Data privacy statement

K.D. Feddersen GmbH & Co. KG (hereinafter „we“) takes the security and protection of your data very seriously. We operate our websites in accordance with applicable data protection law, in particular the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). 

By means of this Data Privacy Statement, we would like to inform you of the nature, scope, and purpose of the personal data we collect, use and process in connection with the use of our websites, the legal basis for the processing as well as of the rights to which you are entitled in this regard. 

Applicability, Name and Address of the Controller 

Operator and controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in member states of the European Union and other provisions related to data protection of the website 

is: 

K.D. Feddersen GmbH & Co. KG
Wendenstraße 18
20097 Hamburg 
Local court (Amtsgericht) of Hamburg, HRB 35316 
datenschutz@kdfeddersen.com 

General Information on Data Processing 

Generally, we only collect and use your personal data to the extent necessary to provide our services. Apart from that we only process that personal data which you actively provide to us, e.g. within the course of a registration, by filling in forms, by sending e-mails or other inquiries to us, by subscribing to newsletters or by ordering services. 

We solely use the personal information provided by you for the performance of a contract or the processing of your inquiries. For other purposes, such as e.g. consulting, advertising and market analysis, we only use your personal data after having obtained your prior consent or if we are entitled or obliged to do so pursuant to applicable law. 

Provision of the WebSite and Creation of Logfiles 

When using the WebSite, we only collect the personal data that your browser transmits to our server. When you visit the WebSite, we collect the following information that is technically necessary for us to enable you to visit the WebSite and to ensure stability and security (the legal basis is Art. 6 para. 1 sent. 1 lit. f GDPR): 

  • The website you last visited 

  • Date and time of retrieval 

  • Name of the Internet access provider (ISP) 

  • Browser type/version and language 

  • The operating system used 

  • Access status/http status code 

  • The amount of data transferred in each case 

  • Device (PC, Tablet PC or Smartphone) 

  • Pages visited by you incl. length of stay 

  • Your anonymised IP adress 

We evaluate this data for statistical purposes only. A person-related evaluation does not take place. Temporary storage of your IP address is necessary to enable delivery of the WebSite to your end device. For this, the IP address of the user must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the WebSite. 

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection for the provision of the WebSite, this is the case when the respective session has ended. If the data is stored in log files, it will be deleted by 90 days at the latest. Further storage is possible, however, in this case the IP addresses are deleted or alienated, so that an assignment of the calling client is no longer possible. 

Cookies 

In order to optimise the functionality and usability of the WebSite, we use so-called cookies. Cookies are small text files that are stored by the browser on your device and through which the site that sets the cookie (in this case by us) receives certain information. Cookies cannot execute programs or transfer viruses to your end device. 

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in ensuring and optimising the functionality and usability of the WebSite. 

We use the following types of cookies for our WebSite: 

Necessary cookies. These cookies are necessary for the WebSite to function properly. 

Performance cookies. These cookies are used to collect statistical information that we use for performance and usability optimisation of the WebSite. 

Usercentrics Consent Management Plattform 

We use the Usercentrics Consent Management Tool of Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany on our site.  

The purpose of using Usercentrics is to manage your consents and to prove compliance with legal requirements on our part. When you access our website for the first time and every time there is a change to the data processing that requires your consent, you will be shown our Consent Banner. In the Consent Banner, you have the opportunity to voluntarily consent that we may set cookies - beyond the strictly necessary technologies - and subsequently process your data to further develop and improve our website. Our Cookie Consent Tool also provides you with information on exactly which cookies we use. 

If you confirm the “Accept All” button of the cookie banner, you give your consent for the preset cookies, which can be revoked at any time. You can change the cookie settings at any time or revoke your consent by clicking on the link (Cookie Preferences) below.   

The following data is processed by Usercentrics: Opt-in and opt-out data, Consent ID, time of consent, consent type, referrer URL (via which website/advertising medium you came to this website), user settings, template version and banner language. 

The legal basis for the processing of your personal data is the fulfillment of our legal obligation regarding the obtaining of consent and its verifiability according to Art. 6 para. 1 p. 1 lit. c GDPR. 

The consent data will be stored for three years and deleted immediately thereafter. 

You can learn more about the data processed through the use of Usercentrics in the privacy policy on: https://usercentrics.com/privacy-policy/

Storyblok

We use the content management system Storyblok on our website, provided by Storyblok GmbH, Peter-Behrens-Platz 2, 4020 Linz, Austria, which helps us take control of our website content. 

Storyblok is ISO 27001 certified. This recognizes that all its products, operations, support processes and data storage protocols meet the highest international security standards. The conformance to ISO 27001 is certified by TÜV Rheinland and annually re-evaluated. 

The following data is processed by Storyblok: your IP address, info about your operating system, date and time of request, content information, internet service provider and performance records. 

The legal basis for the processing of your personal data is the fulfillment of our legal obligation regarding the obtaining of consent and its verifiability according to Art. 6 para. 1 lit. a GDPR. 

Storyblok store the personal data on its own secure servers within the EEA for 12 months in case you are a candidate and 24 months in case you were an employee and deleted immediately thereafter. 

You can learn more about the data processed through the use of Storyblok in the privacy policy on https://www.storyblok.com/privacy-policy.  


Marketing Cloud Account Engagement

On our website, we utilize the marketing automation tool "Marketing Cloud Account Engagement" by Salesforce Inc., Salesforce Tower, 415 Mission Street, San Francisco, CA 94105, USA. "Marketing Cloud Account Engagement" is a service employed to analyze the user behavior of our website visitors, enabling us to continually enhance our web offerings for you. To achieve this, "Marketing Cloud Account Engagement" utilizes corresponding cookies to analyze your click behavior as a website visitor, with the aim of creating a pseudonymized usage profile. Pseudonymized means that your IP address, collected by the cookies set by "Marketing Cloud Account Engagement" is replaced by an identification number. Your IP address is therefore no longer identifiable to us. However, by setting the identification number, we can recognize you as our website visitor again once you revisit our website. The legal basis for the use of "Marketing Cloud Account Engagement" is your consent in accordance with Art. 6 Para. 1 lit a.) GDPR. You can revoke your consent at any time via the "Cookie Preferences" button at the bottom of the screen. In the event that personal data is transferred to the USA, standard contractual clauses apply. For more information on this and on data protection in general, please visit https://www.salesforce.com/de/company/privacy/?tid=139804533 and https://www.salesforce.com/eu/gdpr/pardot/

Dealfront

We use the service "Dealfront" by Dealfront Group GmbH, Durlacher Allee 73, 76131 Karlsruhe, on our website. Through the use of "Dealfront," we can identify companies visiting our website to address them more effectively through marketing campaigns. For this purpose, "Dealfront" initially captures your IP address as a visitor to our website to compare it with known IP addresses of companies. If a successful match is found, the IP address is associated with already known company information, for example, through publicly available imprint information. To exclude direct personal reference through the capture of the IP address, "Dealfront" shortens the last digits of the IP addresses. The legal basis for the use of "Dealfront" is your consent in accordance with Art. 6 Para. 1 lit a.) GDPR. You can revoke your consent at any time via the "Cookie Preferences" button at the bottom of the screen. You can find further information on data protection from "Dealfront" here:  Privacy Center | Dealfront bzw. DSGVO True Compliance und Transparenz | Dealfront.

Matomo 

We use the web analytics service Matomo on our website, provided by InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769.  

This is an open-source software that allows us to analyze your use of our website. Matomo is only activated based on your prior active consent through corresponding interaction with the cookie banner on our website. 

The following data is collected by Matomo: Your IP address, date and time of your visit, usage data, usage behavior, technical information about your browser as well as device information, downloads, referrer URL (via which website/advertising material you came to this website) and location information. 

The software runs on servers in Frankfurt, Germany (hosted by AWS New Zealand). Offsite backups are stored in Dublin, Ireland. The data is not passed on to third parties. It is not possible to trace the data back to a specific person, as your IP address is anonymized immediately after processing and before storage. 

This website uses Matomo with the extension "AnonymizeIP". This means that IP addresses are processed in abbreviated form, thus excluding the possibility of direct personal references. The IP address transmitted by your browser via Matomo will not be merged with other data collected by us. 

You can object to the processing of your data by rejecting tracking by Matomo in the cookie preferences. You can learn more about the data processed using Matomo in the Privacy Policy at: https://matomo.org/privacy-policy/

Vimeo 

Our WebSite uses plug-ins from the video portal Vimeo. Provider is Vimeo Inc. 555 West 18th Street, New York, New York 10011, USA. 

When you visit one of our sites embedding a Vimeo video, a connection to the Vimeo servers will be established. This tells the Vimeo server which of our pages you have visited. If you are logged in as a member of Vimeo during this, Vimeo will assign this information to your personal user account. When you click the start button of a video, this information may also be assigned to an existing user account. You can prevent this assignment by logging out of your Vimeo user account before you use our WebSite and deleting the corresponding cookies set by Vimeo. Vimeo also obtains your IP address. This also applies if you are not logged in to Vimeo or do not have a Vimeo account. The information collected by Vimeo is transferred to the Vimeo servers located in the USA. 

For more information about how Vimeo handles user data, please see the Vimeo privacy policy at: https://vimeo.com/privacy

We use this service on our WebSite based on a legitimate interest - in the analysis, optimization and economic operation of our online services. The legal basis is Art. 6 para. 1 lit. f GDPR. 

You can also prevent Vimeo from loading by changing your browser settings (deactivating JavaScript and iFrames). 

reCaptcha v3 

We use the open source technology reCaptcha v3 on our website, provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, California 94043 United States. 

This service helps our website prevent spam and block bots. The program determines whether the user is a real person or a bot to protect our website from cyber attacks. 

ReCaptcha v3 works with an algorithm that collects and analyzes a user's interactions with a website to create a score. The final score indicates whether the activity is suspicious. This version aims to reduce "user friction" by eliminating the need for questions and creating a seamless user experience. 

The following data is processed by reCaptcha: Mouse and keyboard behavior (any action you perform with the mouse or keyboard), info about your operating system, date and language settings of your browser, Google-Cookies placed on the website, your answers to the question fields on the website, referrer URL (through which website/advertising medium you arrived at this website), CSS information, any JavaScript objects, screen resolution and plug-ins installed in your browser. The algorithm also recognizes IP addresses that were previously recognized as human through cookies. 

The legal basis for the processing of your personal data is the fulfillment of our legal obligation regarding the obtaining of consent and its verifiability according to Art. 6 para. 1 lit. a GDPR. In addition, there is a legitimate interest in the use of Google reCaptcha to optimize and increase the security of the online service, the legal basis of which is Art. 6 (1) lit. f GDPR. 

You can learn more about the data processed through the use of reCaptcha v3 in the privacy policy on: https://policies.google.com/privacy

Social Shares 

On our websites in our job ads, social shares come from the social networks "LinkedIn" (provider: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA), "XING" (provider: Xing AG, Gänsemarkt 43, 20354 Hamburg, Germany) and “Facebook” (provider: Meta Platforms, Inc., 1601 S. California Ave, Palo Alto, California 94304, USA) on the basis of Art. 6 (1) lit. f GDPR. For data protection reasons, we have deliberately decided against using direct plug-ins from social networks. Therefore, when you call up our websites, no data is automatically transmitted to the above-mentioned social networks. Only when you yourself actively click on the respective button (i.e. the LinkedIn, Xing or Facebook logo) will your Internet browser establish a connection to the servers of the respective social network. If you follow the links while visiting our website and are logged in to LinkedIn, Xing or Facebook via your personal user account, the information that you have visited our website may be forwarded to the operator of the respective social network. In this case, LinkedIn, Xing or Facebook can assign your visit to our website to your user account. If you do not want social networks to associate your visit to our website with your user account, you must log out of these social networks before visiting our website. 

Please note that we have no knowledge of the content of the transmitted (personal) data or its use by LinkedIn, Xing or Facebook. 

You can find further information on this in the LinkedIn and Xing privacy statements at: 

 

Data Security 

We deploy technical and organizational security measures to protect your personal data from being manipulated unintentionally or intentionally, lost, destroyed or accessed by unauthorized persons. Our technical and organizational measures are continuously reviewed and revised in line with the latest state 

Your Rights 

To the extent we process any personal data related to you, you are entitled to the following rights: 

Right to Information 

You have the right to request a confirmation from us whether we process personal data related to you. 

If this is the case, you are entitled to request the following information from us: 

  1. the purposes of the processing; 

  2. the categories of personal data that are processed; 

  3. the recipients or categories of recipients to whom the personal data has been disclosed or is still being disclosed; 

  4. where possible, the intended period for which the personal data is stored or, if not possible, the criteria for the establishment of this period; 

  5. the existence of the right to rectify or delete personal data of the data subject or the right to limit the processing by the controller or a right of objection against this processing;   

  6. the existence of a right of repeal with a regulatory authority; 

  7. where the personal data are not collected from the data subject, any available information as to their source. 

Furthermore, you are entitled to a right of access to information about whether your personal data have been sent to a third country or an international organisation. Insofar as this is the case, you also have the right to receive information about the appropriate guarantees in connection to the transfer of the data pursuant to Art. 46 GDPR. 

Right to Rectify 

You have the right to request from us the immediate rectification of any inaccurate personal data as well as the completion of any incomplete personal data relating to you. In this case, we will immediately rectify your personal data. 

Right to Limit the Processing 

You have the right to request from us the limitation of your personal data if one of the following requirements is given: 

  1. You have challenged the accuracy of your personal data, and this is for a period that enables the us to verify the accuracy of your personal data. 

  2. The processing is illegal and you decline the deletion of your personal data and instead request limiting its use. 

  3. We no longer require your personal data for the purposes of the processing, you, however, require the data for the assertion, exercise or defence of legal claims, or 

  4. You have filed an objection to the processing in accordance to article 21 para. 1 GDPR, and it is still undetermined whether our legitimate reasons as controller outweigh yours as the data subject. 

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. 

If the processing of your personal data has been restricted in accordance with the above requirements, we will immediately notify you before the restriction is lifted. 

Right to Deletion 

You have the right to request from us that your personal data is promptly deleted provided one of the following reasons pertains and if the processing is not necessary: 

  1. Your personal data is recorded for such purposes or processed in another manner for which it is no longer necessary. 

  2. In case the processing of the personal data is based on Art. 6 para. 1 lit. a GDPR, you revoke your consent on which the processing is based. 

  3. You file an objection against the processing in accordance with article 21 section 1 of the GDPR, and there are no predominant legitimate reasons for the processing, or you file an objection against the processing in accordance with article 21 section 2 of the GDPR. 

  4. Your personal data was unlawfully processed. 

  5. The deletion of your personal data is necessary for the fulfilment of a legal obligation . 

Exceptions 

A right to deletion does not exist, if the processing is necessary 

  1. for exercising the right of freedom of expression and information; 

  2. for compliance with a legal obligation which requires processing by law or for the performance of a task carried out in the public interest or in the exercise ; 

  3. for the establishment, exercise or defence of legal claims. 

Right of appeal to a supervisory authority 

Without prejudice to any other remedy, you have the right of appeal to a competent supervisory authority if you believe that the processing of your personal data violates applicable data protection law. 

Right to Revocation of consent 

If and to the extent the processing of your personal data is based on your consent pursuant to Art. 6 para. 1 lit. a of the GDPR, you may revoke your granted consent at any time with effect for the future by sending an email to datenschutz@kdfeddersen.com

Contact data of the Data Protection Officer 

All inquiries, requests and declarations as to the use of personal data can be send to our data protection officer via e-mail to 

datenschutz@kdfeddersen.com 

or by mail to 

K.D. Feddersen GmbH & Co. KG
Wendenstrasse 18  
20097 Hamburg 

  

August 2024  

****