Data protection

1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to identify you personally. For detailed information on the subject of data protection, please refer to our data protection declaration listed below this text.

Data collection on our website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the operator's contact details in the legal notice of this website.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form.

Other data is collected automatically by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data may be used to analyze your user behavior.

What rights do you have with regard to your data?

You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking or deletion of this data. You can contact us at any time at the address given in the legal notice if you have any further questions on the subject of data protection. You also have the right to lodge a complaint with the competent supervisory authority.

You also have the right to request the restriction of the processing of your personal data under certain circumstances. For details, please refer to the privacy policy under “Right to restriction of processing”.

Analysis tools and tools from third-party providers

When you visit our website, your surfing behavior may be statistically evaluated. This is primarily done using cookies and so-called analysis programs. The analysis of your surfing behavior is usually anonymous; the surfing behavior cannot be traced back to you.

You can object to this analysis or prevent it by not using certain tools. You can find detailed information about these tools and your options for objecting in the following privacy policy.

2. General notes and mandatory information

Data protection

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.

When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.

We would like to point out that data transmission over the Internet (e.g. when communicating by email) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.

Note on the responsible body

The controller responsible for data processing on this website is:

KATAG AG
Stralsunder Straße 5
33605 Bielefeld

Telephone: +49 (0)521 292-0
E-Mail: info@katag.net

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).

Data protection officer required by law

We have appointed a data protection officer for our company. You can reach him at:

Biehn & Professionals GmbH
IT Security and Risk Management
Wiesenstraße 32
33397 Rietberg-Mastholte

Telephone: 02944-979710
E-Mail: datenschutz@katag.net

Withdrawal of your consent to data processing

Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. All you need to do is send us an informal e-mail. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to object to data collection in special cases and to direct marketing (Art. 21 GDPR)

If data processing is carried out on the basis of Art. 6 para. 1 lit. e or f GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy. If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims (objection pursuant to Art. 21 (1) GDPR).

If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Art. 21 (2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged violation. The right to lodge a complaint is without prejudice to other administrative or judicial remedies.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

SSL and TLS encryption

This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Information, blocking, deletion and correction

Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data at any time. You can contact us at any time at the address given in the legal notice if you have further questions on the subject of personal data.

Right to restriction of processing

You have the right to request the restriction of the processing of your personal data. To do so, you can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:

- If you dispute the accuracy of your personal data stored by us, we generally need time to verify this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.

- If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of erasure.

- If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.

- If you have lodged an objection in accordance with Art. 21 (1) GDPR, your interests and our interests must be weighed up. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

Objection to advertising e-mails

We hereby object to the use of contact data published as part of our obligation to provide a legal notice for the purpose of sending unsolicited advertising and information material. The operators of the website expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

3. Data collection on our website

Cookies

Some of the Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping cart function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, these are treated separately in this privacy policy.

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

Browser type and browser version

Operating system used

Referrer URL

Host name of the accessing computer

Time of the server request

IP-address

This data is not merged with other data sources.

This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website - the server log files must be recorded for this purpose.

Contact form

If you send us inquiries via the contact form, your details from the inquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.

The data entered in the contact form is therefore processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can revoke this consent at any time. All you need to do is send us an informal email. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions - in particular retention periods - remain unaffected.

Request by e-mail, telephone or fax
If you contact us by e-mail, telephone or fax, we will store and process your inquiry, including all personal data (name, inquiry), for the purpose of processing your request. We will not pass on this data without your consent.

This data is processed on the basis of Art. 6 para. 1 lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or on our legitimate interests (Art. 6 para. 1 lit. f GDPR), as we have a legitimate interest in the effective processing of the inquiries addressed to us.

The data you send to us via contact requests will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

4. Analysis tools and advertising

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (Register No.: 368047) Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable your use of the website to be analyzed. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

The storage of Google Analytics cookies is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user behavior in order to optimize both its website and its advertising.

IP anonymization

We have activated the IP anonymization function on this website. This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. https://tools.google.com/dlpage/gaoptout?hl=de.

Objection to data collection

You can prevent the collection of your data by Google Analytics by clicking on “Reject” in the “Cookie settings” window.

An opt-out cookie will be set to prevent your data from being collected on future visits to this website.you can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

Order data processing

We have concluded a contract with Google for commissioned data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Demographic characteristics in Google Analytics

This website uses the “demographic characteristics” function of Google Analytics. This allows reports to be created that contain statements about the age, gender and interests of site visitors. This data comes from interest-based advertising from Google and from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as described in the section “Objection to data collection”.

Storage duration
Data stored by Google at user and event level that is linked to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 14 months. You can find details on this under the following link: .

WordPress Stats

This website uses the WordPress tool Stats to statistically analyze visitor access. The provider is Automattic Inc, 60 29th Street #343, San Francisco, CA 94110-4929, USA.

WordPress Stats uses cookies, which are stored on your computer and allow your use of the website to be analyzed. The information generated by the cookies about the use of our website is stored on servers in the USA. Your IP address is anonymized after processing and before storage.

“WordPress Stats” cookies remain on your device until you delete them.

The storage of “WordPress Stats” cookies is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the anonymized analysis of user behaviour in order to optimize both its website and its advertising.

You can object to the collection and use of your data for the future by clicking on this link to set an opt-out cookie in your browser:
https://www.quantcast.com/opt-out/.

If you delete the cookies on your computer, you must set the opt-out cookie again.

5. Own Services

Job applications
We offer you the opportunity to apply for a job with us (e.g. by e-mail, post or online application form). In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that your data will be collected, processed and used in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.ch behandelt werden.

Scope and purpose of data collection
If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during job interviews, etc.) insofar as this is necessary for the decision on the establishment of an employment relationship. The legal basis for this is § 26 BDSG-new under German law (initiation of an employment relationship), Art. 6 para. 1 lit. b GDPR (general contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a GDPR. Consent can be revoked at any time. Your personal data will only be passed on within our company to persons who are involved in processing your application.

If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of § 26 BDSG-new and Art. 6 para. 1 lit. b GDPR for the purpose of implementing the employment relationship.

Data retention period
If we are unable to make you a job offer, you reject a job offer, withdraw your application, revoke your consent to data processing or request us to delete the data, the data you have submitted, including any remaining physical application documents, will be stored or retained for a maximum of 6 months after completion of the application process (retention period) in order to be able to trace the details of the application process in the event of discrepancies (Art. 6 para. 1 lit. f GDPR).

YOU CAN OBJECT TO THIS STORAGE IF YOU HAVE LEGITIMATE INTERESTS THAT OUTWEIGH OUR INTERESTS.

After the retention period has expired, the data will be deleted unless there is a statutory retention obligation or another legal reason for further storage. If it is evident that it will be necessary to store your data after the retention period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted once it has become irrelevant. Other statutory retention obligations remain unaffected.

6. Our Social Media Presence

Data Processing by Social Networks
We maintain publicly accessible profiles on social networks. The specific social networks we use can be found below.

Social networks like Facebook, Google+, etc., can usually comprehensively analyze your user behavior when you visit their website or a website with integrated social media content (e.g., Like buttons or advertising banners). By visiting our social media profiles, numerous data protection-related processing activities are triggered. Specifically:

If you are logged into your social media account and visit our social media profile, the operator of the social media platform can associate this visit with your user account. However, your personal data may also be collected even if you are not logged in or do not have an account with the respective social media platform. This data collection may occur through cookies stored on your device or by recording your IP address.

With the data collected in this way, the operators of social media platforms can create user profiles in which your preferences and interests are stored. This allows interest-based advertising to be displayed both inside and outside of the respective social media profile. If you have an account with the respective social network, interest-based advertising can be displayed on all devices where you are logged in or have been logged in.

Please also note that we cannot track all processing activities on social media platforms. Depending on the provider, further processing activities may be carried out by the operators of the social media platforms. For details, please refer to the terms of use and privacy policies of the respective social media platforms.

Legal Basis
Our social media presence is intended to ensure the most comprehensive visibility on the internet. This constitutes a legitimate interest as per Art. 6(1)(f) GDPR. The analysis processes initiated by social networks may be based on different legal grounds, which must be indicated by the social network operators (e.g., consent as per Art. 6(1)(a) GDPR).

Controller and Assertion of Rights
When you visit one of our social media profiles (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing activities triggered during that visit. You can assert your rights (access, rectification, deletion, restriction of processing, data portability, and complaint) both against us and the operator of the respective social media platform (e.g., Facebook).

Please note that despite joint responsibility with the social media platform operators, we do not have full control over the data processing activities of these platforms. Our ability to influence such processes is primarily determined by the corporate policies of the respective provider.

Storage duration
The data we collect directly via our social media presence will be deleted from our systems as soon as the purpose for storing them no longer applies, you request us to delete them, you revoke your consent for storage, or the purpose for data storage no longer applies. Stored cookies will remain on your device until you delete them. Mandatory legal provisions—especially retention periods—remain unaffected.

We have no control over the storage duration of your data that is stored by the social network operators for their own purposes. For details on this, please consult the social network operators directly (e.g., in their privacy policies, see below).

Social Networks in Detail:

Facebook
We have a profile on Facebook. The provider is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU-US Privacy Shield.

We have entered into a joint processing agreement (Controller Addendum) with Facebook. This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum

You can adjust your ad settings independently in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads

For more details, please refer to Facebook's privacy policy: https://www.facebook.com/about/privacy/

Instagram
We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. For details on how they handle your personal data, please refer to Instagram’s privacy policy: Privacy policy

XING
We have a profile on XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. For details on how they handle your personal data, please refer to XING’s privacy policy: Privacy policy

LinkedIn
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified under the EU-US Privacy Shield and uses advertising cookies.

If you wish to disable LinkedIn advertising cookies, please use the following link: Deactivate cookies

For more details on how they handle your personal data, please refer to LinkedIn’s privacy policy: Privacy policy

7. Whistleblower System

When submitting a report, personal data (e.g., name, contact details, photos, reported incident, etc.)

of the person making the report (whistleblower)
of the person affected by the report (reported person)
and other individuals mentioned in the report (e.g., witnesses or third parties)

entered into the reporting form are processed.

Purpose and Legal Basis
The aforementioned data is processed for the purpose of detecting and preventing serious misconduct as well as avoiding and mitigating particularly severe or existentially threatening legal consequences and damages for our organization (criminal prosecution, claims for damages, reputational damage, regulatory actions) and for our employees.

The legal basis for the processing is the fulfillment of a legal obligation according to Art. 6(1)(c) GDPR in conjunction with § 10 HinSchG (Whistleblower Protection Act).

Recipients

Access to the reports is restricted to qualified employees of KATAG AG. Your identity will only be disclosed to us by them in cases regulated by law.

In the course of examinations, investigations, and necessary remedial measures, it may be necessary to transmit information about a reported incident to external advisors (e.g., legal advisors) or the relevant authorities.

The infrastructure of the system, including websites and databases, is operated on our behalf by Modehaus GmbH under Art. 28 GDPR, which in turn uses specialized software service providers as subcontractors. KATAG AG is strictly bound to confidentiality and compliance with all data protection requirements.

Storage duration

Personal data is retained for as long as necessary for investigation and final assessment or as required by law. Reports and notifications will be deleted 3 years after the conclusion of the process, in accordance with legal requirements.

External Reporting Channels

The Whistleblower Protection Act grants individuals intending to submit a report the option to choose between contacting an internal reporting office within the company or an external reporting office of the federal or state authorities.

However, according to the Whistleblower Protection Act, preference should be given to internal reporting channels if effective action against the violation can be taken through this channel and whistleblowers do not have to fear reprisals (§ 7(1) HinSchG).

We investigate all reports of violations that have a necessary and professional connection to our company. We are explicitly committed to protecting whistleblowers from any form of retaliation.

External reporting offices of the federal government are currently established at the following institutions:

The Federal Office of Justice
The Federal Financial Supervisory Authority (BaFin)
The Federal Cartel Office

All information regarding the responsibilities of the external reporting offices and their contact details can be found on the website of the Federal Office of Justice:

External Reporting Office of the Federal Government at the Federal Office of Justice