Data Privacy Policy

Preamble  
In the following text, we will inform you about the collection of personal data during usage of our website. Personal data includes all data that relates to you personally, such as your name, address, Email addresses, and user behavior. 
 
1 Party Responsible for Data Processing 
The party responsible pursuant to Art. 4 Para. 7 of the EU General Data Protection Regulation (GDPR) is:  

KNF DAC GmbH  
c/o WeWork Companies Inc. 
Axel-Springer-Platz 3 
D-20355 Hamburg 
Legal representative: Alexander Huber, managing director.  
 
2 Methods of Contacting the Data Protection Officer 
You can reach our data protection officer by sending an Email to dataprivacy@knf.com with the subject “Data protection officer” or to our postal address with the additional line “Data protection officer.”  
 
3 General Data Collection when Calling up our Website 
If you use our website for informational purposes only, which is to say, if you do not register or transmit information to us in another manner, in addition to technical information about the terminal device (operating system, screen resolution, and other non-personal properties) and the browser (version and language settings) you use, we will collect the public IP address of the computer you use to visit our website, including the date and time of your access, in particular. We and our service provider are generally not aware of who is behind an IP address unless you provide us with data that makes this identification possible while you use our website. 

The data collected is required for technical reasons so we can present our website and guarantee both its stability and security.  

The legal basis for this is our legitimate interest pursuant to Art. 6 Para. 1 S. 1 f of the GDPR. 

In the scope of weighing interests according to Art. 6 Para. 1 S. 1 f of the GDPR, we have considered and weighed our interests in provisioning and your interest having your personal data processed in a manner that complies with data privacy legislation. The following data for provisioning our services is occasionally required for technical reasons in order to present our website to you and to guarantee its stability and security, and especially to protect against its misuse. In light of this, we reached the conclusion that this data can be processed (with state-of-the-art data security guaranteed), whereby your interest in processing that is compliant with data privacy legislation is taken into consideration appropriately. 

Recording data to provision the website and storing data in log files is absolutely necessary for the operation of the Internet site. Users therefore have no opportunity to object to this.

4 Cookies – General Information

 

5 Matomo

I Scope and purpose of processing of personal data

 

Our website uses the open source software tool Matomo, a service of “InnoCraft Ltd”. This company has its registered office at 7 Waterloo Quay PO625 Wellington, New Zealand. As InnoCraft is domiciled outside of the EU, InnoCraft has designated a representative in the EU: ePrivacy Holding GmbH, Grosse Bleichen 21, 20354 Hamburg.

Matomo uses cookies to enable analysis of the use of its website.

For this purpose, the user information which is recorded in the cookie (including your IP address truncated to two bytes) is communicated to a Matomo server located in the EU and used for the purpose of usage analysis.

Matomo does not communicate any data to servers which are outside of our sphere of influence. Your IP address is truncated to two bytes, so that you cannot be identified as a user. The information which we gather in relation to your use of the website is not communicated to third parties.

We use the recorded data for statistical analysis of user behavior for the purpose of optimizing the functionality and stability of the website, amending the content, and for improving our offers, as well as for compiling reports about website activities.

It is also used to provide further services to the operator of the website with regard to the use of the website and the Internet.

 

II Legal basis for the processing of personal data and revocation option

 

The legal basis for this data processing is your consent pursuant to Art. 6 (1) 1a of the GDPR.

You may revoke your consent at any time in the future by changing your cookie settings.

 

III Duration of storage

 

We only save analysis data for as long as it is needed for the purpose of data processing, however for a maximum of 180 days.

 

You can find further information about the terms of use and data privacy under https://matomo.org/terms/ and matomo.org/privacy/.

6 Google Tag Manager / Ad Manager 
If you grant your consent, we will use Google Tag Manager from the provider Google Ireland Limited (registry number: 368047), Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager itself does not record any personal data. Google Tag Manager helps us incorporate and manage our tags. Tags are small code elements that, among other things, serve to measure traffic and user behavior, record the effect of online advertising and social channels, set up re-marketing and orient it towards target groups, and test and optimize websites. We use Tag Manager for the service Google Analytics. If you have deactivated it, Google Tag Manager will consider this deactivation. For more information about Google Tag Manager, see: https://www.google.com/intl/de/tagmanager/use-policy.html

7 Contact Form / Contact Form Repairs

When you contact us by Email or with our contact form, we store the data you send us (your Email address and, if applicable, your name and phone number, customer number, and order number) in order to answer your questions. Where we have requested information that is not required to contact you on our contact form, we have indicated that this information is optional. This information helps us substantiate your inquiry and improve the processing of your issue. This information is provided expressly on a voluntary basis and with your consent pursuant to Art. 6 (1) 1a of the GDPR. As far as this constitutes information regarding communication channels (such as Email address and phone number), you also consent that we may also contact you via this communication channel in order to address your issue. You may revoke this consent at any time in the future via the Email address dataprivacy@knf.com.

 

If you send us your data via the contact form, we enter this into our CRM system in order to contact you in the future through the communication channels which you have stated. This may include e.g. newsletters or Emails relating to topics such as new products or services, or invitations to events. The purpose of this data processing is to establish and/or deepen contacts with our customers. The legal basis for this is Art. 6 (1) 1a of the GDPR. You may revoke this consent at any time in the future via the Email address dataprivacy@knf.com

 

The data which we receive when you contact us will be deleted as soon as they are no longer needed for the purpose for which they were obtained, processing of your issue has been completed, and no further communication with you is required.

 

The provider of our CRM system is: salesforce.com Germany GmbH, Erika-Mann-Strasse 31-37, 80636 Munich, Germany. This is a software solution, which covers various aspects. These include Contact Management, Opportunity Management and Lead Management. Your data will only be saved on servers in the EU or the EEA. However, depending on the inquiry, your data may be communicated to employees within the KNF Group who are responsible for processing your inquiry. If data is processed outside of the EU/EEA, we have concluded the standard EU contract provisions with the provider in order to establish a secure level of data privacy. Further information about the type and scope of data recording by the provider, as well as the storage periods can be found in the data privacy statement of the provider under www.salesforce.com/company/privacy/.

 

8 Friendly Captcha
To optimize the security of our forms, we use the "Friendly Captcha" service provided by FriendlyCaptcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany. The function of the tool is to distinguish whether the data entered into the contact form has been entered by a natural person or has been abused by a machine and automated processing. By using FriendlyCaptcha, we can block automated software and protect the website from spam and abuse.


No personal information is transmitted or processed when FriendlyCaptcha is used. More information about the terms of use and privacy can be found here: https://friendlycaptcha.com/privacy/gdpr/

 

9 Forwarding Data 
Your personal data will not be forwarded to third parties for purposes beside those mentioned. 

We will forward your data to third parties only if: 
• you have granted your express consent to this, 
• this forwarding is necessary for the assertion, exercise, or defense of legal claims, and there is no reason to assume that you have an overriding legitimate interest in the non-forwarding of your data, 
• there is a legal obligation to forward the data, and 
• this is legally permissible and necessary for processing contractual relationships with you, 
• and in the event of our legitimate interest.  

Your personal data is forwarded in the scope of a contact request initiated by you and using the contact forms. The data entered in the contact form is forwarded within the KNF Group in the process to make it possible to optimally respond to your inquiry. Some of our locations are too small to be able to effectively process inquiries. In this instance, larger locations can take over processing. The KNF Group’s joint access to contact requests thus benefits both you and us. The legal basis for forwarding is Art. 6 Para. 1 S. 1 f of the GDPR, which is to say, our legitimate interest in being able to give our customers the best possible answers and thus improve contact with customers.  

Additionally, our web hoster Corpex Internet GmbH, Schauenburgerstraße 6, 20095 Hamburg, has access to your personal data, which happens inevitably during the hosting process and cannot be avoided. However, in the scope of contractual agreements, we guarantee that our web hoster does not use your data in an unauthorized manner and, instead, stores it securely.  

We also use a virtual server via Amazon Web Services as a cloud solution, as well as its content delivery network CloudFront. Contractual agreements serve to protect your data in this instance as well.

The web server is located in Frankfurt.   

10 Newsletter  
With your consent in accordance with Article 6 Paragraph 1 (a) GDPR, you can subscribe to our blog newsletter, which we will use to provide you with information on our recently published blog articles.

Subscription to our newsletter takes the form of a double opt-in process. That means that, after you have subscribed, we will send an Email to the Email address provided, asking you to confirm that you wish to receive the newsletter. If you do not confirm your subscription, access to your information will be blocked and the information will be automatically erased after one month.

In addition, we will store the IP address you use to subscribe and to confirm your subscription, as well as the times at which you do so. The purpose of this process is to generate proof of your subscription and to be able to resolve any incidents of misuse of your personal data.

The only information which you must provide in order to receive the newsletter is your email address. Other specially indicated information can be disclosed voluntarily and will be used to address you personally. Once you have provided confirmation, we will store your Email address for the purpose of sending you the newsletter. The legal basis for this is Article 6 Paragraph 1 (a) GDPR.

You may withdraw your consent to receive our newsletter and unsubscribe from the newsletter at any time. This can be done by clicking on the link provided in every newsletter we send to you, or by contacting us at the Email address listed above.

We use the services of our processor MailChimp for the dispatch of newsletters. The provider is Rocket Science Group LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA.

MailChimp is a service with which, among other things, the dispatch of newsletters can be organised and analysed. When you enter data for the purpose of subscription to the newsletter (e.g. Email address), it will be stored on the MailChimp servers in the USA. The data transfer to the USA is based on standard contractual clauses approved by the European Union.

We use MailChimp to analyse our newsletter campaigns. When you open an Email dispatched using MailChimp, a file contained in the Email will connect to the MailChimp servers in the USA. It can then be established whether a newsletter message has been opened and which links have been clicked on. Furthermore, technical information is registered (e.g. time of Email check, IP address, browser type and operating system). This information cannot be put into connection with the respective newsletter recipient. It is used exclusively for statistical analyses of newsletter campaigns. The results of these analyses may be used to adapt future newsletters to the interests of the recipients.

If you do not want any analyses by MailChimp, you have to unsubscribe from the newsletter. For this purpose, a respective link is provided in each newsletter message. You can also unsubscribe from the newsletter directly on the website.

Data processing will be based on your consent (Article 6(1) lit. a GDPR). You can withdraw your consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already been carried out remains unaffected by the revocation. The data stored with us for the purpose of subscription to the newsletter will be stored until you unsubscribe from the newsletter, and will be deleted them from our and the MailChimp servers after the unsubscription from the newsletter. You can find more information in the MailChimp data protection regulations at:

https://mailchimp.com/legal/terms/.

 

11 Web store (US only)

 

Description of data processing
The processing of personal data is required to initiate and carry out the purchase or the purchase process. The following categories of data may be processed when you use our web shop:

• Product selection

• Master data (e.g. first name, last name, company, business field)

• Address data (e.g. street, zip code, state, country)

• Contact details (e.g. telephone number, e-mail address)

 

To order, you must set up a user account for convenient purchase processing. You have to assign a password.

 

Legal basis for data processing

The legal basis results from the fulfilment of a contract in accordance with Article 6 (1) (b) GDPR.

 

Purpose of data processing
The personal data are processed exclusively for the purposes of processing the order and then shipping the product.

 

Duration of data retention
Your personal data will be deleted as soon as the purpose required for processing has been achieved. If you would like to delete your user account, please let us know using the contact form so that we can delete it.

Different retention periods may arise due to legal requirements. Your personal data relating to the order will be deleted after 10 years.

 

Disclosure of data to third parties
Various payment service providers are available to process your order. As part of the payment process, we transmit the payment data for your order to the payment service provider you have commissioned. In some cases, data is also collected by the respective payment service providers themselves. You can find more information in the privacy policy of the respective payment service provider.
For the delivery of the products, we transmit your address data to the respective shipping service provider. You can find more information in the privacy policy of the respective shipping service provider.


12 Social Plugins / Tools 
LinkedIn 

This website uses LinkedIn’s social plugin.  
LinkedIn (operator: LinkedIn, 1000 W Maude, Sunnyvale, CA 94085, USA) 
By default, this plugin normally records data from you and transmits it to the provider’s servers. To guarantee your privacy is protected, we have taken technical measures that ensure the plugin provider cannot record your data without your consent. When you call up a page into which the plugin is incorporated, it is deactivated at first. Only after you click on the symbol in question is the plugin activated, and you thereby grant your consent to your data being transferred to the provider. The legal basis for using the plugin is Art. 6 Para. 1 a of the GDPR. 
 
After it is activated, the plugin also records personal data, such as your IP address, and sends it to the provider’s servers, where it is stored . Additionally, the activated social plugin sets a cookie with a unique identifier when the website in question is called up. As a result, the provider can also create profiles about your usage behavior. This happens even if you are not a member of the provider’s social network. If you are a member of the provider’s social network and you are logged into the social network when you visit this website, your data and information about the visit to this website can be linked with your profile on the social network. We have no influence on the scope of data the provider collects from you. For more information about the scope, type, and purpose of data processing and about rights and possible settings for protecting your privacy, please see the data privacy statements issued by the social network provider. You can call it up at the following address: 
https://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com%7Cli-other 
 
Vimeo 
Our website uses plugins from the video portal Vimeo. The provider is Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. 

If you visit one of our pages that features a plugin from Vimeo, a connection to Vimeo’s servers is established. When this happens, the Vimeo server is informed about which of our pages you have visited. Vimeo also receives your IP address. This applies even if you are not logged into Vimeo and do not have an account with Vimeo. The information Vimeo records is transmitted to Vimeo’s servers in the USA. 

If you are logged into your Vimeo account, you enable Vimeo to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your Vimeo account. 

You can find additional information about how user data is handled in Vimeo’s privacy policy at: https://vimeo.com/privacy
 
13 LiveChat
Within the scope of our LiveChat function, we collect the following personal data from you:
• Name
• Email address
• Static IP address
• Time and date of the chats
• Content data of the chats
• Uploaded files
• Country and geolocation
• Operating system and browser
• Visited subpages on our website

The legal basis for processing this data is our legitimate interest in providing tailored support, marketing and improving our products and services pursuant to Art. 6 Para. 1 f GDPR. The provider of the LiveChat function is our order processor, LiveChat, Inc. Attn: 101 Arch Street, 8th Floor, Boston, MA 02110, United States of America. Your data will be processed exclusively within the European Union.

14 Instruction: Rights of Persons Affected  
Every person affected has the right to information pursuant to Art. 15 of the GDPR, the right to correction pursuant to Art. 16 of the GDPR, the right to deletion pursuant to Art. 17 of the GDPR, the right to restriction of processing pursuant to Art. 18 of the GDPR, the right to objection issuing from Art. 21 of the GDPR, and the right to data transferability issuing from Art. 20 of the GDPR.

Instruction on the option of lodging a complaint 
You also have the right to lodge a complaint concerning our processing of your personal data with the responsible data protection supervisory authority. 

Instruction on revocation of consent 
Once you have granted us your consent to the processing of personal data, you may revoke it at any time. Please note that the revocation shall be effective only for the future. It shall not impact any processing that took place before the revocation. 

Right of objection 
Pursuant to Art. 21 Para. 1 S. 1 of the GDPR, you have the right to file an objection against the processing of your personal data based upon Art. 6 Para. 1 S. 1 e or f of the GDPR at all times. Please note that the objection shall be effective only for the future. It shall not impact any processing that took place before the objection. 

If any necessary reasons that are worthy of protection speak in favor of processing on our part and outweigh your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims, no objection shall be possible.  

15 Additional Information for Certain Jurisdictions
We provide additional information about the privacy, collection, and use of personal information of prospective and current customers of KNF located in certain jurisdictions.

California 
The California Consumer Privacy Act (“CCPA”) provides California residents (referred to here as “consumers”) with the following rights as it relates to the personal information collected by KNF about that consumer.
• Right to Know: A consumer has a right to request that KNF disclose to that consumer what personal information KNF collects, uses, discloses and (if KNF were to sell any personal information) sells.
• Right to Delete: A consumer has a right to request the deletion of that consumer’s personal information that KNF has collected from that consumer, although certain exceptions may apply.
• Right to Opt Out of Sales: California law treats disclosures of personal information by KNF in exchange for valuable consideration as “sales.”  KNF does not engage in any such sales.  If KNF were to engage in any such sales, then a consumer would have the right to opt out of those sales.
• Right to Opt Out of Financial Incentive Programs:  If KNF were to offer any financial incentive programs (in other words, a program in which KNF were to offer a consumer a price or service differential in exchange for the consumer providing personal information to KNF), then a consumer would have the right to opt out of those programs.  KNF does not offer any such programs.
• Right of Non-Discrimination: A consumer has the right not to receive discriminatory treatment by KNF for exercising that consumer’s rights under the CCPA.

If you are a California resident, or an authorized agent acting on behalf of a California resident, and would like to exercise any of these rights, you can do so by any of the following methods: (1) send an Email to the following address: dataprivacy@knf.com; or (2) call the following telephone number (toll-free in the United States): (844) 876-9908

When KNF receives any such request, KNF will, before providing that information, ask for verification of that request. That verification, which may include copies of documentation, is needed to confirm, with at least a reasonable degree of certainty, the identity of the consumer and that the consumer is a California resident. In addition, if the request is made by an authorized agent acting on behalf of a California resident, then KNF will also request confirmation from the consumer that the agent is authorized by that consumer to act on behalf of that consumer with respect to that request, as well as the identity of the agent. The specific type and scope of information requested by KNF to verify that request will depend on the circumstances and may depend on various factors, including (for example) the type and sensitivity of the personal information, and whether any information to be provided for that verification is sufficiently robust to protect against fraudulent requests or being spoofed or fabricated.

Canada
If a person is located in Canada, then the person will have following rights under Canada’s Personal Information Protection and Electronic Documents Act ("PIPEDA"):
• ask whether we hold personal information about you and request copies of such personal information and information about how it is processed;
• request that inaccurate personal information is corrected;
• request deletion of personal information that is no longer necessary for the purposes underlying the processing, processed based on withdrawn consent, or processed in non-compliance with applicable legal requirements; and
• lodge a complaint with us regarding our practices related to your personal information.

You can exercise your rights of access, rectification, erasure, restriction, or complaint by contacting us. If you wish to do any of these things, please send an Email to the following address: dataprivacy@knf.com.

16 Links to other Websites 
Our websites may contain links to other websites. We would like to indicate that this data privacy policy applies only to the websites of KNF DAC GmbH. We exert no influence over other sites and do not monitor whether other providers comply with the applicable data protection legislation. 

17 Changes to the Data Privacy Policy 
We reserve the right to change or modify this data privacy policy at any time, taking the applicable data protection legislation into consideration.