Introduction
We are delighted that you are visiting our website and your associated interest in our company and our products. Kendrion N.V. (hereinafter ‘Kendrion, ‘we’ or ‘us’) attaches great importance to the security of users’ data and compliance with data protection provisions. Hereinafter, we would like to inform you about how your personal data is processed on our website.
Controller and data protection officer
Controller:
Kendrion N.V.
Vesta Building - 5th floor
Herikerbergweg 213
1101 CN Amsterdam
The Netherlands
Telephone: +31 85 073 1500
info@kendrion.com
External data protection officer:
DDSK GmbH
Stefan Fischerkeller
Tel.: 07542 949 21 - 00
E-Mail: dataprotection.de@kendrion.com
Terms
The specialist terms used in this Privacy Policy are to be understood as legally defined in article 4 GDPR.
Information on data processing
Automated data processing (log files etc.)
You can visit our website without actively providing information about you as a person. However, every time our website is accessed, we automatically store access data (server log files), such as the name of your internet service provider, the operating system used, the website you visited us from, the date and duration of your visit and the name of the file accessed, as well the IP address of the computer used (for security reasons, such as to recognise attacks on our website) for a duration of 2 months[DK1] . This data is solely evaluated for the purpose of improving our offering and does not enable conclusions to be drawn about you as a person. This data is not merged with other data sources. The legal basis for the processing of data is article 6 (1) (f) GDPR. We process and use the data for the following purposes: 1. to provide the website, 2. to improve our websites and 3. to prevent and identify errors/malfunctions and the abuse of the website. The processing enables us to pursue legitimate interests in ensuring the functionality of the website and its error-free, secure operation, as well as in adapting this website to suit users’ needs.
Use of cookies (general, functionality, opt-out links etc.)
We use ‘cookies’ on our website to make visiting our website more attractive and to enable certain functions to be used. The use of cookies serves our legitimate interest in making your visit to our website as pleasant as possible and is based on article 6 (1) (f) GDPR. Cookies are standard internet technology used to store and retrieve login details and other usage information for all the users of a website. Cookies are small text files that are deposited on your end device. They enable us to store user settings, inter alia, to ensure that our website can be shown in a format tailored to your device. Some of the cookies we use are deleted after the end of a browser session, i.e. when you close your browser (known as ‘session cookies’). Other cookies remain on your end device and enable us or our partner companies to recognise your browser on your next visit (known as ‘persistent cookies’).
You can set your browser so you are informed when cookies are to be stored and decide whether to accept them in each individual situation, to accept them under certain circumstances, or to exclude them in general. In addition, cookies can be retrospectively deleted to remove data that the website stored on your computer. Deactivating cookies (known as ‘opting out’) can limit our website’s functionality in some respects.
Categories of data subjects: Website visitors, users of online services
Opt-out:
Internet Explorer: https://support.microsoft.com/de-de/help/17442
Firefox: https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen
Google Chrome: https://support.google.com/chrome/answer/95647?hl=de
Safari https://support.apple.com/de-de/HT201265
Legal bases: Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR). The pertinent legal basis is specifically stated for each tool in question.
Legitimate interests: Storing of opt-in preferences, presentation of the website, assurance of the website's functionality, provision of user status across the entire website, recognition for the next website visitors, user-friendly online offering, assurance of the chat function
Online marketing
We process personal data within the framework of online marketing, particularly regarding potential interests and to measure the effectiveness of our marketing measures, with the aim of continually boosting our reach and the prominence of our online offering.
We store the relevant information in cookies or use similar procedures for the purpose of measuring the effectiveness of our marketing measures and identifying potential interests. The data stored in the cookies could include the content viewed, webpages visited, settings, and the functions and systems used. However, plain data from users is not normally processed for the above purposes. If so, the data is changed so that the actual identity of the user is not known to us, nor the provider of the tool used. The changed data is often stored in user profiles.
In the event that user profiles are stored, the data can be used, read, supplemented, and expanded on the server of the online marketing procedure when other online offerings are visited that use the same online marketing procedure.
We can calculate the success of our adverts using summarised data that is made available to us by the provider of the online marketing procedure (known as ‘conversion measurement’). As part of these conversion measurements, we can trace whether a marketing measure caused a visitor to our online offering to decide to make a purchase. This evaluation serves to analyse the success of our online marketing.
Categories of data subjects: Website visitors, users of online services, prospective customers, communication partners, business partners and contractual partners
Data categories: Usage data (e.g. websites visited, interest in content, access times), metadata and communication data (e.g. device information, IP addresses), location data, contactdata (e.g. email addres s, telephone number), content data (e.g. text inputs, photographs, videos)
Purposes of processing: Marketing (sometimes interest-based and behavioural, as well), conversion measurement, target group formation, click tracking, development of marketing strategies and increase in the efficiency of campaigns
Legal bases: Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)
Legitimate interests: Optimisation and further development of the website, increase in profits, customer loyalty and acquisition
LeadRebel
Deployed service: Pulserio AG, Wassergrabe 3, 6210 Sursee, Switzerland
Data protection: https://leadrebel.io/de/privacy
Legal basis: Consent (Art. 6 Abs. 1 lit. a) GDPR)
Consent Management Tool
We use a consent management process on our website to store and manage the consent given by website visitors in a verifiable manner in accordance with data protection requirements. The consent management platform used helps us to recognize all cookies and tracking technologies and to control them based on the consent status. At the same time, visitors to our website can use the consent management service we have integrated to manage the consents and preferences given (optional setting of cookies and other technologies that are not required) or revoke consent at any time using the button.
The status of the consent is stored on the server and/or in a cookie (so-called opt-in cookie) or a comparable technology in order to be able to assign the consent to a user or their device. The time of the declaration of consent is also recorded.
Data categories: Consent data (consent ID and number, time consent was given, opt-in or opt-out), meta and communication data (e.g. device information, IP addresses)
Purposes of processing: Fulfilment of accountability obligations, Consent management
Legal bases: Legal obligation (Art. 6 para. 1 lit. c) GDPR in conjunction with Art. 7 GDPR)
Privacy Settings/Withdraw the consent
HubSpot Consent Management
Recipient of data: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA
Third country transfer: Based on the adequacy decision of the European Commission for the country USA
Privacy: https://legal.hubspot.com/de/privacy-policy
Google Tag Manager
Tool: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy:https://policies.google.com/privacy
Opt-out-link: https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal base: Legitimate interest (article 6 (1) (f) GDPR)
Legitimate interests: Coordination of different tools, management, easy handling and representation
Google Analytics
Tool: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy:https://policies.google.com/privacy
Opt-out-link:https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal base: Consent (article 6 (1) (a) GDPR)
Google AdWords and conversion measurement
Tool: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy:https://policies.google.com/privacy
Opt-out-link:https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal base: Consent (article 6 (1) (a) GDPR)
Google Doubleclick
Tool: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy:https://policies.google.com/privacy
Opt-out-link:https://tools.google.com/dlpage/gaoptout?hl=de or https://myaccount.google.com/
Legal base: Consent (article 6 (1) (a) GDPR)
Presence on social media
We maintain online presences on social networks and career platforms so we can exchange information with users registered there and easily contact them.
Sometimes, data belonging to social network users is used for market research and, by extension, for advertising purposes. Users’ usage behaviour, such as their stated interests, can lead to user profiles being created and used in order to adapt adverts to suit the interests of the target group. To this end, cookies are normally stored on users’ end devices, which sometimes occurs regardless of whether you are a registered user of the social network.
Depending on where the social network is operated, the user data can be processed outside the European Union or outside the European Economic Area. This can lead to risks for users because it is more difficult for them to assert their rights, for example.
Categories of data subjects: Registered users and non-registered users of the social network
Data categories: Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text inputs, photographs, videos), usage data (e.g. websites visited, interest in content, access times), metadata and communication data (e.g. device information, IP addresses)
Purposes of processing: Increase in the reach, networking of users
Legal bases: Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)
Legitimate interests: Interaction and communication on social media pages, increase in profits, findings regarding target groups
Tool: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Privacy:https://www.facebook.com/privacy/explanation und https://www.facebook.com/legal/terms/page_controller_addendum
Opt-out-link:https://www.facebook.com/settings?tab=ads
Tool: LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA
Privacy:https://www.linkedin.com/legal/privacy-policy
Opt-out-link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Tool: Twitter International Company, One Cumberland Place, Fenian Street Dublin 2, D02 AX07 Ireland
Privacy:https://twitter.com/de/privacy
Opt-out-link: https://help.twitter.com/de/rules-and-policies/twitter-cookies#privacy-options
YouTube
Tool: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy:policies.google.com/privacy
Opt-out-link: https://tools.google.com/dlpage/gaoptout?hl=de oder https://myaccount.google.com/
Tool: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany
Privacy: https://privacy.xing.com/de/datenschutzerklaerung
Plug-ins and integrated third-party content
We have integrated functions and content obtained from third-party providers into our online offering. For example, videos, depictions, buttons or contributions (hereinafter termed ‘content’) can be integrated.
To enable visitors to our online offering to be shown content, the third-party provider in question processes the user’s IP address, inter alia, to transmit the content to the browser and display it. It is not possible to integrate third-party content without this processing taking place.
Sometimes, additional information is collected via ‘pixel tags’ or web beacons through which the third-party provider receives information about the use of the content or visitor traffic to our online offering, technical information about the user's browser or operating system, the visit time or referring websites. The data collected in this manner is stored in cookies on the user’s end device.
Categories of data subjects: Users of plug-ins or third-party content
Data categories: Usage data (e.g. websites visited, interest in content, access times), metadata and communication data (e.g. device information, IP addresses) contact data (e.g. email address, telephone number), Master data (e.g. name, address)
Purposes of processing: Design of our online offering, increase in the reach of adverts on social media, sharing of contributions and content, interest-based and behavioural marketing, cross-device tracking
Legal bases: Consent (article 6 (1) (a) GDPR)
Google Maps
Tool: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Privacy:policies.google.com/privacy
Opt-out-link:tools.google.com/dlpage/gaoptout or myaccount.google.com
Legal base: Consent (article 6 (1) (a) GDPR)
Online conferences, meetings and webinars
We make use of the opportunity to hold online conferences, meetings and webinars. To do so, we use offerings provided by other carefully selected providers.
When actively using offerings of this nature, data regarding the participants in the communication is processed and stored on the servers of the third-party services used, provided this data is necessary for the communication process. In addition, usage data and metadata can also be processed.
Categories of data subjects: Participants in the online offering in question (conference, meeting, webinar)
Data categories: Master data (e.g. name, address), contact data (e.g. email address, telephone number), Content data (e.g. text inputs, photographs, videos), metadata and communication data (e.g. device information, IP addresses)
Purposes of processing: Processing of enquiries, increase in efficiency, promotion of cross-company or cross-location collaboration
Legal bases: Consent (article 6 (1) (a) GDPR)
Microsoft Teams
Tool: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Privacy: https://privacy.microsoft.com/de-de/privacystatement
Legal base: Consent (article 6 (1) (a) GDPR)
Skype
Tool: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Privacy:https://privacy.microsoft.com/de-de/privacystatement
Legal base: Consent (article 6 (1) (a) GDPR)
Credit check
If we are providing or rendering services ahead of payment, we reserve the right to carry out an identity/credit check. To do so, we make use of certain service providers who usually assess the risk to us using mathematical and statistical procedures.
Using the results given to us by the service provider in question, we decide at our discretion whether and, if so, how we will commence, execute or end a contractual relationship with you. In the event of a negative credit check, we reserve the right to refuse certain payment types or other types of services rendered ahead of payment. The decision as to whether we render services ahead of payment is made in an automated fashion, on the basis of the result provided by the service provider in question.
Categories of data subjects: Customer / Supplier / Service Provider
Data categories: Master data (e.g. name, address), Transaction/payment data (bank details, invoices, payment history), contact data (e.g. email address, telephone number), contract data (e.g. subject of the contract, term, customer category), credit data (incl. scores)
Purposes of processing: Avoidance of payment default and reducing the default rate for payments, reduction of our credit risk
Legal bases: Legitimate interest (article 6 (1) (f) GDPR)
Legitimate interests: Financial protection, protection against payment default, reduction in credit risk, profit generation
SCHUFA
Tool: SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany
Privacy:www.schufa.de/de/datenschutz/
Verband der Vereine Creditreform e.V.
Tool: Verband der Vereine Creditreform e.V., Hellersbergstraße 12, 41460 Neuss Germany
Privacy:https://www.creditreform.de/datenschutz
Use of survey services on the website with data transfer
We carry out questionnaires and surveys (hereinafter ‘surveys’) on our online offering. This helps us to improve our offering and better meet our customers’ needs. To this end, it is not necessary to be able to trace whether we can associate feedback with a particular person. Before your survey is evaluated, the data we process to provide and execute our surveys on a technical level is anonymised. Participation in the survey is voluntary.
Categories of data subjects: Participants in the online surveys
Data categories: Name and email address
Purposes of processing: Marketing, increase in customer loyalty and new customer acquisition, improvement/optimisation of the offering
Legal bases: Consent (article 6 (1) (a) GDPR)
LimeSurvey
Tool: LimeSurvey GmbH Umfragedienste & Beratung, Papenreye 63, 22453 Hamburg, Germany
Privacy:https://www.limesurvey.org/de/richtlinien/datenschutzrichtlinie
Newsletter and mass communication (including tracking, if applicable)
On our online offering, users have the option of subscribing to our newsletter or to notifications on various channels (hereinafter referred to overall as ‘newsletters’). We only send newsletters to recipients who have agreed to receive the newsletter, and within the framework of statutory provisions. We use a select service provider to send out our newsletter.
An email address must be provided to subscribe to our newsletter. If applicable, we collect extra data, such as to include a personal greeting in our newsletter.
Our newsletter is only sent after the ‘double opt-in procedure’ has been fully completed. If visitors to our online offering decide to receive our newsletter, they will receive a confirmation email that serves to prevent the fraudulent input of wrong email addresses and preclude a single, possibly accidental, click from causing the newsletter to be sent. The subscription to our newsletter can be ended at any time with future effect. An unsubscription (opt-out) link is given at the end of every newsletter.
In addition, we are obliged to provide proof that our subscribers actually want to receive the newsletter. To this end, we collect and store their IP address, along with the time of subscription and unsubscription.
Our newsletters are designed so that we can obtain findings about improvements, target groups or the reading behaviour of our subscribers. We are able to do this thanks to a 'web beacon’ or tracking pixel that reacts to interactions with the newsletter, such as looking at whether links are clicked on, whether the newsletter is opened at all, or at what time the newsletter is read. For technical reasons, we can associate this information with individual subscribers.
Categories of data subjects: Newsletter subscribers
Data categories: Master data (e.g. name, address), contact data (e.g. email address, telephone number), metadata and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times)
Purposes of processing: Marketing, increase in customer loyalty and new customer acquisition, analysis and evaluation of the campaigns’ success
Legal bases: Consent (article 6 (1) (a) GDPR)
Newsletter2Go
Tool: Newsletter2Go GmbH, Köpenicker Str. 126, 10179 Berlin, Germany
Privacy: https://www.newsletter2go.de/datenschutz/
SendinBlue
Tool: SendinBlue SAS, 55, rue d’Amsterdam, 75008 Paris, France
Privacy:https://de.sendinblue.com/legal/privacypolicy/
Advertising communications
We also use data provided to us for advertising purposes, particularly to provide information on various channels about new products from us or in our portfolio of offerings. However, promotional contact from our side is only undertaken within the framework of the statutory requirements, and once consent has been granted, insofar this is necessary.
If the recipients of our advertising do not want to receive it, they can inform us of this at any time with future effect. We are happy to acquiesce to their request.
Categories of data subjects: Communication partners
Data categories: Master data (e.g. name, address), contact data (e.g. email address, telephone number)
Purposes of processing: Direct marketing
Legal bases: Consent (article 6 (1) (a) GDPR), legitimate interest (article 6 (1) (f) GDPR)
Legitimate interests: Retention of existing contacts/contractual partners and acquisition of new ones
Contacting us
On our online offering, we offer the option of contacting us directly or requesting information via various contact options.
In the event of contact being made, we process the data of the person making the enquiry to the extent necessary for answering or handling their enquiry. The data processed can vary depending on the method via which contact is made with us.
Categories of data subjects: Individuals submitting an enquiry
Data categories: Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text inputs, photographs, videos), metadata and communication data (e.g. device information, IP addresses), usage data (e.g. websites visited, interest in content, access times)
Purposes of processing: Processing requests
Legal bases: Consent (article 6 (1) (a) GDPR), performance of contract (article 6 (1) (b) GDPR)
Data transfer
We transfer the personal data of visitors to our online offering for internal purposes (e.g. for internal administration or to the HR department so we can meet statutory or contractual obligations). Internal data transfer or the disclosure of data only occurs to the extent necessary, under the pertinent data protection provisions.
We are a globally active company headquartered in Amsterdam. Data of visitors to our online offering is stored in our central customer database, in compliance with the pertinent data protection provisions, and is processed across the group for internal administrative purposes. It is not processed for purposes other than administrative ones.
Legal basis: Legitimate interests (article 6 (1) (f) GDPR )
Legitimate interests: ‘Small-group exemption’, centralised management and administration within the company to make use of synergy effects, cost savings, increased efficiency
We transfer data to countries outside the EEA (known as ‘third countries’). This occurs due to the above-mentioned purposes (transfer within the group and/or to other recipients). Transfer is only effected to fulfil our contractual and legal obligations, or on the basis of the consent that the data subject granted prior to this. In addition, this transfer takes place in compliance with the applicable data protection laws, and particularly in accordance with article 44 ff. GDPR, especially on the basis of adequacy decisions made by the European Commission or certain guarantees (e.g. standard protection clauses etc.).
Storage period
In principle, we store the data of visitors to our online offering for as long as needed to render our service or to the extent that the European body issuing directives and regulations or another legislator stipulates in laws and regulations to which we are subject. In all other cases, we delete personal data once the purpose has been fulfilled, with the exception of data that we need to continue to store to comply with legal obligations (e.g. if retention periods under tax law and trade law require us to keep documents such as contracts and invoices for a certain period of time).
Automated decision-making
We do not use automated decision-making or profiling.
Technical safety
Kendrion uses technical and organisational security measures to protect your data administered by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security measures have continuously been improved according to the technological development.
For reasons of security and to protect the transmission of confidential content, such as the requests you send to us as the site operator, this site uses SSL (Secure Socket Layer) encryption in conjunction with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is being transmitted in encrypted form by the fact that the browser address line changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL encryption is activated, the data that you transmit to us cannot be read by third parties.
We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.
Legal bases
The decisive legal bases primarily arise from the GDPR. They are supplemented by national laws from member states and can, if applicable, be applied alongside or in addition to the GDPR.
Consent: Article 6 (1) (a) GDPR serves as the legal basis for processing procedures regarding which we have sought consent for a particular purpose of processing.
Performance of a contract: Article 6 (1) (b) serves as the legal basis for processing required to perform a contract to which the data subject is a contractual party or for taking steps prior to entering into a contract, at the request of the data subject.
Legal obligation: Article 6 (1) (c) GDPR is the legal basis for processing that is required to comply with a legal obligation.
Vital interests: Article 6 (1) (d) GDPR serves as the legal basis if the processing is necessary to protect the vital interests of the data subject or another natural person.
Public interest: Article 6 (1) (e) GDPR serves as the legal basis for processing that is necessary to perform a task in the public interest or to exercise public force that is transferred to the controller.
Legitimate interest: Article 6 (1) (f) GDPR serves as the legal basis for processing that is necessary to protect the legitimate interests of the controller or a third party, provided this is not outweighed by the interests or fundamental rights and fundamental freedoms of the data subject that require personal data to be protected, particularly if the data subject is a child.
Rights of the data subject
Right of access: Pursuant to article 15 GDPR, data subjects have the right to request confirmation as to whether we process data relating to them. They can request access to their data, along with the additional information listed in article 15 (1) GDPR and a copy of their data.
Right to rectification: Pursuant to article 16 GDPR, data subjects have the right to request that data relating to them, and that we process, be rectified or completed.
Right to erasure: Pursuant to article 17 GDPR, data subjects have the right to request that data relating to them be erased without delay. Alternatively, they can request that we restrict the processing of their data, pursuant to article 18 GDPR.
Right to data portability: Pursuant to article 20 GDPR, data subjects have the right to request that data made available to us by them be provided and transferred to another controller.
Right to lodge a complaint: In addition, data subjects have the right to lodge a complaint with the supervisory authority responsible for them, under article 77 GDPR.
Right to object: If personal data is processed on the basis of legitimate interests pursuant to article 6 (1) (1) (f) GDPR, under article 21 GDPR data subjects have the right to object to the processing of their personal data, provided there are reasons for this that arise from their particular situation or the objection relates to direct advertising. In the latter case, data subjects have a general right to object that is to be put into effect by us without a particular situation being stated.
Withdrawal of consent
Some data processing procedures can only be carried out with the express consent of the data subject. Once granted, you are able to withdraw consent at any time. To do so, sending an informal note or email to dataprotection@kendrion.com is sufficient. The legality of the data processing carried out up to the point of withdrawal shall remain unaffected by the withdrawal.
External links
Our website includes links to online offerings from other providers. We note that we have no influence over the content of the online offerings linked to and over whether their providers comply with data protection provisions.
Amendments
We reserve the right to amend this information on data protection, in compliance with the applicable data protection provisions, if changes are made to our online offering so that it complies with the legal requirements.
This Privacy Policy was drawn up by the Deutsche Datenschutzkanzlei –
Tettnang office