Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection provisions is:

Koch Essen Kommunikation + Design GmbH
Alfredstraße 61
45130 Essen

Phone: +49 201 8944-6
Fax: +49 201 8944-888
E-mail: info@koch-essen.de

Name and Address of the Data Protection Officer

The Data Protection Officer of the controller is:

Datenschutz Ruhr GmbH
Managing Directors: Björn Leineweber, Tim Schabio
Hauptstraße 2
45219 Essen

Phone: +49 201 890 66 123
E-mail: leineweber@datenschutz-ruhr.de

General Information on Data Processing

Scope of Processing of Personal Data

We generally process personal data of our users only to the extent necessary to provide a functional website as well as our content and services. Processing of personal data of our users regularly takes place only with the consent of the user. An exception applies in cases where obtaining prior consent is not possible for factual reasons and processing is permitted by legal regulations.

Legal Basis for Processing of Personal Data

Where we obtain the consent of the data subject, Art. 6 (1) lit. a GDPR serves as the legal basis.

For processing personal data necessary for the performance of a contract, Art. 6 (1) lit. b GDPR serves as the legal basis. This also applies to processing operations required to carry out pre-contractual measures.

Where processing of personal data is necessary for compliance with a legal obligation, Art. 6 (1) lit. c GDPR serves as the legal basis.

If vital interests of the data subject or another natural person require the processing of personal data, Art. 6 (1) lit. d GDPR serves as the legal basis.

If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and these are not overridden by the interests, rights, or freedoms of the data subject, Art. 6 (1) lit. f GDPR serves as the legal basis.

Deletion of Data and Storage Duration

Personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may take place if provided for by the European or national legislator in EU regulations, laws, or other provisions to which the controller is subject. Blocking or deletion of data also occurs when a storage period prescribed by the mentioned standards expires, unless further storage is required for the conclusion or fulfillment of a contract.

Processing of Contract Data

We process the data of our contractual partners and interested parties as well as other clients, customers, or business partners (collectively referred to as “contractual partners”) pursuant to Art. 6 (1) lit. b GDPR, in order to provide our contractual or pre-contractual services. The type, scope, purpose, and necessity of data processing are determined by the underlying contractual relationship.
The processed data includes the master data of our contractual partners (e.g., names and addresses), contact data (e.g., email addresses and telephone numbers) as well as contract data (e.g., services used, contract contents, contractual communication, names of contact persons) and payment data (e.g., bank details, payment history). In addition, within the scope of order processing we process inventory data (e.g., customer master data such as names or addresses), contact data (e.g., email, telephone numbers), content data (e.g., text entries, photographs, videos), contract data (e.g., subject matter of the contract, term), payment data (e.g., bank details, payment history), and usage and meta data (e.g., in the context of evaluating and measuring the success of marketing activities). The data subjects include our customers, prospective customers and their customers, users, website visitors or employees as well as third parties. The purpose of processing is the provision of contractual services, billing and our customer service. The legal bases for processing arise from Art. 6 (1) lit. b GDPR (contractual services) and Art. 6 (1) lit. f GDPR (analysis, statistics, optimization, security measures).
Special categories of personal data are generally not processed, unless they are part of a commissioned or contractual processing.
We process only the data necessary for establishing and fulfilling contractual services and indicate their necessity, if not evident to contractual partners. Data is disclosed to external persons or companies only if required within the framework of a contract. When processing data provided to us in the context of an assignment, we act in accordance with the instructions of our clients as well as the statutory provisions on commissioned data processing pursuant to Art. 28 GDPR, and we do not process the data for any purposes other than those specified in the assignment.
When using our online services, we may store the IP address and the time of each user action. Storage is based on our legitimate interests and the user’s interest in protection against misuse and unauthorized use. Data is generally not passed on to third parties, unless necessary for asserting legal claims (Art. 6 (1) lit. f GDPR) or there is a legal obligation (Art. 6 (1) lit. c GDPR).
Data is deleted after expiration of statutory warranty and comparable obligations. The necessity of storage is reviewed every three years. In the case of statutory archiving obligations, deletion takes place after their expiry (e.g., 6 years under § 257 (1) HGB, 10 years under § 147 (1) AO). In the case of data disclosed to us by the client in the context of an assignment, we delete the data in accordance with the provisions of the assignment, generally upon completion of the assignment.

Provision of Website and Creation of Log Files

Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.

The following data is collected:

Information about the browser type and version used
The user’s operating system
The user's internet service provider
The user’s IP address
Date and time of access
Websites from which the user’s system accesses our website
Websites accessed by the user’s system via our website

The data is also stored in our system’s log files. This data is not stored together with the user’s other personal data.

Legal Basis for Data Processing

The legal basis for temporary storage of data and log files is Art. 6 (1) lit. f GDPR.

Purpose of Data Processing

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Storage in log files takes place to ensure the functionality of the website. Additionally, the data serves us in optimizing the website and ensuring the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.

These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 (1) lit. f GDPR.

Duration of Storage

The data is deleted as soon as it is no longer required for the purpose of its collection. In the case of data collection for provision of the website, this is when the session ends.

In the case of data stored in log files, this is after seven days at the latest. Storage beyond this period is possible. In this case, the users’ IP addresses are deleted or anonymized, so that assignment to the accessing client is no longer possible.

Possibility of Objection and Removal

The collection of data for provision of the website and storage of data in log files is absolutely necessary for operation of the website. Consequently, the user has no possibility to object.

Contact Form and E-mail Contact

Description and Scope of Data Processing

Our website provides a contact form that can be used for electronic communication. If a user takes advantage of this option, the data entered into the input fields is transmitted to us and stored. This data includes:

Name (e.g., first and last name)
Company / organization name (optional)
E-mail
Telephone number (optional)
Message text

At the time the message is sent, the following additional data is also stored:

The user’s IP address
The user’s user agent (browser name)
Date and time of the contact

As part of the submission process, your consent to the processing of data is obtained and reference is made to this privacy policy.

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

In this context, there is no disclosure of the data to third parties. The data is used exclusively for processing the conversation.

Legal Basis for Data Processing

The legal basis for processing the data is Art. 6 (1) lit. a GDPR if the user has given consent.

The legal basis for processing the data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f GDPR. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for processing is Art. 6 (1) lit. b GDPR.

Purpose of Data Processing

The processing of personal data from the input form serves solely to handle the contact request. In the case of contact via e-mail, this also constitutes the necessary legitimate interest in processing the data.

The other personal data processed during the submission process is used to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of Storage

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. For personal data from the input form of the contact form and those sent by e-mail, this is the case when the respective conversation with the user is terminated. The conversation is considered terminated when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

The additional personal data collected during the submission process will be deleted no later than seven days thereafter.

Possibility of Objection and Removal

The user has the right to revoke consent to the processing of personal data at any time. If the user contacts us via e-mail, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

All personal data stored in the course of contacting us will be deleted in this case.

Online Presence on Social Media

Our online presence on social networks primarily serves to provide information and to communicate with our customers.

It should be expressly noted that, particularly in the area of well-known social channels such as Facebook, Twitter, and Instagram, users’ data is regularly processed outside the EU. This makes safeguarding data protection rights significantly more difficult. The providers of the social channels in the United States of America have accepted the EU Standard Contractual Clauses for data processing and thereby commit to complying with EU data protection standards.

The primary purpose of data collection is its use for market research and advertising. As part of this process, user profiles are regularly created based on user behavior, which are then further used to display advertisements—even outside the platform—that most closely match the user’s interests. To enable this, a small file (“cookie”) is stored on the user’s device, which contains the relevant information. Data processing also includes cross-device data, especially when users are logged into the respective platform at the time.

The legal basis for data collection is, provided the user has already given consent to the setting of cookies, Art. 6 (1) lit. a GDPR. In all other cases, the basis is our legitimate interest in the continuous analysis and improvement of our online offering in accordance with Art. 6 (1) lit. f GDPR.

In the event of inquiries for information and the assertion of user rights, we also point out that these can most effectively be addressed to the providers themselves. Only the providers have direct access to the users’ data and can take corresponding measures and provide information. Should you nevertheless require assistance, you may contact us.

For a detailed presentation of the respective processing activities and the options for objection (opt-out), we refer to the information provided by the providers linked below.

Alphabet Platforms

Google / YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)

Privacy Policy: https://policies.google.com/privacy
Opt-Out: https://adssettings.google.com/authenticated

Facebook

Facebook pages, groups (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on the basis of an agreement on joint processing of personal data.

Privacy Policy: https://www.facebook.com/about/privacy/
specifically for pages: https://www.facebook.com/legal/terms/information_about_page_insights_data
Opt-Out: https://www.facebook.com/settings?tab=ads and https://www.youronlinechoices.eu/

Twitter

Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA)

Privacy Policy: https://twitter.com/de/privacy
Opt-Out: https://twitter.com/personalization

Xing

Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Deutschland)

Google Ads

Our website uses advertisements from Google ("Google Ads"). The operator of the advertisements and the associated visitor tracking is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit our website via a Google ad, a connection is established to Google’s servers. The Google server is informed about which of our pages you have visited. If you are logged into your Google account, you allow Google to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your Google account.

The use of Google Ads is based on Art. 6 (1) sentence 1 lit. a GDPR.

Further information on the handling of user data can be found in Google’s privacy policy at: https://policies.google.com/privacy?hl=en

Embedding YouTube Videos (and Cookies)

Our website uses plugins from YouTube, a service operated by Google. The operator of the site is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

When you visit one of our pages equipped with a YouTube plugin, a connection to YouTube’s servers is established. The YouTube server is informed about which of our pages you have visited.
If you are logged into your YouTube account, you allow YouTube to directly associate your browsing behavior with your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of presenting our online offerings in an appealing way. This constitutes a legitimate interest pursuant to Art. 6 (1) lit. f GDPR.

Further information on the handling of user data can be found in YouTube’s privacy policy at: https://policies.google.com/privacy?hl=en

Rights of the Data Subject

If your personal data are processed, you are a data subject within the meaning of the GDPR, and you have the following rights vis-à-vis the controller:

Right of Access

You may request confirmation from the controller as to whether personal data concerning you are being processed by us.

If such processing is taking place, you may request the following information from the controller:

the purposes for which the personal data are processed;
the categories of personal data that are processed;
the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
the planned duration of the storage of the personal data concerning you, or, if specific information is not possible, criteria for determining the storage period;
the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;
the existence of a right to lodge a complaint with a supervisory authority;
any available information as to the source of the data if the personal data were not collected from the data subject;
the existence of automated decision-making, including profiling, pursuant to Art. 22 (1) and (4) GDPR, and—at least in these cases—meaningful information about the logic involved as well as the significance and intended consequences of such processing for the data subject.

You have the right to request information as to whether personal data concerning you are transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to Art. 46 GDPR relating to the transfer.

Right to Rectification

You have the right to rectification and/or completion with respect to the controller if the personal data concerning you is inaccurate or incomplete. The controller is obliged to make the correction without undue delay.

Right to Restriction of Processing

Under the following conditions, you may request the restriction of processing of your personal data:

if you contest the accuracy of the personal data concerning you for a period that allows the controller to verify the accuracy of the personal data;
the processing is unlawful and you oppose the deletion of the personal data and instead request the restriction of its use;
the controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims; or
if you have objected to processing pursuant to Art. 21(1) GDPR and it has not yet been determined whether the legitimate grounds of the controller override your reasons.

If the processing of your personal data has been restricted, such data may – aside from storage – only be processed with your consent or for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been applied under the above conditions, you will be informed by the controller before the restriction is lifted.

Right to Erasure

Obligation to Erase

You may request that the controller immediately erase the personal data concerning you, and the controller is obliged to erase such data without undue delay if one of the following reasons applies:

The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
You withdraw your consent on which the processing is based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.
You object pursuant to Art. 21(1) GDPR to the processing, and there are no overriding legitimate grounds for processing, or you object pursuant to Art. 21(2) GDPR to the processing.
The personal data concerning you has been unlawfully processed.
Erasure of the personal data concerning you is required to fulfill a legal obligation under Union law or the law of a Member State to which the controller is subject.
The personal data concerning you was collected in relation to information society services offered pursuant to Art. 8(1) GDPR.

Information to Third Parties

If the controller has made the personal data concerning you public and is obliged under Art. 17(1) GDPR to erase it, the controller shall take reasonable measures, considering available technology and implementation costs, including technical measures, to inform other controllers processing the personal data that you, as the data subject, have requested the erasure of all links to, copies, or replications of this personal data.

Exceptions

The right to erasure does not exist insofar as processing is necessary:

for exercising the right of freedom of expression and information;
for compliance with a legal obligation under Union or Member State law to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right mentioned in subsection (a) is likely to render the achievement of the purposes of processing impossible or seriously impaired; or
for the establishment, exercise, or defense of legal claims.

Right to Information

If you have exercised the right to rectification, erasure, or restriction of processing with respect to the controller, the controller is obliged to inform all recipients to whom the personal data concerning you has been disclosed of such rectification or erasure of data or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed of these recipients by the controller.

Right to Data Portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that:

the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR; and
the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data transmitted directly from one controller to another, as far as technically feasible. The freedoms and rights of other persons must not be affected.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to Object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you based on Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

Where personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such advertising; this also applies to profiling insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You may exercise your right to object in connection with the use of information society services – regardless of Directive 2002/58/EC – through automated procedures using technical specifications.

Right to Withdraw Data Protection Consent

You have the right to withdraw your data protection consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Automated Decision-Making Including Profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

is necessary for entering into or performing a contract between you and the controller;
is permitted under Union or Member State law to which the controller is subject, which also contains suitable measures to safeguard your rights, freedoms, and legitimate interests; or
is based on your explicit consent.

However, such decisions must not be based on special categories of personal data pursuant to Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and appropriate measures have been taken to protect your rights, freedoms, and legitimate interests.

In the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard your rights and freedoms as well as your legitimate interests, which include at least the right to obtain human intervention on the part of the controller, to express your point of view, and to contest the decision.

Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your residence, workplace, or the place of the alleged infringement, if you consider that the processing of personal data concerning you violates the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant about the status and outcome of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

Routine Storage, Erasure, and Blocking of Personal Data

We process and store your personal data only for the period required to achieve the storage purpose or as provided by the legal regulations to which our company is subject.

Once the storage purpose ceases or a prescribed retention period expires, personal data will be routinely blocked or erased in accordance with legal requirements.

Duration of Storage of Personal Data

The criterion for the duration of storage of personal data is the respective statutory retention period. After this period expires, the corresponding data will be routinely erased unless it is still required for contract fulfillment or contract initiation.

Currency and Amendment of the Privacy Policy

This privacy policy is currently valid and has the status: May 2024.

Due to the further development of our websites and services or due to changed legal or regulatory requirements, it may become necessary to amend this privacy policy. The current privacy policy can be accessed and printed at any time on the website at “https://koch-essen.de/datenschutz/”.