Data Protection.

I. Preliminary Note
Thank you for visiting our website and for your interest in our company, our products and our services. For KVS GmbH (in the following: “we” or “us”), the protection of your data is of great importance. It is self-evident for us to treat your data confidentially and according to data protection rules as well as according to this Data Protection Policy. With this present Data Protection Policy, we would like to inform you on how we process your data and the rights you have. This website might include links to other providers, on which this Data Protection Policy does not cover. By continuously using our website, you agree with the information processing of your data according to this Data Protection Policy. Law changes or changes of our internal company processes require occasional adjustments of this Data Protection Policy. Please check the current version of our Data Protection Policy on our website regularly.
II. Contact Data
1. “Controller” pursuant to Art. 4 Nr. 7 GDPR
KVS GmbH
Niedersachsenstr. 16
48465 Schüttorf
Germany
Phone: +49 (0) 5923 / 90 36-0
Email: info@kvs-gmbh.com
2. “Processor” pursuant to Art. 37 GDPR in conjunction with § 38 BDSG (neu)
KVS GmbH
Niedersachsenstr. 16
48465 Schüttorf
Germany
Phone: +49 (0) 5923 / 90 36-0
Email: datenschutz@kvs-gmbh.com

III. General and Mandatory Information

1. Purpose of Processing and Legal Basis
Your personal data will be processed in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (= Bundesdatenschutzgesetz, BDSG) and other relevant data protection regulations. The processing and use of the individual data depends on the agreed or requested service.

a. Consent to Data Processing
If you give us consent in accordance with Art. 6 para. 1 lit. a GDPR for the processing of personal data, the respective consent is the legal basis for the processing mentioned therein. You can revoke your consent at any time with effect for the future.

b. Processing of Your Personal Data
We process your personal data in order to implement our contracts and agreements with you. Furthermore, your personal data are processed for the implementation of measures and activities in the context of pre-contractual relationships (Article 6 para. 1 lit. b GDPR).

c. Fulfilment of Legal Obligations
Pursuant to Art. 6 para. 1 lit. c GDPR, we process your personal data if this is necessary for the fulfilment of legal obligations (e.g. commercial or tax laws). If necessary, we also process your data for the fulfilment of tax control and reporting obligations as well as for the archiving of data for the purposes of data protection and data security as well as the examination by tax authorities and other authorities. In addition, the disclosure of personal data in the context of administrative / judicial action may be required for purposes of gathering evidence, prosecuting or enforcing civil claims.

d. Balancing of Interests
Furthermore, we may use your personal data based on balancing of interests to safeguard the legitimate interests of us or third parties (Article 6 para. 1 lit. f GDPR). This is done for the following purposes with customers and interested parties:

  • for advertising or market research, if you have not objected to the use of your data;
  • for the limited storage of your data, if deletion due to the special nature of the storage is not possible or only with disproportionate effort;
  • for the further development of services and products as well as existing systems and processes;
  • for statistical analysis or market analysis;
  • for internal or external investigations and / or safety checks;
  • for certifications of private or official matters.

This is done for the following purposes with suppliers and providers:

  • for advertising or market research, if you have not objected to the use of your data;
  • for the limited storage of your data, if deletion due to the special nature of the storage is not possible or only with disproportionate effort;
  • for the further development of services and products as well as existing systems and processes;
  • for statistical analysis or market analysis;
  • for certifications under private law or regulatory affairs;
  • for the enforcement of legal claims and defence in legal disputes that are not directly attributable to the contractual relationship;
  • to ensure and exercise our domiciliary rights through appropriate measures (such as video surveillance).
2. Personal Data Processed by Us
We receive your personal data when business relations with KVS GmbH come about. The following data of customers and interested parties are processed:
  • personal data (name, occupation / industry and comparable data);
  • contact details (address, e-mail address, telephone number and comparable data);
  • customer history.
We reserve the right to process personally identifiable information from public sources (such as Internet, media, press). The following data of suppliers and providers are processed:
  • personal data (name, occupation / industry and comparable data);
  • contact details (address, e-mail address, telephone number and comparable data);
  • supplier history.
We reserve the right to process personally identifiable information from public sources (such as Internet, media, press). If it is necessary for the performance of services, we also process personal data which we obtain lawfully from third parties (such as address publishers, credit agency).
3. Information Disclosure
a. Internal Disclosure
We disclose your personal data within our company to the areas which need this information to fulfil contractual and legal obligations or to implement our legitimate interests.

b. External Disclosure
Moreover, the following departments and offices may receive the data of our customers and interested parties:

  • contract data processor (Art. 28 GDPR), service providers for supporting activities and other responsible persons within the meaning of the GDPR, in particular in the areas of IT services, logistics, courier services, printing services, external data centres, support / maintenance of IT applications, archiving, document processing, accounting and controlling, data destruction, purchasing / procurement, customer administration, letter shops, marketing, telephony, website management, tax consulting, auditing services, credit institutions;
  • public bodies and institutions in the presence of a legal or regulatory obligation under which we are required to provide information, notification or disclosure of data;
  • other entities for which you have given us your consent to the transfer of data.

Moreover, the following departments and offices may receive the data of our suppliers and providers:

  • contract data processor (Art. 28 GDPR), service providers for supporting activities and other responsible persons within the meaning of the GDPR, in particular in the areas of IT services, logistics, courier services, printing services, external data centres, support / maintenance of IT applications, archiving, document processing, accounting and controlling, data destruction, purchasing / procurement, customer administration, letter shops, marketing, telephony, website management, tax consulting, auditing services, credit institutions;
  • public bodies and institutions in the presence of a legal or regulatory obligation under which we are required to provide information, notification or disclosure of data, or the disclosure of data is in the public interest;
  • bodies and institutions based on our legitimate interest or the legitimate interests of a third party (such as government agencies, credit agencies, debt collection agencies, lawyers, courts, appraisers and supervisory bodies);
  • other entities for which you have given us your consent to the transfer of data.
c. Further Information
Data processing outside the EU or the EEA does not happen.
4. Right to object pursuant to Art. 21 GDPR
a. General Information
In general, Art. 21 GDPR contains the right to object to the processing of personal data by us. This right of objection, however, only applies in the case of very special circumstances of your personal situation, whereby rights of our house might conflict with your right of objection. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

b. Consequences of Revocation
If you object, we will not process your personal information unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or processing for the purpose of enforcing, pursuing or defending legal claims.

c. Direct Advertising
We also may process personal data of customers and interested parties in order to do direct advertising. If you do not want to receive advertising, you have the right to object to it at any time. We will consider this revocation for the future.

d. Form of Revocation
The revocation can be made informally to our data protection officer (info@kvs-gmbh.com).
5. Right of appeal to the responsible supervisory authority
In the case of data protection violations, the person concerned according to Art. 77 DSGVO has a right of appeal to the responsible supervisory authority. The responsible supervisory authority in matters of data protection law is the state data protection officer of the federal state in which our company is based. For the KVS GmbH is responsible:
Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hannover
Germany
Telefon: +49 (0) 511 120-4500
Telefax: +49 (0) 511 120-4599
E-Mail: poststelle@lfd.niedersachsen.de
6. Right to Data Portability
You have the right to receive the data which we automatically process on the basis of your consent or in fulfilment of a contract, handed out to yourself or to a third party in a common, machine readable form. If you require the direct transfer of the data to another person in charge, this will only be done to the extent technically feasible.
7. Your Privacy Rights
You have the following rights with respect to personal data concerning you:
  • the right of access (Article 15 GDPR), i. the right to free information about your stored personal data, their origin and recipients and the purpose of the data processing;
  • the right to rectification (Article 16 GDPR);
  • the right to erasure (Art. 17 GDPR);
  • the right to restriction of processing (Art. 18 GDPR) and
  • the right to data portability (Article 20 GDPR).
For further information on personal data, please contact the data protection officer of KVS GmbH at any time.
8. Scope of Your Obligations to Provide Us with Your Data
You only need to provide the data necessary to establish or conduct a business relationship or pre-contractual relationship with us or we are required to collect by law. Without this data, we will generally not be able to conclude or execute the contract. This may also apply to data required later in the business relationship. If we request further additional data from you, you will be made aware of the voluntary nature of the information separately.
9. Objection to Advertising Emails
The use of contact data published in the context of the imprint obligation for the purpose of sending unsolicited advertising and information materials is hereby rejected. KVS GmbH expressly reserves the right to take legal action in the event of unsolicited promotional information, such as spam emails.
IV. Data Collection on Our Website
1. Cookies
Cookies are used on our website. These are small files that your respective browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies cannot run programs or transmit viruses, Trojans or other malware. They serve to make the Internet offer more user-friendly and effective overall. Some of the cookies used are so-called session cookies, which are automatically deleted after your visit. Other cookies remain on your device until you delete them yourself in your respective browser. These are performance cookies that are used to record the interaction between the user and the website (see V.1.). Cookies are used on the basis of a balance of interests (necessary cookies, session cookies) or on the basis of consent that you have given via the consent banner. The use of cookies for the purpose of a proper and functional provision is in our legitimate interest.
2. Cookie Banner
To give you the option of cookie management, we use a cookie banner with opt-in function. In the Cookie Box of Borlabs Cookie, as a visitor of our website, you can make your own settings regarding the setting of cookies. Your decision will be saved in order to prevent the cookie banner from being displayed again when the website is called up again and the scope of your consent to be stored as evidence. Only after your decision, the corresponding cookies are set.
3. Log-Files
As soon as you visit our website, technical data are automatically collected and recorded in so-called log-files. Log files cannot be assigned to a specific person. These are the following data:
  • IP address;
  • date and time of the request;
  • content of the request (concrete page);
  • access status / http status code;
  • each transmitted amount of data;
  • website from which the request comes from;
  • browser used;
  • operating system used;
The data is stored on the server for 7 days and then automatically deleted. The transfer of this data to third parties, for whatever purpose, does not take place.
4. Vacancies on External Job Portals
We publish our vacancies on platforms such as social media and job portals. This serves our interest in adverting our vacancies as comprehensively as possible. We always give all applicants the opportunity to apply directly to us by email. In some cases, the platforms offer their own forms in which applicants (m/f/d) can provide their details and thus submit their application. As soon as you decide not to send your application directly to us but rather via the application form, you are accepting the terms and conditions and data protection guidelines of the respective provider. KVS GmbH has no influence on the design of the forms or on the processing of your data and storage duration of these providers. We regularly delete the information that we receive after the application process has ended. Therefore, we always recommend sending an application directly to us by email.
V. Other Features and Information about Our Website
1. SSL or TLS encryption
This site uses, for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as a site operator, an SSL or TLS encryption. An encrypted connection is indicated by the browser’s address bar changing from “http://” to “https://” and the lock icon in your browser bar. If SSL or TLS encryption is enabled, the data you submit to us cannot be read by third parties.
2. Contact by E-Mail or Other Means of Communication
If you contact us by e-mail, we would like to inform you that we endeavour to provide all necessary technical and organizational security measures so that personal data are stored in such a way that they are not accessible to third parties or the public. If you would like to contact us by e-mail, we would like to point out that the confidentiality of the transmitted information cannot be completely guaranteed with this communication channel. For this reason, we recommend considering other means of communication for the transmission of confidential data. The same applies to the use of contact forms that you use on third-party websites to contact us.
3. Databases
In accordance with applicable security and privacy laws, we use a variety of technical and organizational security measures to protect your personal information from unauthorized access, use, disclosure, alteration or destruction. Personal data is managed in safe and secure databases. The databases are protected by standard backup and restore processes.
4. Storage Duration of Your Data
We only store personal data as long as it serves a legitimate purpose. Once this legitimate purpose ceases, appropriate action will be taken to ensure the resolution of the personal data or the restriction of processing. However, it may happen that we are obliged to make certain storage even after the elimination of the processing purpose. Obligations arise for our company by the European or national legislator in Union law regulations, laws or other regulations. Reason are various storage and documentation obligations as well as limitation periods, which result from business relations or pre-contractual legal relationships. If any storage should no longer be covered by the specified specifications, the data will be deleted or the processing restricted, unless the further storage of the data is necessary for a contract or for other purposes.
5. Wordfence Security
For protection against unwanted access or malicious cyber-attacks, we have integrated Wordfence on this website. This service is provided by Defiant, Inc., 800 5th Ave Suite 4100, Seattle, WA 98104, USA (hereinafter Wordfence). In order to ensure effective protection, our website maintains a permanent connection to the Wordfence servers so that Wordfence can compare its databases with the accesses made on our website and, if necessary, block them. The provided GDPR-compliant data processing agreement has been concluded and additionally, the transmission of the IP addresses has also been deactivated from our side. Wordfence uses the following three cookies:

Cookie: wfwaf-authcookie- (hash)
  • used by Wordfence Firewall to perform a capability check of the current user already from WordPress loading
  • it actually only affects users who are about to log into WordPress
  • the Wordfence firewall recognizes registered users and allows them increased access. Unregistered visitors are also recognized, with the result that access to the secure area is restricted. The cookie helps the firewall identify access levels and allow or deny access.
Cookie: wf_loginalerted_ (hash)
  • it informs the Wordfence admin when an admin logs in from a new device or location
  • it also informs the website operator if an admin login has taken place from a new device or location
  • the cookie is intended for administrators
Cookie: wfCBLBypass
  • the site visitor has the ability to bypass country blocking by accessing a hidden URL. This cookie can be used to check who is allowed to bypass the country block
  • it won’t be used for someone who doesn’t know the hidden URL, but only applies country blocking to those visitors who directly visit the hidden URL
  • it supports website operators to allow specific users to blocked countries even though their country has been blocked
Cookie: wfls-remembered-(hash)
  • What it does: For users who use 2FA when logging in, this cookie allows them to log in with the same browser without requiring 2FA each time, for up to 30 days.
  • Who gets this cookie: This cookie is only set for users who enable the “Remember for 30 days” checkbox while logging in. This option is also only available if the admin has enabled “Allow remembering device for 30 days”.
  • How this cookie helps: This is a convenience feature. It allows users to log in without the extra step of 2FA after having successfully logged in from the same browser with 2FA.
The use takes place on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f) GDPR. The website operator has a legitimate interest in the effective protection of the website against cyber attacks and in the protection of visitors to the website from viruses and malware. In order to recognize whether the visitor is a human or a robot, the plugin sets cookies. More information on the collection and use of data by Wordfence Security can be found in Defiant’s data protection information: https://www.wordfence.com/privacy-policy/.
VI. External Services
1. Google Analytics
For the purpose of designing and continuously optimising this website, Google Analytics, a web analytics service provided by Google Inc., is used (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; in the following: “Google“). We have entered into an agreement with Google for order data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics. This site has deactivated the function to generate analytics reports by demographics and interest. The IP Anonymization function has been activated on this site. As a result, your IP address will be truncated by Google within member states of the European Union or other contracting states to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases, the complete IP address will be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other data by Google. Cookies are used in this context. The information generated by the cookie about your use of this website as well as
  • browser type / version,
  • used operating system,
  • Referrer URL (the previously visited page),
  • host name of the accessing computer (IP address),
  • time of the server request,
are transferred to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage for the purpose of market research and customisation of these websites. This information may also be transferred to third parties if required by law or as far as third parties process this data in the order. Under no circumstances will your IP address be merged with any other data provided by Google. The IP addresses are anonymised, so that an assignment is not possible (IP masking). The data is saved in Google Analytics for 14 months before it is automatically deleted. You can prevent the installation of cookies by setting the browser software accordingly. However, it may happen that in this case not all features of this website may be fully used. In addition, you may prevent the collection by Google of the data generated by cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading the browser plug-in available under the following link and install: https://tools.google.com/dlpage/gaoptout?hl=de. As an alternative to the browser add-on, especially for browsers on mobile devices, you can prevent the collection by Google Analytics by clicking here and downloading an “opt-out cookie”. Your browser must therefore allow the storage of cookies in principle. If you delete your cookies regularly, you will need to click on the link each time you visit this website. For more information about privacy related to Google Analytics, see the Google Analytics Help Centre: https://support.google.com/analytics/answer/6004245?hl=de
2. MonsterInsights
As mentioned under IV.1., we use Google Analytics – only with consent via our Consent Tool Borlabs Cookie. For implementation, we use the “Google Analytics Plugin for WordPress” by MonsterInsights LCC (7732 Maywood Crest Dr, West Palm Beach, Florida, 33412, USA – “MonsterInsights” for short). The purpose is to evaluate user behaviour in order to optimize our offer. The legal basis is Article 6(1)(a) GDPR (consent) and Article 6(1)(f) GDPR (legitimate interests). The storage period depends on the Google Analytics Properties we use. Google Analytics will only start after you have given your consent. For further details see IV.1.
3. Google Maps
On our website, you will find a link to Google Maps, which will only be activated if you actively choose to use this service from Google Maps and click on this particular link. By clicking on the particular link, you will automatically be redirected to the page of Google Maps. By doing so, you consequently agree to the terms and conditions and to privacy policy of Google Maps. KVS GmbH has no influence on the processing of your data by Google Maps and therefore rejects any liability.
4. Business Pages on Facebook and Instagram
We run so-called company pages both on Facebook and on Instagram. They serve as tools for easy communication to our visitors, comparable to a billboard. The legal basis for this is our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR. Both Facebook and Instagram use various ways to track visitor behaviour. We have no influence on these mechanisms. The technical responsibility for the platform lies with Meta Platforms, Inc. and the responsibility is recognized by Facebook on https://www.facebook.com/legal/terms/page_controller_addendum##. The same applies to Instagram, which belongs to Facebook. Therefore, Facebook provides more information on this matter at the following link: https://help.instagram.com/519522125107875?helpref=page_content. We do not obtain tracking information or visitor information from Facebook resp. Instagram and do not store such data on our system. All information collected by Facebook resp. Instagram, such as tracking information, remains the responsibility of Facebook resp. Instagram. In order to exercise your rights (such as the right of access), please contact Facebook resp. Instagram directly- this way, we ensure, among other things, that we do not even see such data. Our detailed data protection policy regarding the use of our Facebook page can be found here. Our detailed data protection policy regarding the use of our Instagram page can be found here .
VII. Miscellaneous
1. Contracts Apart from Our Online Offers
If you are our contractual partner and the contract has not come about through our online offer, we have provided the essential information regarding our data processing of your personal data as the person responsible in our terms and conditions. The following information is therefore supplementary to our terms and conditions. If you have further questions, please contact us using the contact details above. With the collection of the personal data obtained in the context of contracting and implementing the contract we pursue the purpose of being able to fulfil our obligations under the contract. For example, we need your contact information to provide you with our services. We also use the data to serve you as a customer and for statistical market and opinion research purposes. This is necessary to constantly improve our products and services and to adapt them to the needs of our customers. We only engage in direct advertising if you have consented or if another legal basis exists in accordance with the EU law of the member states. The legal basis for the aforementioned data processing is in the case of a given consent Art. 6 para. 1 lit. a GDPR, insofar as this is necessary for the fulfilment of the contract and the performance of pre-contractual measures Art. 6 para. 1 lit. b GDPR, in all other cases mentioned above Art. 6 para. 1 lit. f GDPR (protection of legitimate interests), where our legitimate interest is the marketing and continuous improvement of our products and services and their adaptation to the needs of our customers. Please note in this respect the right of objection as described under II.4.
2. Credit Information
If there are any business relationships in which we make advance payments, we reserve the right to obtain information from SCHUFA or CEG Consumer Creditreform GmbH about your creditworthiness.
3. Applications and Application Process
We publish our job offers on both our own website (via Google Jobs) and on external platforms such as social media and job portals (e.g. Federal Employment Agency, Indeed). This serves our interest in providing as much information as possible about our vacancies. We always give you the opportunity to apply directly to us via email. In some cases, the platforms offer their own forms in which applicants (m/f/d) can provide their information and thus submit their application. As soon as you decide not to send your application directly to us but rather via the application form, you accept the terms and conditions and data protection guidelines of the respective provider. KVS GmbH has no influence on the design of the forms or on the processing of your data and storage period by these providers. We regularly delete the information that we receive after the application process has ended. We therefore always recommend sending an application directly to us by email. The person responsible for processing collects and processes the personal data of applicants for the purpose of processing the application process. Processing can also take place electronically. This is particularly the case if an applicant submits relevant application documents to the person responsible for processing electronically, for example by email or via a web form on the website. If the person responsible for processing concludes an employment contract with an applicant, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with legal regulations. If the person responsible for processing does not conclude an employment contract with the applicant, the application documents will be automatically deleted no later than two months after the rejection decision is announced, provided that deletion does not conflict with any other legitimate interests of the person responsible for processing. Other legitimate interests in this sense include, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).
Notice:
It happens that our job advertisements are published on job portals to which we do not have access without our knowledge or consent. We may therefore not be able to process applications submitted via these portals. In any case, we would like to recommend applicants (m/f/d) to apply directly to us.
4. Safe and Responsible Behaviour on the Internet
KVS GmbH encourages all parents and guardians to instruct their children in the safe and responsible use of personal data on the Internet. Without the consent of parents or supervisors, children should not submit personal data to the website of KVS GmbH! We affirm that we do not knowingly collect, use, or unwarrantedly disclose any of your children’s personal information towards any third parties.
5. Change of Our Data Protection Regulations
As mentioned earlier, we reserve the right to amend this Data Protection Policy to always comply with current legal requirements or to implement changes to our services in the Data Protection Policy, e.g. when introducing new services. Your new visit to our website will be subject to the new Data Protection Policy.

[Date effective: October 2023]