Kapten & Son PRIVACY POLICY

 

1. General

We are pleased that you are interested in our company. Data protection is extremely important to us. This Privacy Policy contains information about data processing at our company – especially through our website and during the ordering process – insofar as your data is also affected by this data processing.Firstly, if you want an introduction to the subject of data protection and general information about the definitions used in the General Data Protection Regulation, you will find these (in German) on the Federal Data Protection Commissioner’s site which is available at https://www.bfdi.bund.de/DE/Datenschutz/datenschutz-node.html.

2. Further information about the data controller

2.1 The data controller who is responsible for the processing of your personal data is Kapten & Son GmbH, Agrippinawerft 28, 50678 Cologne, Germany. If you have any general questions, you can either contact us by telephone on +49 251 32359357 or by email at ahoy@kapten-son.com. Further information is also available on our website at www.kapten-son.com.

2.2 If you have questions about data protection or how to exercise your rights according to data protection law (see section 9), please contact our Data Protection Officer by sending a letter to the above address or by emailing Datenschutzbeauftragter@kapten-son.com.

3. We process your personal data during the following activities

3.1 Visiting our website without signing in

If you visit our website without signing in, registering or filling in any other input boxes on the website, we will process your personal data as follows:

3.1.1 For the purpose of providing our website, we process the name of the website that has been accessed, the data that has been retrieved, the date and time of the access, the volume of data that has been transmitted, a report about the successful access, the type and version of the browser, the user's operating system, the referrer URL (the site that had been visited beforehand) and the IP address of all visitors to the website. This processing is technically necessary in order to facilitate the use of our website (Art. 6(1)(b) GDPR). When your visit to our website has ended, this data will be deleted unless individual pieces of information continue to be processed for the reasons given below.

3.1.2 We process the IP addresses and [categories of data] of all visitors to our webpages to identify and prevent attacks targeted at our website and the technical infrastructure (e.g. hacking and denial-of-service attacks). This processing is used to comply with our legal obligation to take safeguarding measures (Art. 6(1)(c) GDPR). The data is deleted seven (7) days after your visit to our website has ended, unless an attempted attack has been identified. If your connection has been identified as the source of an attempted attack, the data will continue to be processed to complete the technical overhaul and for prosecution purposes, if applicable.

3.1.3 Fonts from MyFonts Inc. 600 Unicorn Park Drive, Woburn, MA 01801, USA have been dynamically embedded in our website for the purpose of presenting our website’s unique design. This means IP addresses are communicated. This communication is technically necessary so that the data containing the type of font is transmitted from the third-party provider’s server to the website user’s device, and so that our website can be correctly displayed to the website user (Art. 6(1)(b) GDPR). Our server does not specifically store the data for this purpose. Further information about the MyFonts Privacy Policy is available here: //www.monotype.com/legal/privacy-policy/

3.2 Visiting our website and registering

3.2.1 You can register on our website by creating a user account. When you register, you will be able to conclude your orders on our website more quickly and more easily, store a number of shipping addresses, and view and track orders. As part of the registration, we process your first and last names, your email address and a password of your own choice. This processing is used in the performance of, and for compliance with the user agreement (Art. 6(1)(b) GDPR). We will continue to hold your data while your user account remains active. You can delete your customer account yourself. The data will also be deleted unless we are legally required to retain it.

3.2.2 The same form of data processing as described in section 3.1 will also be carried out.

3.3 Ordering through our online shop

3.3.1 When an order is placed in our online shop, we collect the following data from the person who placed the order: name, address, date of birth, telephone number, gender and email address. We need this data so that we can process the purchase agreement, dispatch the goods, generate an invoice and manage the guarantees and the returns. We need to process this data to fulfil the purchase agreement concluded via our online shop (Art. 6(1)(b) GDPR). We will delete this data as soon as we no longer need it for the above purposes and provided that we are no longer legally required to retain it. In the latter case, we will not actually delete your data, but we will block it to prevent any further processing.

3.3.2 We process your payment details to settle payments when you have used our website to purchase a product. We will forward your payment details to a third party (e.g. to a credit card provider if you are paying by credit card), depending on the method of payment you have selected. The following payment methods can be selected when placing an order:

a) If you are paying by PayPal, or using PayPal to make credit card or direct debit payments, “payment on account” or “payment in instalments”, we will pass your payment details on to PayPal (Europe) S.a.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (subsequently referred to as “PayPal”) within the context of the payment settlement. This data needs to be processed for the performance of, and compliance with the contract (Art. 6(1)(b) GDPR). We will only pass on this data if and when it is required for processing the payment. PayPal reserves the right to perform a credit check when PayPal is used for credit card payments, direct debit payments or – if available – “payment on account” or “payment in instalments”. This will mean your payment details may be disclosed to credit reference agencies in accordance with Art. 6(1)(f) GDPR on the grounds that PayPal has a legitimate interest in establishing your ability to pay. PayPal uses the credit check results relating to the statistical probability of non-payment so that it can decide whether or not to provide the respective payment method. The credit check may include probability values (scores). When scores influence the results of a credit check, these are based on a scientifically recognised mathematical and statistical procedure. The calculation of score values is based in part, but not exclusively, on address data. You can object to this processing of your data at any time by notifying PayPal. Nevertheless, PayPal may still be entitled to process your personal data if this is required in order to settle payments according to the terms of a contract. Additional information about data protection law, including information about the credit reference agencies used, is available in the PayPal Privacy Policy at: https://www.paypal.com/br/webapps/mpp/ua/privacy-full?locale.x=en_BR

b) If you choose to use Amazon Pay as a payment method, we will first pass your payment details on to Amazon Payments Europe s.c.a., followed by Amazon EU SARL, Amazon Services Europe SARL and Amazon Media EU SARL within the context of settling the payment. These three (subsequently referred to as “Amazon Payments”) are all based at 5, Rue Plaetis L 2338 Luxembourg. Amazon Payments reserves the right to perform a credit check. Amazon Payments uses the credit check results relating to the statistical probability of non-payment so that it can decide whether or not to provide the respective payment method. The credit check may include probability values (scores). When scores influence the results of a credit check, these are based on a scientifically recognised mathematical and statistical procedure. The calculation of scores is based on address data, among other things. In addition, Amazon Payments is entitled to disclose your data to unnamed third parties (banks, e-service providers and service partners as well as auditors, analytics services, credit reference agencies, marketing partners, cloud service providers, retargeting providers and affiliated companies) among others. This data needs to be processed for the performance of, and compliance with the contract (Art. 6(1)(b) GDPR). Further information about data protection regulations and the credit reference agencies used, among other things, is available in the Amazon Payments Privacy Notice at: https://pay.amazon.com/uk/help/201751600

c) If you choose to pay by credit card or iDeal, we will use the BS Payone payment service. This service is provided by BS PAYONE GmbH, Lyoner Strasse 9, 60528 Frankfurt/Main, Germany and is certified according to the Payment Card Industry Data Security Standard (PCI DSS). Your credit card details will be collected and processed by BS PAYONE directly, and will not be stored by us. We will only pass on your payment details if and when they are required for processing the payment. If this payment method is chosen, this data will need to be processed for the performance of, and compliance with the contract (Art. 6(1)(b) GDPR). The BS PAYONE GmbH Privacy Policy is available (in German) at: https://www.payone.com/datenschutz/.

d) If you choose to use a prepayment payment method, we will use the payment service provider, Komfortkasse.eu. We will forward Komfortkasse.eu your name, your email address, the price to be paid and the names of the products purchased. This payment service is provided by LTC Information Services GmbH, Business Tower, Seligenstädter Str. 107, 63073 Offenbach am Main, Germany. The information will only be disclosed for the purpose of the payment settlement. This data needs to be processed for the performance of, and compliance with the contract (Art. 6(1)(b) GDPR). The Komfortkasse Privacy Policy is available (in German) here: https://komfortkasse.eu/datenschutz.

3.3.3 Sharing data with third parties within the context of processing an order

When processing an order, we use services provided by a number of different partners so that the order can be handled correctly and we can provide you with advertisements for other interesting products. To accomplish this, we work with the following partners:

a) We instruct parcelLab to send out transactional emails so that you can always track your order. These transactional emails will be sent to you after your order has been dispatched and will contain information about the delivery status of your order. We therefore send parcelLab your name, your email address, your postal address, information about your order and the tracking number. This processing is necessary in order to protect our overriding legitimate interest (Art. 6(1)(f) GDPR) in being able to offer you the service described above. parcelLab is contractually obliged to use this information solely for the purpose described above and in accordance with our instructions. Further information about the purpose and scope of the data collection and its processing by parcelLab is available in the parcelLab Privacy Policy at https://parcellab.com/en/privacy-policy/

b) We use Deventer KontraktLogistik GmbH as our logistics service provider. Deventer KontraktLogistik GmbH performs logistics services on our behalf. To this end, we forward Deventer KontraktLogistik your name, and the recipient's address, your email address, telephone number, customer reference number, the name of the invoice recipient and the invoice address. Deventer KontraktLogistik GmbH is contractually obliged to use this information solely for the purpose described above and in accordance with our instructions.

3.3.4 Advertising supplements with the order

We use Adnymics so that we can send you flyers about other Kapten & Son products that will be of interest to you. We forward Adnymics data that will indicate which products you have viewed on our website so that we can find out what you are interested in. This processing is necessary in order to protect our overriding legitimate interest (Art. 6(1)(f) GDPR) in being able to offer you targeted advertising about other products that may be of interest to you. The data that has been processed in this regard will be deleted when the purpose has been achieved. Adnymics is contractually obliged to use this information solely for the purpose described above and in accordance with our instructions.

3.4 Back in stock notification

If one of our products is no longer in stock, you can set up a reminder for this product. We have provided a text box where you can enter your email address for this purpose on the product page. As soon as the specific product is available again, we will send an email with the relevant information to the email address you have provided. This data needs to be processed for the performance of, and compliance with the contract (Art. 6(1)(b) GDPR). After the reminder email has been sent, your email address will be deleted.

3.5 Cookies

3.5.1 We use cookies on our website. Cookies are small text files. They enable us to store information that specifically relates to you, the user, and the use of our website. The cookies we use can be categorised as cookies that are essential for technical purposes, cookies that are not essential for technical purposes, and third-party cookies. Cookies that are essential for technical purposes are absolutely necessary for ensuring that all the functions of our website work. Without these cookies, we cannot guarantee that our website will be able to be used properly. Cookies that are not essential for technical purposes are those cookies that, for example, enable us to recognise you as a customer when you return to our website. This means we can restore the settings you selected during your first visit to our website. These cookies also help us to analyse user behaviour with regards to our web shop.Third-party cookies record your visit to our website, other websites that you have visited, and the links that you have used. We use this information to optimise our website and the advertising that we have sent to you and to tailor them to your interests.

a) We store cookies that are essential for technical purposes on the website visitor’s device so that we can provide our website and personalise our website display. These cookies hold the following data: An identifier that acts as an identifying feature so that the user’s various related enquiries can be recognised, and categories of the website that have been retrieved, the language settings and the contents of the shopping cart can be attributed to a session. This processing is technically necessary in order to facilitate the use of our website (Art. 6(1)(b) GDPR). All cookies are enabled, blocked or deleted (e.g. when you close the web browser) according to the settings stored in your web browser. If cookies are deactivated for our website, you may not be able to use all features of their website to their full extent.

b) The following third-party cookies have been set on our website so that we can tailor our online offers to your interests. Our objective is that you will only receive advertisements about products that you are actually interested in.

aa) During visits to our website, Google stores or processes cookies on the website visitor’s device so that Google Analytics can analyse user behaviour. This means that the IP address (truncated and anonymised by means of the anonymisation function), the website from which a data subject visited a website (known as the “referrer”), which subpages were accessed and how often and for how long a subpage was viewed are forwarded to Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA and processed there. The processing that takes place there is largely used to optimise our website and to analyse the cost-effectiveness of internet advertising. Google also uses the data and information gathered to evaluate the use of our website among other things, so that it can compile online reports for us about the activities on our website and provide additional services associated with the use of our website. This processing is necessary to protect our overriding legitimate interest (Art. 6(1)(f) GDPR) in being able to improve our website continually and adapt it to suit the interests and wishes of the visitors to our website, and so that the presentation of our company and its products can be as targeted as possible. These cookies are deleted according to the settings stored in your web browser (e.g. when you close the web browser). You can prevent cookies from being stored by selecting the relevant setting in your browser; please note, however, that this will mean you may not be able to make full use of all the features available on this website. You can also prevent Google from collecting and processing the data generated by the cookie relating to your use of the website (including your IP address) by downloading and installing the browser plugin available via the following link: https://tools.google.com/dlpage/gaoptout?hl=en. Information about the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Terms of Service: https://www.google.com/analytics/terms/gb.html, overview of data protection: https://support.google.com/analytics/answer/6004245?hl=en, and Privacy Policy: https://policies.google.com/privacy?hl=en.

bb) We use Bing Ads to optimise our promotional activities and to broadcast our advertisements. Bing Ads is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (“Microsoft”). If a Microsoft Bing Ad redirects you to our website, a cookie is set on your device so that you can use this service. This enables Microsoft and us to see that someone has clicked on an advertisement and has been redirected to our website and reached a predefined destination page (“conversion site”). We can then find out how many users in total have clicked on this Bing Ad and been redirected to our website. Microsoft processes information generated by the cookie to create a pseudonymised user profile. These user profiles are used to analyse visitor behaviour and stream advertisements. This data processing is necessary in order to protect our overriding legitimate interest (Art. 6(1)(f) GDPR) in optimising the advertising on our website for the benefit of users. These cookies are deleted according to the settings stored in your web browser (e.g. when you close the web browser). A cookie is set on the basis of the relevant browser settings. You can also prevent Microsoft from collecting and processing the data generated by the cookie relating to your use of the website by using the following link to state that you object: http://choice.microsoft.com/opt-out. Further information about data protection and the cookies used by Microsoft and Bing Ads is available on the Microsoft website at https://privacy.microsoft.com/en-gb/privacystatement

cc) We use Criteo Dynamic Retargeting technology so that we can ensure that only personalised advertising is played to the visitors to our website. Using this technology means we can store anonymised information in cookies on the website visitor’s device. This is information about the surfing behaviour of visitors to our website while they are on our website. Criteo GmbH then analyses the recorded surfing behaviour and can subsequently display targeted product recommendations as personalised advertising banners on websites (known as publishers) that the user accesses after visiting our website. This data processing is necessary in order to protect our overriding legitimate interest (Art. 6(1)(f) GDPR) in only showing our website visitors advertisements for products that would be of interest to the user. These cookies are deleted according to the settings stored in your web browser (e.g. when you close the web browser). You can prevent the Criteo service from storing and using information by clicking on the following link (https://www.criteo.com/privacy/) and switching the opt-out setting to “ON”. If you select “ON”, a new cookie (opt-out cookie) will be set in your browser. This cookie notifies the Criteo service that data about your user behaviour may no longer be collected and processed. You have the option of enabling this function again by switching the setting to “OFF”. Please note that you will need to adjust this setting for each browser that you use. If all cookies are deleted in your browser, this will also affect the opt-out cookie.

dd) We use the “Google AdWords” online advertising program, which in turn uses conversion tracking, so that we can analyse the effectiveness of advertising. When a user clicks on an advertisement delivered by Google, the conversion tracking cookie is set and transmitted to Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. These cookies expire after 30 days and are not used for personal identification. If the user visits particular pages on this website and the cookie has not yet expired, we and Google can see that the user has clicked on the advertisement and was redirected to this page. Every Google AdWords customer receives a different cookie. This means cookies cannot be tracked across the websites of AdWords customers. The information obtained with the help of the conversion cookie is used to compile conversion statistics for AdWords customers who have opted to use conversion tracking. Customers find out the total number of users who have clicked on their advertisement and been redirected to a page containing a conversion tracking tag. Customers do not, however, receive any information that can be used to personally identify users. The processing is necessary in order to protect our overriding legitimate interest (Art. 6(1)(f) GDPR) in being able to calculate the reach of our advertising and measure its cost-effectiveness so that the advertising is as targeted as possible. The transfer of data to the United States of America is based on an adequacy decision taken by the EU Commission (Art. 45 GDPR) because the recipient participates in the “EU-US Privacy Shield” scheme. The cookies are deleted after 30 days unless your web browser has been set differently so that they are deleted at an earlier stage.

ee) We use the advertising tool, Outbrain, on our website. This service is provided by Outbrain UK Limited5 New Bridge Street, London, EC4V 6JA, UK. It refers our website users to other content that they might also find interesting and that is available on our website and on third-party websites. To do this, Outbrain sets a cookie on the user's device. Recommendations made by Outbrain are based on previous content that has been retrieved by the user. This data processing is necessary in order to protect our overriding legitimate interest (Art. 6(1)(f) GDPR) in optimising our website and advertising for the benefit of our users. The cookies are deleted according to the settings stored in your web browser (e.g. when you close the web browser). You can find more information about Outbrain’s data protection at http://www.outbrain.com/legal/privacy. You can object to the tracking for the purpose of displaying recommendations based on your interests at any time. To do this, click on the “opt-out” field in Outbrain’s Privacy Policy which is available at http://www.outbrain.com/legal/privacy.

ff) We use the AWIN performance advertising network on our website. This service is provided by AWIN AG, Eichhornstrasse 3, 10785 Berlin, Germany (“AWIN”). As part of the tracking service, AWIN documents transactions (e.g. involving leads and sales) by storing cookies on the devices of users who visit or use its customers’ websites or other online services (e.g. registering for a newsletter). These cookies are used solely so that the success of advertising material can be tracked correctly and can be accounted for accordingly within the context of the network. AWIN does not collect, process or use personal data in this respect. The cookie only collects information indicating when a device is used to click on specific advertising materials. An individual number sequence is stored in the AWIN tracking cookies but this cannot be attributed to the individual user. It is used to document the partner program of an advertiser, the publisher and the time of the user's action (click or view). In this process, AWIN also collects information about the device used to carry out the transaction – e.g. the operating system and the browser used. This data processing is necessary in order to protect our overriding legitimate interest (Art. 6(1)(f) GDPR) in optimising the advertising on our website for the benefit of users. The cookies are deleted according to the settings stored in your web browser (e.g. when you close the web browser). You will find further information about how AWIN processes data at: https://www.awin.com/gb/legal

gg) If you go to More tools/Internet options in the relevant browser, you can disable the storage of cookies, limit these to specific websites or set your browser so that you are notified as soon as a cookie is sent. Please note, however, that this is likely to restrict the display of the online services and limit the user navigation. You can also delete cookies at any time. In this case, your device will remove the information that has been stored there.

4. Website analysis and tracking

4.1 We use the “Custom Audiences” remarketing function provided by Facebook. This service is provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. It enables us to respond to our website visitors with targeted advertising in Facebook. A Facebook remarketing pixel has been integrated on our website to facilitate this promotional activity. This pixel is used to establish a direct link to the Facebook servers when the website is visited. In doing so, we forward your IP address to Facebook. In addition, Facebook learns which of our websites you have visited and can then assign interests to your personal Facebook user account. It is then possible to import personalised advertising into your Facebook network for you. This data processing is necessary in order to protect our overriding legitimate interest (Art. 6(1)(f) GDPR) in only showing our website visitors advertisements of products that would be of interest to the user. You will find further information about Facebook's collection and use of data in Facebook's Privacy Notice which is available at https://www.facebook.com/about/privacy/. If you do not wish Facebook to assign the information it has collected directly to your Facebook user account, you can disable the “Custom Audiences” remarketing function. You need to log into Facebook to do this.

4.2 We use the “conversion pixel”, which is Facebook’s pixel for tracking user behaviour This service is provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). When this pixel is retrieved from your browser, Facebook can subsequently identify whether a Facebook advertisement was successful – in other words, whether it resulted in an online purchase, for example. In this regard, we only receive statistical data from Facebook that does not relate to a specific person. This enables us to measure the effectiveness of Facebook advertisements for statistical and market research purposes. Particularly if you have registered with Facebook, please also refer to its information on data protection which is available at www.facebook.com/about/privacy/. This data processing is necessary in order to protect our overriding legitimate interest (Art. 6(1)(f) GDPR) in only showing our website visitors advertisements of products that would be of interest to the user.

4.3 We use a Pinterest tag on our website. This technology is provided by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). This tag is a pixel file that is integrated into our website and notifies Pinterest which subpages you have visited on our website. Pinterest uses this information to send you targeted advertising. This data processing is necessary in order to protect our overriding legitimate interest (Art. 6(1)(f) GDPR) in only showing our website visitors advertisements of products that would be of interest to the users on Pinterest.

4.4 We have integrated the Trustedshops Trustbadge feature. The Trustbadge from Trusted Shops is integrated on this website to display our Trusted Shops quality seal and any ratings that may have been collected as well as offer Trusted Shops’ products to buyers who have placed an order. When considering the interests at stake, this protects our overriding legitimate interest (Art. 6(1)(f) GDPR) in the optimum marketing of the products we have on offer. Trustbadge and the associated services are provided by Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne, Germany. When Trustbadge is accessed, the web server automatically saves a “server log file” which contains items such as your IP address, the date and time of the access, the volume of data that has been transmitted and the requesting provider (access data), for example, and documents the request. This access data is not analysed and is automatically overwritten no more than seven days after your visit to our website has ended. Further personal data is only transferred to Trusted Shops with your consent, if you decide to use Trusted Shops products after completing an order or if you have already registered to use Trusted Shops. In this case, the contractual agreement concluded between you and Trusted Shops applies.

5. Social Plugins on our website

The Pinterest social network plugin is integrated into our website. This social network is provided by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). You can recognise the Pinterest plugin by the “Save button” on our web page. If you click on the Pinterest “Save button" while you are logged into your Pinterest account, you can link the contents of our webpages to your Pinterest profile. In this way, Pinterest to can link the visit to our pages to your user account. Please note that we do not receive information on the contents of the data that is communicated or its use by Pinterest. This data processing is necessary in order to protect our overriding legitimate interest (Art. 6(1)(f) GDPR) in optimising the advertising on our website for the benefit of users. Further information is available in the Pinterest privacy policy statement at: https://policy.pinterest.com/en/privacy-policy.

6. Contacting us

You can contact us in a number of ways:

6.1 If you use our contact form, the information you provide will be processed and stored by us so that we can respond to your query and the questions associated with this. We only process the personal data entered on the contact form in order to process the contact that has been established. The processing of your IP address during the sending procedure serves to prevent misuse of the contact form and ensures our IT system is safe and secure. If you use our contact form to contact us, you will need to provide your first and last names and your email address. We need your name so that we can refer to your enquiry in the reply and so that we can address you in person. We need the email address so that we can send you our answer. You can also provide us with optional details such as the order number, telephone number, your home country and a reference for the contact enquiry, which may help us when we respond to your query. Art. 6(1)(b) GDPR is the legal basis for processing the information provided via the contact form. We delete the data collected in this context when it is no longer necessary to store it, or we restrict the processing if there is a legal requirement to retain it.

6.2 If you contact us by email, we will only use the personal data that you have provided us with to process the specific enquiry. The enquiry is processed for the performance and fulfilment of the contract (Art. 6(1)(b) GDPR). We use the Zendesk ticket system to process customer enquiries by email. This customer services platform is provided by Zendesk Inc., 989 Market Street #300, San Francisco, CA 94102, USA. During this process, the data you have sent us, such as your first and last names and your email address, for example, is processed in the ticket system so that we can respond to your enquiry. Zendesk is a certified participant of the “Privacy Shield Agreement” and therefore complies with the minimum requirements for a legally compliant data processing contract. Further information about Zendesk’s data processing is available in the Zendesk privacy policy which is available at //www.zendesk.com/company/privacy. If you have any questions, you can also contact Zendesk’s Data Protection Officer directly at: privacy@zendesk.com.

6.3 We process the first and last names, the telephone number, the caller’s customer number, additional personal data the caller has provided over the phone, and information about the content of the telephone enquiry in order to process general telephone enquiries and to respond to customers’ telephone enquiries. This processing is required for the performance of, and compliance with the contract (Art. 6(1)(b) GDPR). As soon as the concerns raised by the person making the enquiry have been fully dealt with, the processing is restricted so that it specifically relates to the enquiry (e.g. customers’ use of our products or advertising for our services within the context of acquiring new customers), depending on the content of the enquiry. The data is automatically deleted after the intended purpose has been achieved and all statutory retention obligations, in particular with respect to commercial and tax law, have been met.

6.4 If you contact us via our presence on the Facebook, LinkedIn or Instagram social network sites, we will process the personal data that you have stored on the respective social network sites. We need to process your data to deal with your enquiry (Art. 6(1)(b) GDPR). The data is automatically deleted after the intended purpose has been achieved and all statutory retention obligations, in particular with respect to commercial and tax law, have been met.

7. Newsletter

We offer a newsletter facility on our website. If you would like to receive the newsletter that we offer on the website, you can request it by means of the box provided for this purpose on our website. We will then send you an email with a confirmation link which you need to click on to activate the newsletter service. When you click on this link, you are both confirming that you are the owner of the email address that has been provided and stating that you consent to receiving the newsletter at the same time. The data will be processed exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You can withdraw your consent to the storage of the data and the email address and the use of these to send out the newsletter at any time. Please refer to section 9.2.4 of this Privacy Policy. We will store the data we collected from you when you subscribed to the newsletter until you unsubscribe from the newsletter and we will delete it after you have unsubscribed. This will not affect data that we have stored for other purposes (e.g. email addresses for the members’ area).

8. Applying to work for Kapten & Son

If you would like to work with us and for Kapten & Son, you can submit an online application to the email address on our website […]. We will only use the personal data you send us in this regard to process your application. During the course of the application process, we will forward your data to the corresponding internal department relating to the job description. Your data is not used for other purposes that are not linked to the application and, in particular, it is not disclosed to third-party companies. We process your data to make decisions about the beginning of an employment relationship (Section 26(1) German Federal Data Protection Act (BDSG – Bundesdatenschutzgesetz) 2018). After the application process has been completed and the relevant statutory periods have lapsed, we will delete the data involved in your application. We will only continue to store this data, for example for future vacancies that may arise, if you have expressly given your prior consent to this storage.If you apply by post or use the LinkedIn careers network, the data processing will be treated in the same way as for an email application.

9. Your rights as the data subject

9.1 You can assert your rights vis-à-vis us at any time by sending a letter to the address listed above in section 2.1.or an email to the address listed in section 2.2. Please bear in mind that we cannot process any enquiries about personal data over the telephone as the identity of the caller cannot usually be established with sufficient certainty.

9.2 You have the following rights vis-à-vis us and the personal data concerning you:

9.2.1 At any time, you can assert your right to access (Art. 15 GDPR), right to rectification (Art. 16 GDPR), right to erasure (Art. 17 GDPR) and right to restriction of processing, i.e. blocking for specific purposes (Art. 18 GDPR), if the relevant legal requirements have been met.

9.2.2 Your right to data portability (Art. 20 GDPR) also states that you can ask us to provide you with the data concerning you in a structured, commonly used and machine-readable format, or have it forwarded to another data controller named by you if this is technically feasible and if the legal requirements have been met.

9.2.3 You have a right to object to the processing (Art. 21 GDPR) for specific processing purposes, especially for advertising purposes. If we process your data on the grounds that we have considered the interests at stake (according to Art. 6(1)(f) GDPR), you have the right to object to this processing at any time, for reasons relating to your particular situation. Such reasons exist especially if they add particular weight to your interests and override our interests as a result. An example would be if we had not known about these reasons and had therefore been unable to take them into account when considering the interests at stake.

9.2.4 You have the right to withdraw your consent to data processing at any time. The withdrawal of consent will not affect the legality of the data processing that had already taken place until consent was withdrawn.

9.3 You also have the right to contact the relevant data protection supervisory authority if you have any questions or complaints concerning our processing of your personal data.

10. Security of your data

10.1 We use appropriate and modern security measures to protect your data against loss, misuse or modification. Only authorised staff have access to your personal data at our company. We do all that we possibly can to prevent a breach of your rights and avoid risks to your personal data.

10.2 Please remember that transmitting data over the internet is never fully secure. We are unable to guarantee the security of the data entered onto our website while it is being transmitted over the internet. You do this at your own risk.

11. Changes to this Privacy Policy

We reserve the right to change this Privacy Policy when we are updating our website or making changes to our data processing procedures. For this reason, we recommend you check our Privacy Policy regularly so that you are aware of any changes. This Privacy Policy was last updated on 25.05.2018.