Data Privacy Policy

Sect. 1 General

We will process your personal data (e.g. title, name, address, e-mail address, phone number) solely in accordance with the provisions of the German data protection law and the data protection law of the European Union (EU). The following provisions will inform you, besides the information about the processing purposes, recipients, legal bases and storage periods, also about your rights and the controller for your data processing. This privacy policy applies only to our websites. If you are directed to other sites via links on our pages, please familiarise yourself with the respective use of your data there.

 

Sect. 2 Contact us

(1) Purpose of data processing
Your personal data you provide us by e-mail, contact form etc., will be processed to answer your inquiries. You are not obliged to provide us with your personal data but we would not be able to answer your inquiries sent by e-mail without your e-mail address.
(2) Legal basis
a) If your explicit consent is given for the processing of your data, the legal ground for this processing is set out in Art. 6 (1) (a) of the GDPR.
b) If your personal data is processed for the purpose of contract performance, the legal ground for this processing is set out in Art. 6 (1) (b) of the GDPR.
c) The legal ground for all other cases (especially when using a contact form) is set out in Art. 6 (1) (f) of the GDPR.
You have the right to object at any time to the processing of data which was performed according to Article 6 (1)(f) of GDPR and which does not serve direct marketing for reasons arising from your particular situation.
In the case of direct marketing, however, you may object to the processing at any time without stating any reasons.
(3) Legitimate interest
Our legitimate interest in data processing is to communicate with you in a timely manner and to answer your queries cost-effectively.
(4) Recipient categories
Provider of hosting
(5) Duration of storage
Your data will be deleted if it can be inferred from the circumstances that your queries or questions have been completely clarified.
However, if a contract is concluded, the data required by commercial and tax law will be retained by us for the periods as required by law, i.g. generally for ten years (cf. § 257 HGB, § 147 AO).
(6) Right of revocation
You have the right to revoke your consent for processing at any time in compliance with your consent.

 

Sect. 3 Comments

(1) Purpose of data processing
Adding comments is possible. Your personal data (e.g. name/pseudonym, email address, website) collected in this scope will be solely processed for the purpose of publishing your comments.
(2) Legal basis
The legal basis for such processing is set out in Article 6 (1) (f) of the GDPR.
(3) Legitimate interest
Our legitimate interest is the public exchange of user opinions on specific topics and products. The publication serves, among other things, the purpose of transparency and opinion-forming. Your interest in data protection is preserved, as you can publish your comment under a pseudonym.
(4) Duration of storage
There is no provision for a certain storage period. You may request the deletion of your comment at any time.
(5) Right of objection
You have the right to object at any time to the processing of data which was performed according to Article 6 (1)(f) of GDPR and which does not serve direct marketing for reasons arising from your particular situation.
In the case of direct marketing, however, you may object to the processing at any time without stating any reasons.

 

Sect. 4 Information about cookies

K&M uses various cookies on its website. Cookies are small files with configuration information that are stored on your end device. Cookies can basically be divided into four categories.

1: So-called function cookies are essential for the functionality of the website. The processing of the function cookies is necessary to enable you to visit the website (cf. Art. 6 para. 1 lit. b DSGVO).

2 :The user comfort of a website visit is increased by so-called comfort cookies, which, for example, save your language settings. The legal basis for the comfort cookies is a legitimate interest (Art. 6 para. 1 lit. f DSGVO). The legitimate interest lies in providing a certain level of comfort during your visits to the website. If you do not wish these cookies to be stored, please deactivate the acceptance of these cookies in your internet browser. However, this may result in a functional restriction of our website.
You can revoke your consent to the permanent storage by deleting the stored cookies via your browser.

3: In order to create a pseudonymised usage profile, so-called tracking cookies are used which are provided by third parties. Tracking cookies are only set if the website visitor has consented to this (Art. 6 para. 1 lit. a DSGVO). Consent is given via the so-called cookie banner, which must be actively clicked on. Further information on the tracking tools used and how you can revoke your consent can be found under Setc. 6.

With the help of marketing & social media cookies provided by third-party providers, interest-based advertisements can be presented to the users of this website in the context of their visit to certain social networks. Marketing & social media cookies are only set if the website visitor has consented to this (Art. 6 para. 1 lit. a DSGVO). Consent is given via the so-called cookie banner, which must be actively clicked on. Further information on tools and how you can revoke your consent can be found under Sect. 7 +8.

Different types of cookies are used within the categories that are described. The most common types of cookies are explained below for your understanding:

1. Session cookies
While you are active on a website, a session cookie is temporarily stored in the memory of your computer, in which a session identifier is saved, e.g. to prevent you from having to log in again each time you change pages. Session cookies are deleted when you log out or lose their validity as soon as their session has automatically expired.

2 .Permanent or protocol cookies
A permanent or protocol cookie stores a file on your computer for the period of time specified in the expiry date. These cookies enable websites to remember your information and settings the next time you visit. This results in faster and more convenient access, as you do not have to set your language preferences for our portal again, for example. Once the expiry date has passed, the cookie is automatically deleted when you visit the website that generated it.

The following cookies are used on this website:

 

cookie namepurpose of usestorage periodcookie typiecategoryset by
analyse-disabledThis opt-out cookie determines whether data may be collected via Matomo.6 monthfunction cookiePermanent
/Protocol
K&M
marketing-disabledThis cookie determines whether the Facebook tracking pixel may be loaded.6 monthfunction cookiePermanent
/Protocol
K&M
_pk_ses.*Saves data for the page view temporarily.30 minutestracking cookieSessionMatomo
_pk_id.*Saves the individual user ID.1 yeartracking cookiePermanent
/Protocol
Matomo
    cf_bmThis cookie is used to distinguish between humans and bots.1 hourfunction cookieSessionShopware
ln_orRegisters statistical data about the behaviour of visitors to the website. Used by the webmaster for internal analyses.5 daysMarketing & Social Media CookiePermanent
/Protocol
LinkedIn
x-ua-deviceResponsible for the correct assignment of the screen type in order to display the page content correctly.until the end of the sessionfunction cookieSessionShopware
    csrf_token-1Cookie for CSFR security function: CSRF Protection ensures that each request from the client to the server is provided with a unique token that ensures that the request comes from the client.until the end of the sessionfunction cookieSessionShopware
session-1This cookie contains information about the current session and enables recognition during the visit and on following visits to the website.until the end of the sessionfunction cookieSessionShopware
lastCheckSubscription DateThis cookie sets the time of the last check of the Shopware licence.5 hoursfunction cookieSessionShopware
BasketToken_*Contains the user's shopping cart if the user is not yet logged in1 yearfunction cookiePermanent
/Protocol
Shopware
_fbpStores and tracks visits via websites3 monthtracking cookiePermanent
/Protocol
Facebook

 

Sect. 5 Amazom Cloudfront

(1) Purpose of processing
K&M’s website uses the Cloudfront content delivery network (CDN) from Amazon Web Services. The registered office of this service provider is:
Amazon Web Services Inc.
410 Terry Avenue
North Seattle, WA 98109-5210
Thanks to CDN, large media such as web videos can be delivered quickly and securely to the user. To do this, CND uses proxy servers around the world that cache duplicate website files locally, reducing website load time and increasing user access speed. This also enables greater system stability and increased protection against data loss.
Through this request of the files from the Amazon servers, user information about the use of our website (such as the IP address) can be transmitted to Amazon’s servers and stored there.
If users from a non-EU country visit the site, the data may end up on servers located outside the EU. Amazon has therefore contractually agreed to comply with the level of data protection in the EU via standard contractual clauses: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?locale=de

(2) Legal basis
The use of Amazon Web Services and the Amazon CDN Cloudfront is in the legitimate interest of increased performance reliability of the website, better protection against data loss and faster loading speed. The legal basis for the processing is Art. 6 para.1 a) DSGVO.
To learn more about Amazon Web Services’ privacy practices, please visit: https://aws.amazon.com/de/compliance/gdpr-center/.
Amazon Web Services Inc. is certified for the us-European data protection agreement “Privacy Shield”, which ensures compliance with the EU applicable data protection level.
(3) Right of revocation
Your consent to persistent cookies can be withdrawn at any time by deleting the cookies in your browser settings. However, this may result in a functional restriction of our website.

 

Sect. 6 Matomo

This website uses functions of the software “Matomo” (www.matomo.org), a service of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand.
The software sets a cookie on your computer with which your browser can be recognised. The information collected in this way is stored exclusively on our server. It is not passed on to third parties.
(1) IP anonymisation
Matomo has been set by us so that your IP address is not stored in full, but 2 bytes of the IP address are masked (e.g. 192.168.xxx.xxx). In this way, an assignment of the shortened IP address to the calling computer is excluded and a direct personal reference is not possible.
(2) Purpose of data processing
The legal basis on which we process personal data using Matomo is Art. 6 para. 1 lit. f of the DSGVO.
We need the data to analyse the use of our website and individual functions, and to optimise the offer of individual components of the website and its user-friendliness.
The data is deleted as soon as it is no longer required for our purposes
(3) Right of revocation
You can object to the recording of data in the manner described above:
a) You can completely prevent the storage of cookies in your browser. However, this may mean that you can no longer use some of the functions on our website.
b) You can activate the “Do-not-Track” setting in your browser. Our Matomo system is configured to respect this setting.
c) You can create a so-called opt-out cookie, which is valid for two years. This has the effect that Matomo will not register your further visits. Please note, however, that the opt-out cookie will be deleted if you delete all cookies.

 

Sect. 7 Facebook & Instagram Remarketing via Facebook-Pixel

(1) Purpose of data processing
Remarketing tags of the social networks Facebook and Instagram (Company Meta Platforms Ireland Limited) are integrated into the pages of our website. When you visit our website, the Facebook-Pixel establish a direct connection between your browser and the Meta server. This informs Meta of your visit to our site together with your IP address. Facebook/ Instagram is then able to assign this visit to your user account. We subsequently use the information thus obtained for the display of Social Ads. We wish to point out that we, as providers of the site, have no knowledge of the content of the data transmitted or of its use by Meta.
(2) Legal basis
The legal basis for such processing is set out in Article 6 (1) (a) of the GDPR.
You have expressly given your consent to the use of the marketing cookies on our website as follows. You have the option of accepting all cookies or adjusting the settings accordingly and deactivating the storage of cookies and only accepting certain cookies by confirming your selection.
(3) Duration of storage
The cookies remain stored from a few days to several years.
(4) Right of revocation
If you do not wish these cookies to be stored, please deactivate the use of cookies in your Internet browser. However, this may cause a functional limitation of our website. Here you can select the settings retrospectively.

For more information, you should refer to Facebook’s privacy policy here: https://www.facebook.com/about/privacy/. If you do not want your data to be acquired via Custom Audiences, you can disable Custom Audiences here: https://www.facebook.com/ads/website_custom_audiences.
Your consent to persistent cookies can be withdrawn at any time by deleting the cookies in your browser settings.

 

Sect. 8 Remarketing using the LinkedIn Inside Tag
This website uses the LinkedIn Inside Tag from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin2, Ireland.
(1) Purpose of data processing
Remarketing tags of the social network LinkedIn are integrated into the pages of our website. When you visit our website, the LinkedIn tag establish a direct connection between your browser and the LinkedIn server. This informs LinkedIn of your visit to our site together with your IP address. LinkedIn is then able to assign this visit to your user account. We subsequently use the information thus obtained for the display of LinkedIn Ads. We wish to point out that we, as providers of the site, have no knowledge of the content of the data transmitted or of its use by LinkedIn.
(2) Legal basis
The legal basis for such processing is set out in Article 6 (1) (a) of the GDPR.
You have expressly given your consent to the use of the marketing cookies on our website as follows. You have the option of accepting all cookies or adjusting the settings accordingly and deactivating the storage of cookies and only accepting certain cookies by confirming your selection.
(3) Duration of storage
The cookies remain stored from a few days to several years.
(4) Right of revocation
If you do not wish these cookies to be stored, please deactivate the use of cookies in your Internet browser. However, this may cause a functional limitation of our website. Here you can select the settings retrospectively.
For more information, you should refer to LinkedIn´s privacy policy here.
Alternatively, you can deactivate the data collection on LinkdIn here. To do this, you must be logged in to LinkedIn.
Your consent to persistent cookies can be withdrawn at any time by deleting the cookies in your browser settings.

 

Sect. 9 Twitter

Twitter is a short message service provided by Twitter Inc, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.
The König & Meyer website uses features of Twitter. These may be embedded tweets, buttons or hashtags.

König & Meyer does not collect any personal data through these functions.
However, it is possible that when you view Twitter related content on our website, Twitter may collect your visit or the page, IP address, Bowser and operating system data or cookie information.

We have no influence on the data collection and further processing by Twitter. In the Twitter privacy policy you can learn more about the use of cookies and what information is collected & used.
Twitter also defines in it: “We do not associate this web browsing history with your name, email address, phone number, or username, and we delete, obfuscate, or aggregate it after no longer than 30 days”.

In addition you can control the settings for your data protection in your own Twitter account.
Without an own Twitter account / or without being logged in, the browser’s own data protection settings are applied.

 

Sect. 10 YouTube-Videos

(1) General

We have embedded YouTube videos on our website, which are stored on the servers of the provider YouTube and can be played from our website through an embedding. The embedding of the videos takes place with the activated option for extended data protection settings. When you play these videos, YouTube cookies and DoubleClick cookies are stored on your computer and data may be transferred to Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), as YouTube operator.

(2) Purpose of processing

When playing videos stored on YouTube, at least the following data is transferred to Google as YouTube operator and operator of the DoubleClick network according to the current status: IP address and cookie, the specific address of the page, system date and time of the call-up, identifier of your browser.

This data is transmitted regardless of whether you have a Google user account through which you are logged in or whether you do not have a user account. If you are logged in Google may assign this data directly to your account. If you do not want this to be assigned to your profile, you must log out before activating the play button for the video.

(3) Storage period

YouTube and Google store this data as user profiles and may use it for the purposes of advertising, market research and/or designing their websites to meet user needs. Such an analysis is done in particular (also for non-registered users) for the provision of needs-based advertising and to inform other users about your activities on our website. You have the right to refuse the creation of these user profiles; to do so, you must contact Google as the operator of YouTube.

(3) Right of revocation

Further information on the purpose & scope of data collection and its processing by Google can be found on this information page.

Please note that, due to the Cloud Act, American intelligence services could possibly gain access to personal data that is inevitably exchanged with Google due to the Internet protocol when this tool is integrated.

 

Sect. 11 Spotify

(1) General
Our website uses plugins from “Spotify” an audio streaming platform operated by Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. An overview of the Spotify plugins can be found at: developer.spotify.com.

(2) Intended use
We use Spotify by embedding individual audio files, albums or playlists from the platform on our website as a so-called iFrame so that they can be played directly on our website as a stream. When you visit a sub-page of our website on which a Spotify plug-in is embedded, a connection is established to the Spotify servers and the plug-in is displayed within our website. This transmits to Spotify which website you have visited. Your IP address may also be transmitted to Spotify. If you play an embedded audio file, album or playlist, this information is also transmitted to Spotify. If you are logged in as a Spotify user, Spotify will associate this data with your user account. If you do not want Spotify to associate your visit to our website with your Spotify user account, please log out of your Spotify user account. Further information on Spotify’s data protection can be found at www.spotify.com/de/legal/privacy-policy.
The processing takes place in order to be able to integrate playable audio files, albums or playlists from Spotify on our website.

(3) Legal basis
The processing is necessary to protect the overriding legitimate interests of the controller (Art. 6(1)(F) DSGVO).

(4) Recipients and transfer to third countries
By using the Spotify service, personal data may be transmitted to the company Spotify AB, Birger Jarlsgatan 61, 113 56 Stockholm, Sweden. Spotify also processes this data on servers outside the EU.

 

Sect. 12 Flockler

Flockler is a social media aggregator tool headquartered in Finland:
Rautatienkatu 21 B
33100, Tampere
Finland
Flockler acts in accordance with the European General Data Protection Regulation (GDPR).
We use Flockler to curate social media feeds and present social media content that we believe is relevant and inspiring to you. Flockler does not store any information about your visit. However, depending on the platform, social media services may store information about you if you choose to interact with the content (e.g. play a video or visit our social media profile page).
Flockler clearly describes its function on its site and confirms that no personal data of visitors is stored and no cookies or tracking codes are used:
flockler.com/en/dsgvo

 

Sect. 13 Rights of the data subject

If your personal data is being processed, you are the ‘data subject’ in terms of GDPR and you have the following rights towards the controller:

 

1. Right of access by the data subject

You may ask the controller to confirm whether your personal data is processed.
In the case of such processing, you may request the following information from the controller:
(1) the purposes of the processing of the personal data;
(2) the categories of personal data concerned;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed;
(4) the estimated period of time for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
(5) the right to request from the controller to rectify or erase the personal data or the right to restrict the processing of personal data concerning the data subject or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) the right to all available information on the source of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making, including profiling in accordance with Article 22 (1) and (4) of the GDPR and – at least in these cases – meaningful information for your about the logic involved, as well as the consequences and intended effects of such processing.
As a data subject, you have the right to be informed whether the personal data concerning you are transferred to a third country or to an international organisation. In this regard, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

 

2. Right to rectification

You have the right to have corrected and/or completed your personal data from the controller if your personal data processed is incorrect or incomplete. The controller has to make the correction without delay.

 

3. Right to restriction of processing

You have the right to obtain from the controller restriction of processing where one of the following applies:
(1) if you contest the accuracy of the personal data relating to you for a period of time that enables the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you refuse to erase the personal data and request the restriction of the use of the personal data instead;
(3) the controller no longer needs the personal data for the purposes of processing, but you need them to establish, exercise or defend legal claims; or
(4) if you have lodged an objection against the processing in accordance with Art. 21 (1) GDPR and it has not yet been determined whether the legitimate reasons of the controller outweigh your grounds.
Where processing of personal data relating to you has been restricted, such data may, with the exception of storage, only be processed with your consent or for the purpose of establishing, exercising or defending legal claims or for the protecting of the rights of another natural or legal person or for reasons of an important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the conditions mentioned above, you will be informed by the controller before the restriction of processing is lifted.

 

4. Right to erasure

a) Obligation regarding erasure
You have the right to obtain from the controller the erasure of your personal data immediately and the controller is obliged to erase this data without delay where one of the following reasons applies:
(1) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
(2) you withdraw your consent on which the processing is based accordance to point (a) of Article 6 (1), or point (a) of Article 9 (2) GDPR and where there is no other legal ground for the processing;
(3) you submit an objection to the processing accordance to Article 21 (1) of the GDPR, and there are no legitimate reasons for the processing, or you lodge an objection against the processing accordance to Article 21 (2) of the GDPR;
(4) your personal data have been unlawfully processed;
(5) your personal data need to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
(6) your personal data have been collected in relation to the offer information society services referred to Article 8 (1);

b) Obligation to inform other controllers (third parties)
If the controller has made your personal data public and is obliged to erase them accordance to Article 17 (1) of the GDPR, he has to take reasonable steps, taking into account the available technology and the cost of implementation, including technical measures, to inform the controllers who process the personal data that you, as the person concerned, have requested the erasure of any links to, or copy or replication of those personal data.

c) Exceptions
The right to erasure does not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for fulfilment of a legal obligation which requires processing by the law of the Union or of the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or the exercise of official authority transferred to the controller;
(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9 (2) as well as Article 9 (3) of the GDPR;
(4) for archiving purposes in the public interest, scientific or historical research or for statistical purposes in accordance with Article 89 (1), insofar as the right referred to in paragraph 1 is likely to make it impossible or seriously impair the achievement of the objectives of such processing; or
(5) for the establishing, exercising or defending legal claims.

 

5. Notification obligation

If you have made use of your right to correct, erase or restrict the processing of your personal data, the controller is obliged to inform all recipients to whom the personal data have been disclosed of this correction or erasure of the data or limitation of the processing, unless this proves to be impossible or involves a disproportionate effort.
You have the right to be informed of these recipients by the controller.

 

6. Right to data portability

You have the right to receive the personal data relating to you which you have provided to the data controller, in a structured, commonly used and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by the controller, who has been provided with the personal data, where:
(1) the processing is based on a consent in accordance with the point (a) of Article 6 (1) or point (a) of Article 9 (2) or on a contract in accordance with the point (b) of Article 6 (1); and
(2) the processing is carried out using automated means.
In exercising this right, you also have the right to have your personal data are transmitted directly from one controller to another, as far as this is technically feasible. Freedoms and rights of other persons may not be affected thereby.
The right to data portability is not applicable to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority given to the data controller.

 

7. Right to object

For reasons arising from your particular situation, you have the right to object at any time to processing of personal data concerning you, which is carried out based on point (e) or (f) of Article 6 (1); this also applies to profiling based on these provisions.
The controller will no longer process the personal data concerning you, unless the controller can prove that there are compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to establish, exercise or defend legal claims.
Where the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
Where you object to the processing for the purposes of direct marketing, the personal data concerning you will no longer be processed for these purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you have the possibility of exercising your right to object by automated means using technical specifications.

 

8. Right to withdraw the declaration of consent under Data Protection Act

You have the right to withdraw your declaration of consent under Data Protection Act at any time. The withdrawal of the consent does not affect the legality of the processing carried out on the basis of the consent until the withdrawal.

 

9. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes this Regulation.
The supervisory authority with which the complaint has been lodged is to inform the complainant on the progress and the outcome of the complaint including the possibility of judicial remedy accordance to Article 78.
Landesbeauftragter für Datenschutz und Informationsfreiheit Baden-Württemberg: poststelle@lfdi.bwl.de

 

Contact details of our data protection officer:
datenschutz@k-m.de