy is also sent. This is done regardless of whether Google provides a user account via which you are logged in or whether there is no user account. If you are logged into Google, your data will be directly associated with your account. If you do not want your data to be associated with your Google profile, you must log out before activating the button. Google stores your data as user profiles and uses it for the purposes of advertising, market research and/or the needs-based design of its website. This type of evaluation is carried out in particular (even for users who are not logged in) in order to provide appropriate advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles. You must contact Google in order to exercise this right. The Google Maps Terms of Service can be found here.

The legal basis for the use of Google Analytics is Art. 6 para. 1(f) GDPR. In the event that personal data is sent to the United States, Google is subject to the EU-US Privacy Shield.

 

5. YouTube

We use the YouTube.com platform to embed videos that are stored on YouTube on our website and make them publicly available. YouTube is a service provided by a third party not affiliated with us, YouTube LLC (see below for the address and link to the third party privacy notice).

As part of this embedding, content from the YouTube website is displayed in sub-areas of a browser window. When you open a page on our website that includes YouTube videos in this form, a connection to the YouTube servers is established and the content is communicated to your browser and appears on the website.

When you click on an embedded video to start playback, Privacy Enhanced Mode ensures that, unless you are currently signed in to a Google service, YouTube only stores cookies on your device that do not contain any personally identifiable information. These cookies can be prevented through appropriate browser settings and extensions.

Address and link to the third-party Privacy Policies:

YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA; YouTube is a subsidiary of Google Inc. You can find information about data processing and the Privacy Policies of YouTube and Google here and here.

 

6. Our social media presence

a) Data processing through social networks

We maintain publicly accessible profiles on social networks. The particular social networks that we use can be found below in this Privacy Policy.

Social networks such as XING and LinkedIn can generally analyze your user behavior comprehensively when you visit their website or a website with integrated social media content (e.g. ‘like’ buttons or advertising banners). Visiting our social media pages triggers numerous processing operations relevant to data protection. These are explained in detail below.

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. In certain circumstances, your personal data may also be recorded even if you are not logged in or do not have an account with the respective social media portal. In this case, the data is collected, for example, using cookies that are stored on your end device or by recording your IP address.

The operators of social media portals can use data collected in this way to create user profiles containing your preferences and interests. This enables interest-related advertising to be displayed inside and outside the respective social media presence. If you have an account with the relevant social network, interest-based advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing operations may be carried out by the operators of the social media portals. Details regarding this can be found in the terms of use and data protection provisions of the respective social media portals.

 

Legal basis

Our social media pages are designed to ensure the broadest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 para. 1(f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be stated by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1(a) GDPR).

 

Controller and assertion of rights

When you visit one of our social media pages, we are jointly responsible with the operator of the social media platform for the data processing operations triggered by that visit. You can assert your rights (information, rectification, erasure, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal.

Please note that despite our joint responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our options depend to a large extent on the corporate policy of the respective provider.

 

Storage period

The data collected directly by us via the social media presence is deleted from our systems as soon as the purpose for its storage no longer applies, you request that we delete it, you revoke your consent to its storage or the purpose for data storage no longer applies. Cookies that have been saved remain on your device until you delete them. Mandatory statutory provisions – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data that is stored by the operators of social networks for their own purposes. For details, please consult the information provided by the operators of the social networks directly (e.g. in their Privacy Policy, see below).

 

b) Social networks in detail

XING

We have a profile on XING. The provider is XING AG, Dammtorstr. 29-32, 20354 Hamburg, Germany. Details on how the provider handles your personal data can be found in the XING Privacy Policy.

 

LinkedIn

We have a profile at LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified according to the EU-US Privacy Shield. LinkedIn uses advertising cookies.

If you would like to disable LinkedIn advertising cookies, please use the following link.

Details on how the provider handles your personal data can be found in the LinkedIn Privacy Policy.

 

YouTube

We have a profile on YouTube. The provider is YouTube, LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA. YouTube is a company belonging to Google. Details on how the provider handles your personal data can be found in the Google Privacy Policy.

Connect from Kieback&Peter enables you to access your building automation system at any time and from anywhere. We provide a modern infrastructure for Connect and guarantee secure access to your systems via your Internet browser. Connect is also a separate system from the website with its own online terms of use. Please read these carefully before registering for Connect.

 

 

 

 

 

Processing of data from our partners, interested parties and other groups of persons

a) General information

This section tells you how Kieback&Peter processes your personal data when you apply for a job advertised by us or apply to us on your own initiative. This Privacy Policy applies in addition to our “General information“ and the data protection information under “When visiting our website”, which provides specific information about your rights with regard to the processing of your personal data (“your rights as a data subject”) and how we process your personal data when you visit the website or in the case of non-application-specific topics.

You provide us with your personal data voluntarily as part of the application process. However, the provision of personal data is necessary in order to for us to process your application or to conclude an employment contract with us. This means that if you do not provide us with any personal data in an application, we cannot enter into an employment relationship with you.

 

b) Description of data processing

We collect and store all data that you provide to us through your application. This includes your contact details, your application documents (CV, cover letter, previous professional experience, training and certificates as well as our notes from interviews with you), your salary expectations, the type of employment you are looking for and the date from which you are available and, in exceptional cases, your identification documents. In addition, this also applies to all other data you provide us with, including any correspondence you may have with us during the application process and, where applicable, the results of recruitment tests or online tests (such as competence and potential analyses). This may also include special categories of personal data, such as data concerning health, that we collect, store and process, for example, as part of a hiring review.

We may also obtain the above information about you from other sources, including temporary employment agencies, headhunters, recruiters and the employment agency, that you provide us with, websites and other publicly available information on the Internet. This includes, for example, data that you have obviously made public in an online profile (e.g. XING, LinkedIn). We may also receive data that you send to us via third-party websites, e.g. from employment website such as Stepstone or Monster.

If you apply using our online application form, we may collect access information, such as the IP address of your access device.

 

c) Purpose of data processing

We collect, store and use your personal data in order to carry out the selection process. The data you provide will be used to process your application and, in the event of an employment relationship being established, to implement the employment relationship. Your data will not be processed for any other purpose.

 

(d) Legal basis for data processing

The legal basis is Section 26 para. 1 of the German Federal Data Protection Act (BDSG) and Section 22 para. 1(b) BDSG or, in the case of public profiles, Article 6 para. 1(f) GDPR in conjunction with Art. 9 para. 2(e) GDPR. In this case, the legitimate interest is to obtain a clear brief profile of you, which you have obviously made public within the meaning of Art. 9 para. 2(e) GDPR.

If consent is required for processing (e.g. for inclusion in our talent pool), Section 26 BDSG in conjunction with Art. 7 GDPR forms the legal basis.

Furthermore, we may process personal data about you as far as this is necessary to defend ourselves against legal claims asserted against us from the application process. The legal basis is Art. 6 para. 1(b) and (f) GDPR. The legitimate interest is, for example, a burden of proof in proceedings under the German General Equal Treatment Act.

Insofar as there is an employment relationship between you and us, we can continue to process the personal data that we have already received from you for the purposes of the employment relationship in accordance with Section 26 para. 1 BDSG. This is done if it is necessary for the performance or termination of the employment relationship or for the exercise or fulfillment of the rights and obligations of the employees’ interests arising from a law or a collective agreement, a works agreement or a service agreement (collective agreement).

 

e) Internal transfer of data

Your application will be processed as quickly as possible by the responsible personnel department of Kieback&Peter. Kieback&Peter consists of several legally independent companies, each with its own personnel department, which process applications received for the job advertisements of the individual Kieback&Peter company.

If you do not apply in response to a job advertisement but register in the talent pool, a personnel department of Kieback&Peter will contact you as soon as there is a vacancy that matches your profile. In the meantime, your profile, which is visible to all companies within Kieback&Peter will be stored in the talent pool.

Your application will then be checked – provided you have given your consent – by the relevant specialist departments, shareholdings and subsidiaries of Kieback&Peter.

 

(f) Applicant management system

heroes GmbH assists us with the installation and operation of our applicant management system. The service provider is represented by managing director Till Stadick, Welfenstr. 22, 81541 Munich, email: info[at]heroes.eu, website: www.he-roes.de.

We have concluded an order processing contract with heroes GmbH in accordance with Art. 28 GDPR, in which we guarantee the protection of your data. Information on data protection at heroes GmbH can be found here.

 

g) Duration of storage

Unless you give us permission to use your documents for other positions that become available (talent pool), we will store your personal data only for the duration of the retention period for application data for 6 months or for as long as we require it for the legitimate interest of Kieback&Peter in accordance with applicable law. If data no longer needs to be stored, it is deleted.

If you accept employment with us, we will retain your personal data for the duration of your employment relationship in accordance with the Kieback&Peter Employee Privacy Policy.

At trade shows and other events, Kieback&Peter employees use a lead app from Alivello to collect visitor data such as contact information, language and additional information such as interest in our products.

The data collected is transferred to Alivello’s systems and sent to the responsible Kieback&Peter branch to enable them to follow up the contacts (e.g. create offers, record in the CRM system). Once the data has been recorded, the prospective customer receives a personalized letter of thanks via the lead app.

The cooperation with Alivello is based on an order processing contract pursuant to Art. 28 GDPR.

The data is used to make quantitative and qualitative evaluations of the visits to the stand, e.g. customers from which region visited our stand, which products they were interested in. Furthermore, the data will be used to establish contact with the interested party for the purpose of sending them the (product) information they requested and initiating business. This also includes our legitimate economic interest in processing data pursuant to Art. 6 para. 1(f) GDPR.

We will retain the data collected from a visitor until you request that we delete it, you object to its storage or the purpose for the data storage no longer applies.