1. Data protection at a glance
Data collection on this website
Who is responsible for collecting data on this website?
How do we collect your data?
There are two ways in which we collect data. One is by storing the data you provide us with, which could, for example, be data that you enter in a contact form.
The other way we collect data is through our IT systems, either automatically or with your consent when visiting our website. This primarily includes technical data (e.g. internet browser, operating system or time of page access). This data is collected automatically as soon as you access this website.
What do we use your data for?
Some of the data we collect is used to ensure that you can properly view and access our website. We also collect data for analysing user behaviour.
What are your rights regarding your data?
You have the right to request information about the origin, recipient and purpose of the personal data that we hold about you free of charge and at any time. You also have the right to request the correction or deletion of this data. If you have consented to your data being processed, you can revoke this consent at any time with future effect. You also have the right to request that the processing of your personal data be restricted in certain circumstances. You are also entitled to file a complaint with the responsible supervisory authority.
Please do not hesitate to contact us at any time about any of the above or if you have any further questions about data protection.
Analytics and third party tools
When visiting this website, we may statistically analyse your browsing behaviour. This is done primarily using so-called web analytics programs.
The contents of our website are hosted by the following provider:
The provider is Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany (hereinafter referred to as “Mittwald”).
The use of Mittwald is based on Art. 6(1)(f) GDPR as we have a legitimate interest in ensuring that our website is hosted as reliably as possible. If you have consented to this, data will be processed exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TTDSG (German Telecommunications-Telemedia Data Protection Act), provided your consent covered the storage of cookies or access to information stored on the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
3. General and mandatory information
Please note that transmitting data over the Internet (e.g. when communicating by e-mail) may not always be totally secure. Hence, we cannot completely rule out unlawful processing by third parties.
Information about the responsible controller
The controller responsible for data processing on this website is:
kalwar CFT FUSIONSTECHNIK GmbH
CEO: Georg Kalwar
kalwar CIV INNOSERV GmbH & Co. KG
Personally liable partner:
kalwar CIV Verwaltungs-GmbH
CEO: Markus Kalwar
Registered offices and contact details for the companies:
Gartnischer Weg 131
Phone: +49 5201 859-0
The responsible controller is the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.).
General information on the legal basis for data processing on this website
Data protection officer
We have appointed a data protection officer.
Phone: +49 5201 859-0
Recipients of personal data
As part of our business activities, we work with various external parties. In some instances, we also need to transmit personal data to these external parties. We only pass on personal data to external parties where necessary to perform a contract, if we are legally obliged to do so (e.g. passing on data to tax authorities), if we have a legitimate interest in doing so in accordance with Art. 6(1)(f) GDPR or if another legal basispermits us to do so. When using order processors, we only pass on our customers' personal data to such processors subject to the presence of a valid order processing contract. In the event that orders are processed by more than one party, we will enter into a joint processing agreement.
Revoking your consent to data processing
Many data processing operations can only be performed with your express consent. You can revoke any consent you have already given at any time. The lawfulness of the data processing performed up until you revoke your consent will not be affected by this revocation.
Right to object to the collection of your data in certain cases and to direct advertising (Art. 21 GDPR)
If your personal data is being processed for direct advertising purposes, you have the right to object to the processing of your personal data for the purpose of such advertising; this also applies to profiling if related to this kind of direct advertising. If you object, your personal data will subsequently no longer be used for direct advertising purposes (objection in accordance with Art. 21 (2) GDPR).
Right to lodge a complaint with the responsible supervisory authority
In the event of violations of the GDPR, those affected have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.
Right to data portability
You have the right to be handed the personal data that we are automatically processing on the basis of your consent or for the performance of a contract or to have this data transmitted to a third party in a conventional, machine-readable format. If you request this data to be transmitted directly to another controller, this request will only be granted where technically feasible.
Information, correction and deletion
Within the framework of the applicable legal regulations, you have the right to receive information about the personal data stored about you, its origin, recipients and the purpose of the data processing and, if relevant, a right to demand the correction or deletion of this data at any time and free of charge. Please do not hesitate to contact us at any time if you have any further questions about data protection.
Right to restriction of processing
You have the right to request that the processing of your personal data be restricted. You can do so at any time by contacting us. You may exercise your right to restriction of processing where the following applies:
- If you are disputing the accuracy of the personal data we have stored, we generally need some time to verify your claim. While we are doing so, you have the right to demand that we restrict the processing of your personnel data.
- If the processing of your personal data is/was unlawful, you have the right to object to its erasure and instead request the processing to be restricted.
- If we no longer need your personal data, but you need it for the establishment, exercise or defence of legal claims, you have the right to object to its erasure and instead request for the processing to be restricted.
- If you have objected to processing pursuant to Article 21(1) GDPR, it will be necessary to verify whether our interests override yours. While this is being established, you have the right to demand that we restrict the processing of your personnel data.
If you have restricted the processing of your personal data, this data – with the exception of its storage – may only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
SSL and TLS encryption
This website uses SSL and TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the website operator. You can recognize an encrypted connection by the fact that the browser address line changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by any third parties.
Objecting to advertising e-mails
We hereby object to the use of the contact details published within the scope of our obligation to provide legal information to send advertising and information material that has not been explicitly requested. The operators of this website explicitly reserve the right to take legal steps in the event of the sending of unsolicited advertising information, such as spam e-mails.
4. Data collection on this website
Cookies can be generated by our website (first-party cookies) or third-party companies (third-party cookies). Third-party cookies make it possible to integrate certain third-party services into a website (e.g. cookies for processing payment services).
Cookies have a number of purposes. A lot of cookies are used for technical reasons and are essential for ensuring that all features of a website work properly (e.g. shopping baskets or videos). There are also cookies that are used to analyse user behaviour or for advertising purposes.
Cookies that are necessary for electronic communication processes, for providing certain features that visitors wish to use (e.g. shopping basket) or for optimising the website (e.g. visitor counter cookies) (necessary cookies) are used on the basis of Art. 6(1)(f) GDPR, unless another legal basis has been specified. The website operator has a legitimate interest in using necessary cookies to ensure that its services operate smoothly and can be provided properly. If you have consented to the storage of cookies and comparable recognition technologies, the processing is carried out exclusively on the basis of this consent (Art. 6(1)(a) GDPR and Section 25(1) TTDSG); this consent can be revoked at any time.
You can configure your browser in such a way that you will be notified of any cookies, to allow cookies only in certain cases, to exclude the acceptance of cookies in certain cases or in general, and to activate the automatic deletion of cookies when you close the browser. Deactivating cookies may impact the performance and the features you will be able to access on this website.
Server log files
The provider of this website automatically collects and stores information in server log files, which your browser automatically transmits to us. This information is:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of server request
- IP address
This data will not be merged with other data sources.
This data is collected on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in ensuring the proper presentation and optimisation of the website – which requires recording data in server log files.
E-mail, telephone and fax enquiries
If you contact us by e-mail, telephone or fax, we will store and process your enquiry, including all associated personal data (name, enquiry) for the purpose of processing your request. We will not pass on this data without your consent.
This data will be processed on the basis of Art. 6(1)(b) GDPR, provided that your enquiry is related to the performance of a contract or is necessary to carry out any pre-contractual measures. In all other cases, the processing is based on our legitimate interest in processing the enquiries addressed to us in an effective manner (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), provided this was given. This consent can be revoked at any time.
We will store any data sent to us via contact requests until you ask us to delete it, revoke your consent to its storage or until the purpose for storing it no longer applies (e.g. once your enquiry has been processed). This does not affect any statutory legal provisions – in particular those pertaining to statutory retention periods.
5. Analytics tools and advertising
This website uses the web analytics suite Piwik Pro. Piwik Pro uses technologies that make it possible to track users across multiple websites to analyse user behaviour (e.g. cookies or device fingerprinting). The information collected by Piwik Pro about the use of this website is stored on our server. Users' IP addresses are always anonymised before storage.
Piwik Pro enables us to collect and analyse data about the use of our website by visitors to the site. Amongst other things, this allows us to find out about the timing of page views and about the locations from which our website is accessed. We also use it to collect various log files (e.g. IP address, referrer, browsers and operating systems) and to track whether our website visitors carry out certain actions (e.g. clicks, purchases, etc.).
The use of this analytics tool is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and advertising. If you have consented to this, data will be processed exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TTDSG (German Telecommunications-Telemedia Data Protection Act), provided your consent covered the storage of cookies or access to information stored on the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
Piwik Pro anonymises all IP addresses when analysing data. This means that your IP address will be shortened before analysis so that it can no longer be clearly linked to you.
We host Piwik Pro with the following third-party provider:
We have entered into a contract for commissioned data processing (AVV) with the above service provider. This is a contract required under data protection law that ensures that this service provider will only process the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.
6. Plugins and Tools
YouTube with advanced data protection
This website uses videos hosted by YouTube. YouTube is a website operated by Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
We use YouTube with advanced data protection mode. According to YouTube, this mode means that YouTube will not store any information about visitors to this website before they view a video. However, advanced data protection mode does not necessarily prevent data from being transmitted to any YouTube partners. This is because YouTube will automatically establish a connection with the Google Marketing network regardless of whether you watch a video.
As soon as you start watching a YouTube video, YouTube will actively start collecting data from our website. This data will include information about which pages of our website you visited. If you are logged into your YouTube account, you will also enable YouTube to directly link your browsing behaviour to your personal profile. This can be prevented by logging out of your YouTube account.
YouTube will also be able to store various cookies on your device or use comparable recognition technologies (e.g. device fingerprinting) once you start watching a video. This is how YouTube is able to collect information about visitors to this website. Amongst others, it will use this information for statistical analyses for its videos, to improve user-friendliness and prevent fraud.
In some cases, starting a YouTube video may trigger other data processing operations over which we have no influence.
We use YouTube in the interests of enhancing the appeal of our online presence. This represents a legitimate interest in terms of Art. 6(1)(f) GDPR. If you have consented to this, data will be processed exclusively on the basis of Art. 6(1)(a) GDPR and Section 25(1) TTDSG (German Telecommunications-Telemedia Data Protection Act), provided your consent covered the storage of cookies or access to information stored on the user's end device (e.g. device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.
YouTube is certified as compliant with the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards when data is processed in the USA. Every DPF certified company undertakes to comply with these data protection standards. For more information on the DPF, please visit: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
7. Data collected and processed by us
Job applicant data
Visitors to our website are given the opportunity to apply for a job with us (e.g. by e-mail, post or using our online application form). The following section contains information about the scope, purpose and how we use the personal data we collect as part of this application process. All of our data processing operations, from collecting, processing and use, comply with the relevant data protection regulations as well as all other relevant legal regulations, and we treat all data provided as strictly confidential.
Scope and purpose of collecting data
When you send us an application, we process the associated personal data (e.g. contact and communication details, application documents, notes made during interviews, etc.) only to the extent required to make a decision about entering into an employment relationship with you. The legal basis for collecting and processing this data is Section 26 BDSG (German Federal Data Protection Act) in accordance with German law (initiation of an employment relationship), Art. 6(1)(b) GDPR (general pre-contractual situations) and – provided you have given your consent – Art. 6(1)(a) DSGVO. This consent can be revoked at any time. Your personal data will only be shared with people within our company who are involved in processing your application.
Should your application be successful, the data you provided will be stored in our data processing systems for the purpose of performing an employment contract on the basis of Section 26 BDSG and Art. 6(1)(b) GDPR.
Duration of data storage
If we do not offer you a job, you reject a job offer or withdraw your application, we reserve the right to store the data you provided on the basis of our legitimate interest (Art. 6(1)(f) GDPR) for up to 6 months following the completion of the application process (rejection or withdrawal of application). On expiry of this period, the data will be deleted and the physical application documents destroyed. We keep the data for this period primarily as potential evidence in the event of a legal dispute. Should it transpire that we need the data following the expiry of the 6-month period (e.g. because of a risk of or a pending legal dispute), it will only be deleted once the reason for its continued storage no longer applies.
The data may also be retained for a longer period of time if you have consented to this (Art. 6(1)(a) GDPR) or if required by law.
Inclusion in our applicant pool
If we have not offered you a job, we may offer to add you to our applicant pool. If so, all of the documents and information from your application will be added to your file in the applicant pool to allow us to contact you should we have a suitable opening.
Inclusion in the applicant pool will be based exclusively on your express consent (Art. 6(1)(a) GDPR). Consenting to being included in the applicant pool is voluntary and will not affect any current job application process. This consent can furthermore be withdrawn at any time. In this event, the data will be irrevocably deleted from the applicant pool unless not permitted by law.
The data in the applicant pool will be irrevocably deleted at the latest two years after consenting to their storage.