Table of Contents
Information on the processing of customer/prospects/supplier data
KUMAVISION AG takes the protection of your personal data very seriously. Your privacy is an important matter for us. We process your personal data in accordance with the respectively applicable, legal, data protection requirements for the purposes listed below. Personal data within the meaning of this data protection information comprise all the information that relates to your person.
In the following, you will learn how we handle this data. For a better overview, we have divided our data protection information into chapters.
Responsible body and Data Protection Officer
Responsible for the data processing is:
88677 Markdorf (am Bodensee)
Tel.: +49 (7544) 966-300
Fax: +49 (7544) 966-101
Should you have any questions or comments concerning data protection (for example, information on/updating of your personal data), you can also contact our Data Protection Officer:
Deutsche Datenschutzkanzlei – Maximilian Musch
Tel.: +49 (7544) 9049691
2 Processing Scope
2.1 Source for the data collection
We process personal data that we have collected directly from you.
Insofar as this is necessary for the provision of our services, we process rightfully-obtained, personal data from other companies or other third parties (e.g. credit bureaus, address publishers). In addition, we process personal data which we have rightfully obtained, received or acquired from publicly available sources (such as for example, telephone directories, commercial and association registers, civil registers, debtor directories, land registers, the press, Internet and other media), and are allowed to process.
2.2 Origin and data categories of data not directly collected from you
Insofar as this is necessary for the provision of our services, we process rightfully-obtained, personal data from other companies or other third parties. In addition, we process personal data which we have rightfully obtained, received or acquired from publicly available sources (the press, Internet and other media), and are allowed to process. Relevant personal-data categories may be in particular:
- Personal data (name, function in the company and comparable data)
- Contact details (addresses, email addresses, telephone numbers and comparable data)
- ata concerning your use of the telemedia offered by us (e.g. time of call-up of our websites, apps or newsletters, our clicked-on pages/links, or entries and comparable data)
2.3 Purposes and legal basis of the data processed
We process personal data in accordance with the provisions of the Datenschutz-Grundverordnung (DSGVO) (General Data Protection Regulation (GDPR)), the new version of the Bundesdatenschutzgesetz (BDSG-neu) (Federal Data Protection Act, new), and other applicable data-protection regulations (see details below). The data that is processed in detail and how it is dealt with, is determined mainly by the respective services requested or agreed upon. For further details or additions to the purposes of the data processing, please refer to the respective contract documents, forms, a declaration of consent and/or other information provided to you (e.g. in conjunction with the use of our website or our terms and conditions).
Purposes of fulfilling a contract or implementing pre-contractual measures (Art. 6 para. 1 b DSGVO)
The processing of personal data is carried out for implementing our contracts with you, and executing your orders, as well as for implementing measures and activities within the framework of pre-contractual relationships, e.g. with interested parties. This includes in essence: the contract-related communication with you, the corresponding billing and related payment transactions, the verifiability of orders and other agreements, as well as the quality control using appropriate documentation, goodwill procedures, measures for controlling and optimising business processes, and in order to fulfil the general due diligence obligations, the management and control by affiliated companies; statistical evaluations for corporate management, cost accounting and controlling, reporting, internal and external communication, emergency management, settlement and tax assessment of operating services, risk management, assertion of legal claims and the defence in the case of legal disputes; guaranteeing IT security (including system and plausibility tests) and the general security, ensuring and exercising the domiciliary rights (e.g. through access controls); ensuring the integrity, authenticity and availability of the data, preventing and investigating criminal offences, and the control by supervisory committees or supervisory authorities (e.g. auditing).
Purposes within the framework of a legitimate interest on our part or of third parties (Art. 6 para. 1 f DSGVO)
In addition to the actual fulfilment of the contract or the preliminary contract, we may process your data, if it is necessary, for protecting our legitimate interests or those of third parties, in particular for purposes regarding
- advertising or market and opinion research, insofar as you have not objected to the use of your data;
- the testing and optimisation of procedures for needs analysis;
- the further development of services and products, as well as existing systems and processes;
- the enrichment of our data, i.a. through the use or search of publicly available data;
- statistical evaluations or the market analysis; benchmarking;
- the assertion of legal claims and defence in the case of legal disputes which are not
- directly attributable to the contractual relationship;
- the limited storage of the data, if deletion is not possible due to the specific nature of the storage or is only possible with a disproportionately high expenditure;
- the prevention and investigation of criminal offences, if not exclusively for the fulfillment of legal requirements
- the safety of buildings and plants (e.g. through access controls), in the event of exceeding the general due diligence obligations;
- internal and external investigations, as well as security audits; possible monitoring or
- the obtainment and maintenance of certifications of a private or regulatory nature;
- the safeguarding and observance of the domiciliary rights by means of appropriate measures (such as video surveillance), and for safeguarding evidence in the event of criminal offences and their prevention.
Purposes within the framework of your consent (Art. 6 para 1a DSGVO)
The processing of your personal data for specific purposes (e.g. the use of your email address for marketing purposes) may also be carried out on the basis of your consent. As a rule, you can revoke this at any time. This also applies to the withdrawal of declarations of consent which were granted to us prior to the validity of the DSGVO, i.e. before 25th May 2018. You will be informed separately in the corresponding text of the consent, of the purposes and the consequences of a withdrawal or the non-granting thereof. As a general rule, the withdrawal of a consent is effective only for the future. Any processing carried out prior to the withdrawal shall not be affected and remains lawful.
Purposes for fulfilling legal requirements (Art. 6 para. 1 c DSGVO (GDPR)) or in the public interest (Art. 6 para. 1 e DSVGO)
In the same way as for anyone involved in business, we, too, are also subject to a large number of legal obligations. These are primarily legal requirements (e.g. commercial and tax laws), but also regulatory or other official requirements, if applicable. The purposes of processing may include the fulfilment of tax control and reporting obligations, and also the archiving of data for data protection and data security purposes, as well as audits by tax and other authorities. In addition, the disclosure of personal data in the context of administrative / judicial action may be required for purposes of gathering evidence, prosecuting or enforcing civil claims.
Extent of your duties to provide us with data
You only need to provide the information required for entering into and conducting a business relationship, or a pre-contractual relationship with us, or for the collection of which we are bound by law.
As a rule, we are unable to conclude or execute the contract without this data. This may also apply to data required later in the business relationship. Should we request further data from you, you will be notified specifically of the voluntary nature of the information.
Existence of an automated, decision-making procedure in an individual case (including profiling)
Pursuant to Article 22 DSVGO, we do not use purely automated, decision-making procedures. Should we use a procedure of this kind in individual cases in the future, we shall inform you separately, insofar as this is required by law. If need be, we may process your information partially, with the aim of evaluating certain personal aspects (profiling).
In order to be able to provide you with targeted product information and advice, we may possibly use evaluation tools. These enable a requirement-oriented product design, communication and advertising, including market and opinion research. Pursuant to Art. 9 DSVGO, data on nationality and also specific categories of personal data are not processed.
2.4 Consequences of failure to provide data
Within the framework of the business relationship, you must provide the personal data that is needed for establishing, conducting and terminating the transaction and the related contractual obligations, or that we are required by law to collect. Without this data, we shall not be able to conduct the transaction with you.
2.5 Recipients of the data within the EU
Within our company, the internal bodies or organisational units receive your data that they need for fulfilling our contractual and legal obligations, or in the context of processing and implementing our legitimate interests.
A transfer of your data to external agencies is carried out exclusively
- in connection with the execution of the contract;
- for the purpose of fulfilling legal requirements, in accordance with which we are obliged to provide information, notification or the disclosure of data, or pass on data in the public interest (see Section 2.4);
insofar as external service providers process data on our behalf as a processor or subcontractor (e.g. computer centres, support / maintenance of EDP / IT applications, archiving, document processing, call-centre services, compliance services, controlling, data validation or plausibility check, data destruction, purchasing / procurement, customer administration, letter shops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutions, printers or companies for data disposal, courier services, logistics);
- on the basis of our legitimate interests or the legitimate interests of the third party, in the context of the stated purposes (e.g. to authorities, credit bureaus, debt collection agencies, lawyers, courts, appraisers, subsidiaries, committees and supervisory bodies);
- if you have given us your consent for transmission to third parties.
We shall not otherwise pass on your data to third parties. Insofar as we commission service providers within the scope of processing an order, your data will then be subject there to the same security standards as with us. In all other cases, the recipients may only use the data for the purposes for which they were transmitted to them.
2.6 Recipients of the data outside the EU
A transfer of data to agencies in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries), is carried out if it is necessary for executing an order / contract by, or with you, if it is required by law (e.g. tax reporting obligations), if it is within the scope of a legitimate interest of ours or of a third party, or if you have given us your consent.
In this case, the processing of your data in a third country may also be carried out in conjunction with the involvement of service providers within the scope of the order processing. Unless a decision has been made by the EU Commission for the country in question regarding a given appropriate level of data protection there, we guarantee in accordance with the EU data-protection stipulations, that the rights and freedoms are adequately protected and guaranteed by appropriate contracts. Relevant detailed information is available upon request. Information concerning appropriate or adequate safeguards and the possibility of receiving a copy from receiving a copy from thereof may be obtained, can be obtained from the internal Data Protection Officer upon request.
2.7 Data-retention periods
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual relationship) and the execution of a contract.
In addition, we are subject to various storage and documentation obligations, set out in the Commercial Register (HGB) and the Tax Code (AO) i. a.. The deadlines for the storage and / or documentation specified therein, expire ten years beyond the end of the business relationship or the pre-contractual legal relationship, thereby effective at the end of the calendar year.
Furthermore, specific legal requirements may require a longer storage period, such as for example, the maintenance of evidence within the framework of the statutory limitation periods. Pursuant to §§ 195 ff. of the German Civil Code (BGB), the regular period of limitation is three years; however, limitation periods of up to 30 years may also be applicable.
Should the data no longer be required for the fulfilment of contractual or legal obligations and rights, they are deleted on a regular basis, unless their - limited - further processing is required for fulfilling the purposes of a predominantly legitimate interest. An overriding legitimate interest of this kind is also given e.g. if a deletion due to the special nature of the storage, is not possible, or is only possible with disproportionately high expenditure, and processing for other purposes, using appropriate technical and organisational measures, is excluded.
2.8 Your rights
Under certain conditions you may assert your data-protection rights vis-à-vis us.
- Thus you have the right to receive information from us about your data stored with us, in accordance with the provisions of Art. 15 DSGVO (GDPR) (possibly with restrictions in accordance with § 34 BDSG (Federal Data Protection Act)).
- Upon your request we shall correct the data stored concerning you in accordance with Art. 16 DSGVO (GDPR), should they be inappropriate or incorrect.
- If you wish, we shall delete your data in accordance with the principles of Art. 17 DSGVO (GDPR), provided that no other legal regulations (e.g. statutory retention requirements or the restrictions in accordance with § 35 BDSG) or a predominant interest on our part (e.g. for defending our rights and claims) oppose this.
- Considering the requirements of Art. 18 DSGVO (GDPR), you may require us to restrict the processing of your data.
- Furthermore, you may object to the processing of your data in accordance with Art. 21 DSGVO (GDPR) which requires us to stop processing your data. However, this right to objection only applies in the case of the exceptional circumstances of your personal situation, whereby the rights of our company may conflict with your right of objection.
- You also have the right to receive your data under the conditions set out in Art. 20 DSGVO (GDPR) in a structured, common and machine-readable format, or to transmit them to a third party.
- In addition, you have the right to withdraw your consent granted to us for the processing of personal data at any time, with future effect (comp. Section 2.3).
- Furthermore, you have a right of appeal to a data protection supervisory authority (Art. 77 DSVGO (GDPR)). However, we recommend that you always address a complaint to our Data Protection Officer first.
- Your requests for exercising your rights should, where possible, be addressed in writing or sent by email to the address given above, or sent directly in writing or by email to our Data Protection Officer.
Special reference to your right of objection under Art. 21 DSGVO (GDPR)
You have the right to object at any time to the processing of your data, which is carried out on the basis of Art. 6 para. 1 f DSGVO (GRPR) (data processing on the basis of a balance of interests) or Art. 6 para. 1 e DSGVO (GDPR) (data processing in the public Interest), if there are reasons for this arising from your particular situation.
This also applies to a profiling based on this provision within the meaning of Art. 4 No. 4 DSGVO. If you object, we shall no longer process your personal information, unless we can provide compelling legitimate grounds for the processing, that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
If necessary, we also process your personal data in order to conduct direct advertising. If you do not wish to receive any advertising, you have the right to file an objection to it at any time; this also applies to profiling, insofar as it is associated with direct advertising of this kind. We shall take this objection into account for the future. We shall no longer process your data for direct advertising purposes, if you object to the processing for these purposes.
The objection can be filed without observing any formal requirements, and should be addressed, as far as possible, to:
88677 Markdorf (am Bodensee)
Tel.: +49 (7544) 966-300
Fax: +49 (7544) 966-101
You also have the option to submit a complaint to the above-mentioned Data Protection Officer, or to a data protection supervisory authority.
Landesbeauftragter für den Datenschutz und die Informationsfreiheit Baden-Württemberg (State Representative for Data Protection and Freedom of Information) Baden-Württemberg
Lautenschlagerstraße 20, 70173 Stuttgart
Postfach 10 29 32, 70025 Stuttgart
Information on the processing of applicant data
We are pleased that you are interested in us, and that you have applied, or are applying for a position in our company. We would like to provide you with the following information on the processing of your personal data in connection with your application.
Who is responsible for data processing?
Tel.: 07544 966-403
Fax: 07544 966-101
You will find more information about our company, and details on the persons authorised to represent us, as well as further contact options, in the imprint on our website.
Which of your data are processed by us? And for what purposes?
We process the information you have provided us in connection with your application, in order to assess your suitability for the position (or, if applicable, for other open positions in our companies) and to carry out the application process.
On what legal basis is this processing carried out?
The legal basis for the processing of your personal data in this application process is primarily § 26 BDSG (Federal Data Protection Act) in the version valid as from 25.05.2018. Accordingly, the processing of the data required in connection with the decision to establish an employment relationship, is permitted.
Should the data possibly be required for legal prosecution after the application process has been completed, data processing based on the requirements of Art. 6 DSGVO (GDPR), in particular for exercising legitimate interests in accordance with Art. 6 para. 1 f DSGVO (GDPR) may be carried out. Our interest then lies in the assertion of, or defence against claims.
For how long is the data stored?
In the case of cancellation, the applicant's data is deleted after 6 months. In the event of you having consented to the further storage of your personal data, we shall transfer your data to our applicant pool. The data there is deleted after two years. Should you have been awarded the contract as part of the application process, the data from the applicant data system will be transferred to our personnel information system.
To which recipients will the data be passed on?
We use a specialised software provider for the application process. This person acts for us as a service provider and, in connection with the maintenance and care of the systems, may also be aware of your personal data. We have concluded a so-called order-processing contract with this provider, which ensures that the data processing takes place in a permissible manner.
Your application data will be viewed by the Personnel Department upon the receipt of your application. Suitable applications are then forwarded internally to the department heads for the respective open position in each case. The further procedure is then coordinated. In principle, only the persons in the company, who need your data for the proper execution of our application process, have access to it.
Where is the data processed?
The data is processed exclusively in data centres of the Federal Republic of Germany.
Your rights as "the person concerned"
You have the right to obtain information about the personal data processed by us about you. In the case of a request for information that is not made in writing, we ask for your understanding if we should then request proof from you, verifying that you are the person you claim to be.
Furthermore, you have the right to request rectification, deletion or restriction of the processing, insofar as you are legally entitled to do so.
Furthermore, you have the right to object to the processing, within the scope of the legal requirements. The same applies to a right to data portability.
The revocation must be sent by post to the Personnel Department or by email to: HR-Services@kumavision.com.
Our Data Protection Officer
We have appointed a Data Protection Officer in our company. You can reach him under the following contact options:
Deutsche Datenschutzkanzlei (German data protection law firm)
Tel.: 07544 904 96 91
Right of appeal
You have the right to complain to the competent supervisory authority for data protection, regarding the processing of personal data by us.