Privacy policy

If you use our websites or contact us, personal data is regularly collected from you. Data is always collected and processed in compliance with data protection requirements and based on a valid legal basis.

Insofar as the consent of the data subject has been obtained for the processing of personal data, Art. 6 para. 1 a) GDPR serves as the legal basis.

In the processing of personal data necessary for the fulfilment of a contract to which the data subject is a party, Art. 6 para. 1 b) GDPR serves as the legal basis. This also applies to pre-contractual and contract-initiating measures.

If the fulfilment of legal obligations to which we are subject requires the processing of personal data, Art. 6 para. 1 c) GDPR serves as the legal basis.

If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 d) GDPR serves as the legal basis.

If the processing of personal data is based on a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 f) GDPR serves as the legal basis.

a) Contact by you

If you contact us by e-mail, fax, telephone, post, contact form, chat function or using other communication channels (including external partners) or via personal contact (e.g. at trade fairs, events or with the sales force), we process personal data (salutation, title, name, company, contact details) that you provide to us for the purpose of processing, documenting and tracking your enquiry on the basis of Art. 6 para. 1 b) GDPR or Art. 6 para. 1 f) GDPR.
 

b) Order processing

We process personal data (salutation, title, name, company, address, contact details, transaction data) that you provide to us on the basis of Art. 6 para. 1 b) GDPR in order to process orders (e.g. fulfilment of a purchase contract or provision of a service). In doing so, we transmit necessary information to the companies commissioned with the delivery or execution as well as the banks, insurance companies and service providers commissioned with the transaction, regulation, credit check and sanction list comparison. This also applies to the processing of contract-initiating or pre-contractual measures as well as post-contractual services and complaints.
 

c) Login areas (e.g. web shop)

When using the login areas (e.g. web shop) provided by KESSEL, the following points apply in addition to the information contained in this data protection declaration in order to protect your data.

In order to register, you must provide a valid e-mail address (professional e-mail address) and assign a password. Further data is collected by us as part of the execution of the service in accordance with Art. 6 para. 1 lit. b) GDPR. We would like to point out that we classify the data entered as professional data (e.g. company address, professional e-mail address, professional telephone number). In the case of orders or other services, your contact and address data will be passed on to our suppliers insofar as this is necessary for the delivery of the goods. We pass on your payment data to the authorised credit institution within the scope of payment processing, insofar as this is necessary for payment processing. The data collected by us will be forwarded to the respective dealer/service partner as part of the enquiry forwarding process. The data protection provisions of the respective retailer/service partner apply to the processing of your personal data by the respective retailer/service partner. The legal basis for the transfer of data is Art. 6 para. 1 lit. b) GDPR.

We use the single sign-on (SSO) procedure for the login process. This allows users to log in to all services on our websites by entering their login details once. For authentication, the user name/email address, name, time of login, IP address and log data are stored on Microsoft Azure's EU servers. The processing of personal data in the context of the login is based on Art. 6 para. 1 lit. b) GDPR and Art. 6 para. 1 lit. f) GDPR (legitimate interest in secure and user-friendly authentication).
 

d) Platform for tender texts

We offer you a free platform for creating and saving projects, bills of quantities and cost estimates. The platform is provided by our service provider SIRADOS (WEKA Media GmbH & Co. KG, Römerstraße 4, 86438 Kissing) on our website. Registration is required to use the platform. Please only enter your professional contact details. Your professional address and contact details will be processed for the purpose of registration and use of the platform. The data is stored by SIRADOS within Germany. Further information on data protection at SIRADOS can be found at www.sirados.de/datenschutz. SIRADOS acts as a processor for us in accordance with Art. 28 GDPR.
 

e) Newsletter, Job Alert and Press Alert

You will only receive our newsletter and seminar newsletter as well as our job alert after registering via the double opt-in procedure, and our press alert after registering via the single opt-in procedure. The processing of personal data (salutation, title, name, company, sector, address, email address, interests) that you provide to us for individualised email distribution and to protect against misuse is based on Art. 6 (1) a) GDPR. Your consent can be revoked with effect for the future via the unsubscribe link in each relevant e-mail.

Service and trading partners receive current information in connection with the business relationship (e.g. product adjustments or organisational changes) regularly by e-mail on the basis of Art. 6 para. 1 b) GDPR. 

Contractual partners (customers, suppliers) occasionally receive e-mails from us with information in connection with the products purchased or services ordered. These e-mails are sent on the basis of our legitimate interests in accordance with Art. 6 para. 1 f) GDPR. You can object to this data processing at any time with effect for the future. Data processing up to the time of cancellation remains unaffected by this.
 

f) Training events

You can register for a classroom seminar, webinar or other (digital) training event by e-mail, fax or registration form on our website or by using other communication channels in text form. The processing of personal data (salutation, title, name, company, address, contact details, transaction data) that you provide to us is carried out for the purpose of implementing, documenting and following up on the respective training offer on the basis of Art. 6 para. 1 b) GDPR or Art. 6 para. 1 f) GDPR. If necessary, we transmit necessary information to the partners commissioned with the implementation (e.g. speakers, hotels or service providers) as well as the banks and service providers commissioned with the transaction and credit check.

If you register for a seminar or webinar via the booking form on our website, the data you enter will be forwarded to the seminar management software (Learning Management System) of Studio03 Medienfabrik GmbH & Co KG (In Oberwiesen 16, 88682 Salem, information on data protection: www.studio-03.de/datenschutz). We use this software to manage the participants, to send important information about the event and to organise the event. The legal basis is Art. 6 para. 1 lit. b and f GDPR. The following data is collected via the booking form Surname, first name, professional e-mail address, professional telephone number and company address. We only ask you to enter your professional data in the form. Content data and meta/communication data (e.g. device ID, IP address) are also collected as part of the training event. The data is stored in data centres in Germany. In order to guarantee the security of your data, we have concluded an order processing contract with Studio03 Medienfabrik GmbH & Co KG.
 

g) Events and plant visits

You can register for a (digital) event or a factory visit by e-mail, fax, telephone or registration form on our websites or via personal contact or using other communication channels. Personal data (salutation, title, name, company, address, contact details, transaction data) that you provide to us or that is provided to us by the event partner or coordinator is processed for the purpose of organising, documenting and following up on the respective event on the basis of Art. 6 para. 1 b) GDPR or Art. 6 para. 1 f) GDPR. If necessary, we transmit necessary information to the partners commissioned with the organisation (e.g. speakers, hotels or service providers) as well as the banks and service providers commissioned with the transaction and credit check.
 

h) Trade fairs, exhibitions, roadshows and counter days

You can find out about our products and services at trade fairs, exhibitions, roadshows, (online) presentations, counter days and similar events. The processing of personal data (salutation, title, name, company, address, contact details) that you provide to us is carried out for the purpose of documentation, processing your enquiries and follow-up of the respective event on the basis of Art. 6 para. 1 a) GDPR, Art. 6 para. 1 b) GDPR or Art. 6 para. 1 f) GDPR. We use the snapADDY solution from snapADDY GmbH, Haugerkirchgasse 7, 97070 Würzburg, Germany, to collect data at trade fairs or events in order to be able to send you information afterwards or to arrange an appointment. This tool scans your business card and stores the contact information in an Excel spreadsheet, which is imported into our CRM system. After the scan, you will receive an automated and unique thank you email generated by snapADDY. Before importing data into our CRM and contacting us, you must confirm this by e-mail (double opt-in procedure). The data is stored on servers in Germany. snapADDY acts as a processor for us in accordance with Art. 28 GDPR. An order processing contract has been concluded. Further information on data protection at snapADDY can be found at https://www.snapaddy.com/en/privacy-security-hub/data-protection.html
 

i) Mailing programme overview and seminar programme

For the mailing of the annual programme overview and the annual seminar programme, we process personal data (salutation, title, name, company, industry, address) that you provide to us or that is publicly accessible on the basis of Art. 6 para. 1 a) GDPR or on the basis of Art. 6 para. 1 b) GDPR or Art. 6 para. 1 f) GDPR. Cancellation information is included in the cover letter of each mailing.

j) Medienportal OXOMI

Via the web-based application "OXOMI" from scireum GmbH ("scireum"), we provide a media portal with product and marketing information on our websites, which can be accessed without registration (login). scireum does not pass on any personal data to third parties on its own initiative and excludes the marketing of metadata. The application is operated on servers in Europe and under German data protection law. For the mobile applications (e.g. OXOMI Pocket on an iPad), scireum uses the Crashlytics analysis tool from Fabric. In the event of a software problem, Crashlytics records the problem and the associated error environment for further analysis and stores this data for 90 days. scireum uses this data exclusively for troubleshooting. Further details are described in scireum GmbH's privacy policy at www.scireum.de/scireum/datenschutz.
 

k) Contact through us

As part of the usual industry property tracking, to arrange appointments, for one-off information of new contacts via our communication channels and for similar purposes, contact is made in the industry environment by us or by commissioned service providers by telephone, e-mail, using other communication channels or via personal contact. We process personal data (salutation, title, name, company, address, contact details, role in the property) that you have provided to us and newly provide to us, are publicly accessible or are transmitted to us by third parties on the basis of Art. 6 para. 1 b) GDPR or Art. 6 para. 1 f) GDPR. This also applies to the implementation of regular satisfaction surveys for quality assurance and to increase partner and customer satisfaction. If necessary, we transmit the necessary information to the service providers and partners commissioned to carry out the survey.
 

Provision of the website

a) log data

For the provision and operation of our websites and online services, the processing of personal data is absolutely necessary in some places. We process the following personal data on the basis of Art. 6 (1) f) GDPR to deliver the websites, ensure their functionality, optimise the applications and ensure the security of the websites:

• IP address of the user

• Date and time of access

• Pages/files accessed

• Protocol and status of access 

• Volume of data transmission 

• Referrer URL 

• Information on the client/browser used

Log files and their contents are stored for 30 days and then deleted or anonymised if necessary, unless they are required for the clarification or documentation of misuse or unlawful use that has become known within the retention period. Log files are analysed for data security purposes.

b) Hosting

Our website is hosted by the external service provider Microsoft Azure (Microsoft Ireland Operations Limited), One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. Data processing is carried out on the basis of Art. 6 para. 1 lit. f GDPR (legitimate interest), as hosting is necessary to ensure the secure and stable operation of this website. The log data collected is stored by Microsoft. Further information on data protection at Microsoft can be found at https://privacy.microsoft.com/de-de/privacystatement. A data protection agreement has been concluded with Microsoft.
 

c) Cookies 

Our websites use cookies to offer you a seamless web experience and to optimise their use. These are small text files that are stored on the end devices used by users and contain specific user and usage information.

The use of all company websites requires consent for those cookies that are absolutely necessary for operation. In addition, you can give us your consent to the use of other cookies (e.g. for analysis and marketing purposes). This request is made before you use our websites for the first time and serves as the legal basis for the processing of personal data (title, title, name, company, IP address, user information, etc.) that is automatically collected by our websites on the basis of Art. 6 para. 1 a) GDPR. You can change or revoke your consent at any time. To do so, click on the fingerprint symbol at the bottom left of the website. This will open our Consent Manager, where you can customise your data protection settings.

We use the consent management platform Usercentrics (Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany, usercentrics.com/privacy-policy/) on our website to obtain and document the legally required consents for the use of certain cookies and tracking technologies.  The processing is carried out on the basis of Art. 6 para. 1 lit. c) GDPR (legal obligation to obtain and document consent) and Art. 6 para. 1 lit. f) GDPR (legitimate interest in user-friendly and legally compliant consent management).
 

d) Plugins

Our websites use social plugins. These are labelled with the corresponding logo and link to the respective website. When you visit a page on our website that contains such a plugin, your browser establishes a direct connection with the respective server. In this way, the social media operator receives the information that you have accessed the corresponding page of our website and can assign this information to your account, provided you are logged in. If you do not want the social media operator to collect data about you via our website, you must log out of the social media account before visiting our website.
 

Use of communication media

If the use of a video function or other communication media is useful for the processing of these applications (e.g. for the preparation of a service technician assignment), you expressly agree to the use of the respective form of communication by using the system and, if applicable, by releasing data on the system side. 

In particular for our webinars or other online meetings (hereinafter referred to as "Online Meetings"), we use the Microsoft Teams service provided by Microsoft Corporation, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (hereinafter referred to as "Microsoft"). Various types of data are processed when using Microsoft Teams. The scope of the data also depends on the data you provide before or when participating in an online meeting. The following personal data categories are subject to processing: user details (display name, e-mail address if applicable, preferred language, optional profile picture), meeting metadata (date, time, meeting ID, telephone numbers, location), text, audio and video data (you may have the option of using the chat function. In this respect, the text entries you make are processed in order to display them in the online meeting. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the Microsoft Teams applications). If we would like to record online meetings, we will inform you transparently in advance and - if necessary - ask for your consent. Automated decision-making within the meaning of Art. 22 GDPR is not used.

Personal data that is processed in connection with participation in online meetings is not passed on to third parties unless it is intended to be passed on. Please note that content from online meetings and face-to-face meetings is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on. In addition, Microsoft necessarily obtains knowledge of the above-mentioned data insofar as this is provided for in our order processing contract. We have selected Microsoft data centres within Europe. As we cannot rule out access by Microsoft persons in third countries, in particular the USA, we have also concluded standard contractual clauses. 

Further information on data protection at Microsoft can be found at privacy.microsoft.com/de-de/privacystatement.

When contacting us via an online form on our websites, via a chat function or using other digital communication channels, we process personal data on the basis of Art. 6 para. 1 b) GDPR or Art. 6 para. 1 f) GDPR.
 

Use of AI applications

The use of AI applications may be necessary or helpful for the fulfilment of the aforementioned purposes.  The processing of personal data is limited to a minimum and only takes place if the AI application only uses the information for KESSEL. The legal basis for data processing is Art. 6 para. 1 b) GDPR or Art. 6 para. 1 f) GDPR.

Personal data is passed on within the KESSEL Group and to contracted service providers, partners and other authorised recipients. Any further disclosure to third parties will only take place if there is a legitimate interest, mandatory legal provisions apply or a court order exists. A commercial sale of your personal data expressly does not take place.

If there is a contractual relationship between you and KESSEL SE + Co KG, personal data will be deleted in accordance with the mandatory deletion requirements (e.g. mandatory deletion periods of the German Commercial Code and the German Fiscal Code).

If we process your personal data on the basis of an enquiry, contact or other communication, it will be deleted after completion of the enquiry or when the purpose no longer applies if there is neither a legitimate interest in further data processing or data storage nor consent.

Data and documents that are provided to us directly in connection with your application (career portal at https://karriere-kessel.de/stellenangebote.html, e-mail, by post, third-party providers) are collected, stored and used by our HR department exclusively for the application process. We only store your personal data within the KESSEL Group for as long as is necessary to fulfil the purpose for which it was collected or as long as we are required by law to retain it. If you are not hired, we will delete your data six months after you have been rejected. Longer storage is only possible if you give us your consent to do so. We will not sell or rent out the data you provide. We manage incoming applications in our applicant management software rexx (rexx systems GmbH, Süderstr. 75-79, 20097 Hamburg). rexx acts as a processor for us.

You may become aware of one of our vacancies through a third-party provider (job portal or recruitment agency). If you apply via the website of a third-party provider, please also note the data protection information of the third-party provider.

KESSEL also advertises vacancies using software from third-party providers. You will find these job advertisements primarily on social media platforms. If you click on an advertised position, you will be taken to a KESSEL careers page provided by the third-party provider, where you can carry out an assessment to determine whether you are suitable for the position. Apart from the log data required for functionality and security, no personal data is collected from you during the assessment. Based on your answers, an automated decision is made as to whether you can submit an application or whether you are not suitable for the position. If you are offered the opportunity to submit an application, a form for data entry will open. If you agree to enter your data, you will be contacted by the third-party provider's (WhatsApp) Recruiting ChatBot, which will ask you further questions in a short chat to initiate the application process. The ChatBot is an AI chatbot. Completing the application via the ChatBot is voluntary. Alternatively, you can send us your application via the KESSEL career portal https://karriere-kessel.de/stellenangebote.html.

We use software from third-party providers (processors) to increase the visibility of our vacancies and to make the application process more efficient.

a) External links

Our websites contain links to websites of other providers that are not affiliated with us. By clicking on these links, you will be forwarded directly to the websites of these providers. You can recognise this by the change of URL, among other things. As we no longer have any influence on the processing of your personal data from this point onwards, we cannot accept any responsibility for this. Please inform yourself directly about the data protection provisions on the selected websites for all external offers.

b) Security of your data

Your personal data provided to us is secured by taking appropriate technical and organisational security measures (e.g. data transmission via secure SSL connections) so that it is inaccessible to unauthorised third parties.

c) Validity of the privacy policy

We reserve the right to make changes at any time should legal requirements, changes in product/service offerings, technical developments, changing framework conditions or other reasons make an adjustment necessary. The current version of the privacy policy on our websites is always valid.

To assert your data subject rights listed below, please use the contact details provided in this privacy policy. For your own protection, we require confirmation of your identity for every enquiry in order to prevent unauthorised access to your personal data. If legal regulations or documentation obligations prevent us from processing your enquiry, we will provide you with information about this.

a) Information and data portability

You may at any time request comprehensive disclosure of the personal data stored by us as well as delivery of this data in a common, structured and machine-readable format.

b) Correction

If your data has changed, you can request a correction of the data. Please let us know which data you would like to correct. 

c) Restriction and cancellation

You can request the erasure of your personal data at any time. Alternatively, you can request the restriction of processing. We will comply with your request for erasure. If data erasure is not possible (e.g. due to legal obligations), we will inform you accordingly. In this case, we will restrict data processing until the time at which the erasure comes into effect.

d) Revocation of your consent and objection

If you have given your consent, you can revoke it in whole or in part at any time with effect for the future. Processing based on your consent until its revocation remains unaffected by this. You can also object to the data processing. If you object, we will check whether we can honour your objection and inform you accordingly. Data processing up to the time of the objection remains unaffected by this.

e) Right of appeal

You have the right to lodge a complaint about the processing of your personal data with the data protection authority.

If you have any questions or concerns about our privacy policy or the processing of your personal data, please contact us by e-mail at datenschutz@kessel.de or contact our data protection officer:

Data Business Services GmbH & Co. KG
Nördliche Münchner Str. 47
82031 Grünwald

datenschutz@kessel.de