Data protection statement

Thank you for visiting our website. The secure handling of your data is particularly important to us. We would therefore like to inform you in detail about the use of your data when visiting our website.

This data protection declaration is a joint declaration by kmp. Sprachenservice GmbH & Co. KG and kmp. Services GmbH.

Information about the collection of personal data

(1) In the following we inform you about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.

(2) Responsible persons according to Art. 4 Para. 7 EU Data Protection Regulation (DS-GVO) are

kmp. Sprachenservice GmbH & Co. KG
Ziegelstraße 30/1
D-71063 Sindelfingen
e-mail: info@kmpServices.de

and

kmp. Services GmbH
Ziegelstraße 30/1
D-71063 Sindelfingen
E-mail: info@kmpServices.de

(See our imprint).

You can reach our joint data protection officer at
E-mail: datenschutz@kmpservices.de

or at our postal address with the addition "the data protection officer".

(3) When you contact us by e-mail or via our contact form, the data you provide (your e-mail address, name and telephone number) will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations.

By sending the e-mail, you give us your consent to data processing in accordance with Art. 6 Para. 1 lit. a DS-GVO.

(4) If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.

 

Legal basis of processing

Art. 6 para. 1 sentence 1 lit. a DSGVO serves our company as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 (1) sentence 1 lit. b DSGVO. The same applies to processing operations that are necessary for the implementation of pre-contractual measures, for example in the case of enquiries about our products or services. If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfilment of tax obligations, the processing is based on Art. 6 para. 1 lit. c DSGVO. In addition, processing operations could also be based on Article 6 (1) (f) of the GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden.

 

Disclosure of data

We do not transfer your personal data to third parties for purposes other than those listed below. We only pass on your personal data to third parties if:

  • you have given your express consent to this in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO,
  • the disclosure is necessary in accordance with Art. 6 para. 1 p. 1 lit. f DSGVO for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
  • in the event that there is a legal obligation to disclose your data pursuant to Art. 6 para. 1 sentence 1 lit. c DSGVO, as well as
  • this is legally permissible and necessary for the processing of contractual relationships with you according to Art. 6 para. 1 p. 1 lit. b DSGVO.

 

Data subject rights

You have the right:

  • to request information about your personal data processed by us in accordance with Art. 15 DSGVO. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
  • in accordance with Art. 16 DSGVO, to demand the immediate correction of inaccurate or incomplete personal data stored by us;
  • in accordance with Article 17 of the Regulation, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims;
  • in accordance with Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 DSGVO;
  • pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
  • in accordance with Art. 22 DSGVO, not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you;
  • to revoke your consent at any time in accordance with Art. 7 (3) DSGVO. This has the consequence that we may no longer continue the data processing based on this consent in the future; and

 

pursuant to Article 77 of the GDPR, you have the right to complain to a supervisory authority, without prejudice to any other administrative or judicial remedy. As a rule, you can contact the supervisory authority of your usual place of residence or place of work or the place of the alleged infringement for this purpose if the data subject believes that the processing of personal data concerning him or her violates the EU General Data Protection Regulation (GDPR).

 

General collection of data

When you access our website or retrieve a file, data about this process is stored in a log file on our web server. In detail, the following data may be stored:

  • IP address (if possible, this will be stored anonymously).
  • Domain name of the website you came from
  • Names of the files retrieved
  • Date and time of a retrieval
  • Name of your internet service provider
  • and, if applicable, the operating system and browser version of your terminal device We only store IP addresses for data security reasons in order to ensure the stability and security of our system (legal basis: Art. 6 para. 1 lit. f DSGVO). We reserve the right to statistically evaluate anonymised data records.

 

Contact forms

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you have provided there, will be stored and processed by us for the purpose of processing the enquiry and in the event of follow-up questions. Your data will be used exclusively for the purpose of answering and processing your question. The data processing is carried out here in accordance with Art. 6 para. 1 p. 1 lit. a DSGVO on the basis of your voluntarily given consent. You can object to this at any time (right of revocation).

 

References to other websites and to websites of third parties

On this website, references to websites of third parties or to one or several of our other websites are offered in the form of so-called links. Only when you click on such a link will data be transmitted to the link destination. This is technically necessary. The transmitted data are in particular: Your IP address, the time at which you clicked on the link, the page on which you clicked on the link, information about your Internet browser. If you do not want this data to be transmitted to the link destination, do not click on the link. If you follow links to third party websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these privacy policies before submitting personal data to these websites.

 

SSL encryption

This website uses SSL (Secure Socket Layer) encryption for the transmission of data from your browser to our server and to servers that provide files that we embed on our website. SSL is used to transmit data in an encrypted form. The data cannot be changed and the sender can be identified. You can recognise the presence of SSL encryption by the prefix "https" in front of the address of the website you are calling up in your browser.

 

Whistleblower system

Which of your data do we process?

The following data is processed as part of the whistleblower system: Information about the accused person (in particular surname, first name, title, contact details, position and employment details), information about the (alleged) breaches of conduct and the relevant facts. As the reporting procedure stipulates that reports can be made anonymously, no personal data is collected unless the whistleblower states otherwise. Otherwise, personal data such as the name of the reporting person, their contact details and, if applicable, the circumstances of their observation may be considered.


What are the purposes of data processing?

The purpose of data processing within the framework of the whistleblower system is to receive and clarify serious suspicions of breaches of regulations, in particular criminal offences in the area of white-collar crime and corruption.


What is the legal basis for data processing?

As a rule, the whistleblower's personal data is only processed with their consent (Art. 6 para. 1 lit. a GDPR). In other cases, the processing of personal data in the whistleblower system is carried out on the basis of Art. 6 para. 1 lit. f to safeguard the overriding legitimate interest of the controller. This legitimate interest lies in preventing and combating corruption and in processing serious suspected cases of other breaches of regulations and protecting the controller and its employees from potential damage. Since reporting violations helps to avoid legal consequences such as criminal prosecution, claims for damages and immense damage to the company's image, the legitimate interests of the data subjects in the exclusion of processing or use do not prevail.


How long is the data stored?

Personal data is stored for as long as is necessary to clarify and conclusively assess the report. Once the investigation has been completed, the personal data will be deleted in accordance with legal requirements. In the event that judicial and/or disciplinary proceedings are initiated, the data may be stored until the conclusion of the proceedings or until the expiry of the time limits for legal remedies. Personal data in connection with unfounded reports will be deleted immediately.


To which recipients is the data passed on?

The controller ensures that personal data is only accessible to a limited number of authorised persons who need to know this data in order to provide the above-mentioned processing purposes.

If it is necessary to clarify the matter, personal data may be forwarded to individual, carefully selected persons or to an ombudsman's office (also external) of the controller to the extent necessary. Every person who receives access to the data is obliged to maintain confidentiality.

Your personal data will not be passed on or otherwise transferred to third parties unless this is necessary for the purposes of criminal prosecution. Personal data may be disclosed to government bodies if this is required by law or by order of such bodies. PDF "Information obligations regarding the whistleblowing system"


Vimeo videos

We have embedded Vimeo videos on our website, which are stored on our own server. There is no data transmission to Vimeo, LLC, headquartered at 555 West 18th Street, New York, New York 10011).

 

Google Ads

Type and scope of processing:

We have integrated Google Ads on our website. Google Ads is a service provided by Google Ireland Limited to display targeted advertising to users. Google Ads uses cookies and other browser technologies to evaluate user behaviour and recognise users. Google Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of advertising. Google Ads also delivers targeted advertising based on behavioural profiles and geographical location. Your IP address and other identification features such as your user agent are transmitted to the provider. If you are registered with a Google Ireland Limited service, Google Ads can assign the visit to your account. Even if you are not registered with Google Ireland Limited or have not logged in, it is possible that the provider will find out and save your IP address and other identification features. In this case, your data will be passed on to the operator of Google Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.


Purpose and legal basis:

The use of Google Ads is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG. We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where no adequacy decision of the European Commission exists (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN. In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which we do not know, over which we have no influence and of which you may not be aware).

Storage period:

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Ads: https://policies.google.com/privacy.

 

Google Analytics

Type and scope of processing:

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of visits to our website, subpages visited and the length of stay of visitors. Google Analytics uses cookies and other browser technologies to evaluate user behaviour and recognise users. This information is used, among other things, to compile reports on website activity.

Purpose and legal basis:

The use of Google Analytics is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG. We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where no adequacy decision of the European Commission exists (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN. In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which we do not know, over which we have no influence and of which you may not be aware).

Storage period:

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Analytics: https://policies.google.com/privacy.

 

Google DoubleClick

Type and scope of processing:

We have integrated Google DoubleClick components on our website. DoubleClick is a Google brand under which special online marketing solutions are primarily marketed to advertising agencies and publishers. DoubleClick by Google transfers data to the DoubleClick server with every impression as well as with clicks or other activities.
Each of these data transfers triggers a cookie request to the data subject's browser. If the browser accepts this request, DoubleClick places a cookie in your browser.
DoubleClick uses a cookie ID, which is required to process the technical procedure. The cookie ID is required, for example, to display an advert in a browser. DoubleClick can also use the cookie ID to record which adverts have already been displayed in a browser in order to avoid duplication. The cookie ID also enables DoubleClick to record conversions. Conversions are recorded, for example, if a user has previously been shown a DoubleClick advert and subsequently makes a purchase on the advertiser's website using the same internet browser. A DoubleClick cookie does not contain any personal data, but may contain additional campaign identifiers. A campaign identifier is used to identify the campaigns with which you have already been in contact on other websites. As part of this service, Google obtains knowledge of data that Google also uses to create commission statements. Among other things, Google can recognise that you have clicked on certain links on our website. In this case, your data will be passed on to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and the applicable data protection provisions of DoubleClick by Google can be found at https://policies.google.com/privacy

Purpose and legal basis:

We process your data using the DoubleClick cookie for the purpose of optimising and displaying advertising on the basis of your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG. The cookie is used, among other things, to place and display user-relevant advertising and to create reports on advertising campaigns or to improve them. The cookie is also used to avoid multiple displays of the same adverts. Each time you access one of the individual pages of our website on which a DoubleClick component has been integrated, your browser is automatically prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and billing of commissions. There is no legal or contractual obligation to provide your data. If you do not give us your consent, you can visit our website without restriction, but not all functions may be fully available. We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where no adequacy decision of the European Commission exists (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN.
In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which we do not know, over which we have no influence and of which you may not be aware).

Storage period:

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google DoubleClick: https://policies.google.com/privacy.

 

Google Tag Manager

Type and scope of processing:

We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and enables us to control the precise integration of services on our website. This allows us to flexibly integrate additional services in order to analyse user access to our website.

Purpose and legal basis:

The use of Google Tag Manager is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG. We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where no adequacy decision of the European Commission exists (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN. In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which we do not know, over which we have no influence and of which you may not be aware).

Storage period:

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Tag Manager: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

 

Google reCAPTCHA

Type and scope of processing:

We have integrated components of Google reCAPTCHA on our website. Google reCAPTCHA is a service of Google Ireland Limited and enables us to distinguish whether a contact request comes from a natural person or is automated by means of a programme. When you access this content, you establish a connection to the servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and possibly browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the time spent on the website and the user's mouse movements in order to distinguish automated requests from human requests. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google reCAPTCHA.

Purpose and legal basis:

The use of Google reCAPTCHA is based on your consent in accordance with Art. 6 para. 1 lit. a. GDPR and § 25 para. 1 TTDSG. We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 para. 1 GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF). In cases where no adequacy decision of the European Commission exists (including US companies that are not certified under the EU-U.S. DPF), we have agreed other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR have been agreed. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914&from=EN. In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 para. 1 sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in detail (e.g. data processing by security authorities in the third country, the exact scope and consequences of which we do not know, over which we have no influence and of which you may not be aware).

Storage period:

The specific storage period of the processed data cannot be influenced by us, but is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google reCAPTCHA: https://policies.google.com/privacy?hl=en-US.

 

consentmanager.net

Type and scope of processing:

We have integrated consentmanager.net on our website. consentmanager.net is a consent solution from consentmanager AB, Håltegelvägen 1, B723 48 Västerås, Sweden, with which consent to the storage of cookies can be obtained and documented. consentmanager.net uses cookies or other web technologies to recognise users and store the consent given or revoked.

Purpose and legal basis:

The use of the service is based on the legally required consent to the use of cookies in accordance with §25 TTDSG and Art. 6 para. 1 lit. c. GDPR.

Storage period:

The specific storage period of the processed data cannot be influenced by us, but is determined by consentmanager AB. Further information can be found in the privacy policy for consentmanager.net: https://www.consentmanager.net/privacy/.

 

Security notice

We secure our website and other IT systems against loss, destruction, unauthorised access, unauthorised modification or unauthorised disclosure of your data by means of appropriate technical and organisational measures. However, despite all due care, complete protection against all dangers is not possible in every case. Because we cannot guarantee complete data security when communicating by e-mail, we recommend sending confidential information by post.

 

Changes to this data protection declaration

We reserve the right to change this data protection declaration if the legal situation or this online offer or the type of data collection changes. However, this only applies to declarations regarding data processing. If the user's consent is required or components of the data protection declaration contain a regulation of the contractual relationship with users, the data protection declaration will only be changed with the user's consent.

Therefore, please refer to this data protection statement whenever necessary, especially if you provide personal data.

 

Further functions and offers of our website

(1) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. For this purpose, you will usually have to provide further personal data, which we use to provide the respective service and for which the aforementioned data processing principles apply.

(2) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

(3) Furthermore, we may pass on your personal data to third parties if contracts or similar services are offered by us together with partners. You will receive more detailed information on this when you provide your personal data.

(4) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this circumstance in the description of the offer.

 

 

 

We would like to point out that only the German version of this data protection declaration is legally binding. The English version is merely a non-legally binding translation of the German version.